last executing test programs:

7m18.169583504s ago: executing program 1 (id=207):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000ec0)={@local, @empty, @val={@val={0x88a8, 0x0, 0x1, 0x2}, {0x8100, 0x4, 0x0, 0x2}}, {@x25={0x805, {0x0, 0x0, 0xf1}}}}, 0x0)

7m15.315512886s ago: executing program 1 (id=212):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x54, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r4, 0xffffffffffffffff, 0x0)

7m8.711441389s ago: executing program 1 (id=223):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000001380))
r0 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff)

7m8.318735098s ago: executing program 1 (id=226):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=@ipv6_newrule={0x38, 0x20, 0x1, 0x70bd2d, 0x25dfdbfc, {0xa, 0x0, 0x80, 0x0, 0x9, 0x0, 0x0, 0x3, 0x2001d}, [@FRA_SRC={0x14, 0x2, @private2}, @FIB_RULE_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x1d}]}, 0x38}}, 0x480d0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000a00)=ANY=[@ANYBLOB="5c0000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000003c0012800b000100697036746e6c00002c00028014000300200100000000faffffffffffffff000114000200fc02"], 0x5c}, 0x1, 0x0, 0x0, 0x50}, 0x0)
dup(r0)

7m8.047021783s ago: executing program 1 (id=228):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_CONTEXT(r5, 0x84, 0x11, &(0x7f0000000200)={0x0, 0x3d}, &(0x7f0000000100)=0x8)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a48000000060a010400000000000000000a0000010900010073797a31000000001c0004801800018008000100666962000c00028008000240240000030900020073797a32"], 0x70}, 0x1, 0x0, 0x0, 0x4000854}, 0x20000040)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r8, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010026bd70000400000005000000080009000200000008000c000300000008000b000000000006000100"], 0x40}}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0xb)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000000000000000000000000800000000000adb98ed92e45c609b9f7f3a9d0000000", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a32000000009c000000060a010400000000000000000100000008000b400000000068000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020094000000300001800c0001006269747769736500200002800800034000000004080002400000001208000140f7ffff0b040007800900010073797a30"], 0x110}}, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/time\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)

7m6.005020141s ago: executing program 1 (id=231):
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xffff, 0x20000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x7b53a000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(0xffffffffffffffff, 0x0, 0x1)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000300), r7)
sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)=ANY=[@ANYRES8=r6, @ANYRESDEC=r3, @ANYRESOCT=r7], 0xec}, 0x1, 0x0, 0x0, 0x4000}, 0x80)
lchown(0x0, 0x0, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_default\x00', &(0x7f0000000540)={{}, {0x1, 0x6}, [{0x2, 0x6}], {}, [{0x8, 0x3}], {0x10, 0x3}}, 0x34, 0x3)
getresuid(&(0x7f0000000840), &(0x7f0000000880), &(0x7f00000008c0))
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
r9 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x82000, 0x0)
sendmmsg$unix(r2, &(0x7f000000dc80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@cred={{0x1c, 0x1, 0x2, {r0, 0x0, 0xee00}}}, @rights={{0x28, 0x1, 0x1, [r1, r1, r2, r9, r1, r2]}}], 0x48, 0x4004}}], 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
r10 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)
renameat2(r10, &(0x7f0000000000)='./file5\x00', r10, &(0x7f00000008c0)='./file5\x00', 0x2)
ioctl$FS_IOC_MEASURE_VERITY(r9, 0xc0046686, &(0x7f00000000c0)={0x7a70fb33240538e6, 0xc2, "1b01b3c076d9340ec1d09e998ff451f91d16ae2e35b70be55262c2e91ae2ddb7ca93b705bb8fb205293a7d87624d62209e1ebd01f65c4dce0ff75ed3dc1c176a154a3f4f0e09c2a483ee9c90292af669bacd87c2b4e74adc396b74241099f84d6555711324bfd7ce1f804f9638211e31564883f75db654921a190efe82a021774c323b1ab709ecef654199f2624aec96c10c3078c1a7deafa88151a96e0b7f4b5117dce74cc36687a96c413b9379415d6016272765e4be44d9a87d7255dc06a8d562"})

6m50.494751322s ago: executing program 32 (id=231):
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xffff, 0x20000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x7b53a000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(0xffffffffffffffff, 0x0, 0x1)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000300), r7)
sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)=ANY=[@ANYRES8=r6, @ANYRESDEC=r3, @ANYRESOCT=r7], 0xec}, 0x1, 0x0, 0x0, 0x4000}, 0x80)
lchown(0x0, 0x0, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f00000000c0)='system.posix_acl_default\x00', &(0x7f0000000540)={{}, {0x1, 0x6}, [{0x2, 0x6}], {}, [{0x8, 0x3}], {0x10, 0x3}}, 0x34, 0x3)
getresuid(&(0x7f0000000840), &(0x7f0000000880), &(0x7f00000008c0))
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
r9 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x82000, 0x0)
sendmmsg$unix(r2, &(0x7f000000dc80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@cred={{0x1c, 0x1, 0x2, {r0, 0x0, 0xee00}}}, @rights={{0x28, 0x1, 0x1, [r1, r1, r2, r9, r1, r2]}}], 0x48, 0x4004}}], 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
r10 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)
renameat2(r10, &(0x7f0000000000)='./file5\x00', r10, &(0x7f00000008c0)='./file5\x00', 0x2)
ioctl$FS_IOC_MEASURE_VERITY(r9, 0xc0046686, &(0x7f00000000c0)={0x7a70fb33240538e6, 0xc2, "1b01b3c076d9340ec1d09e998ff451f91d16ae2e35b70be55262c2e91ae2ddb7ca93b705bb8fb205293a7d87624d62209e1ebd01f65c4dce0ff75ed3dc1c176a154a3f4f0e09c2a483ee9c90292af669bacd87c2b4e74adc396b74241099f84d6555711324bfd7ce1f804f9638211e31564883f75db654921a190efe82a021774c323b1ab709ecef654199f2624aec96c10c3078c1a7deafa88151a96e0b7f4b5117dce74cc36687a96c413b9379415d6016272765e4be44d9a87d7255dc06a8d562"})

4m16.967698262s ago: executing program 3 (id=627):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='smaps_rollup\x00')
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_emit_ethernet(0x66, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb8000", 0x30, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @mcast2, {[], @time_exceed={0x4, 0x1, 0x0, 0x9, '\x00', {0x0, 0x6, "2eed63", 0x800, 0x3a, 0xff, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}}}}}}}}, 0x0)
recvmmsg(r2, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}, 0xc43a}], 0x1, 0x40010000, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r3, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
select(0x2a, 0x0, 0x0, &(0x7f0000000400)={0xfefdffffffffffff, 0x1, 0x2, 0x300}, &(0x7f0000000440)={0x0, 0x2710})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[0x0, 0x0, <r5=>0x0], &(0x7f0000000040), 0x3, r4, 0xcccccccc})
move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f0000000440)=[r4], &(0x7f0000000200), &(0x7f00000000c0)=[r5], &(0x7f0000000040), 0x0, 0x300})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x20040084)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {0xfff1}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x200400dc}, 0x0)
r10 = socket$unix(0x1, 0x2, 0x0)
r11 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
setsockopt$bt_BT_RCVMTU(r11, 0x112, 0xd, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
r13 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r13, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r12, {0x3, 0xd}, {}, {0x3, 0xfff1}}}, 0x24}}, 0x4040004)
pread64(r0, &(0x7f0000000200)=""/178, 0xb2, 0x4)

4m16.454478906s ago: executing program 3 (id=631):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
accept4(r0, 0x0, 0x0, 0x80000) (fail_nth: 3)

4m14.194463662s ago: executing program 3 (id=633):
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000060000008000010005"], 0x50)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_clone(0x80000000, &(0x7f0000000800)="27fb8e0f0c49ac4dd6a5f9815d9c97741dc7a5fb0e57b60e192f34158ed4ce6a86f90b83856a55f78f30945908cc58b1a532fb756820a0c7f1481c2e0447f262a81e9ca06c5c7ca727f1f8d2ff7eb345162c5696dbd18eb288765c048e43385173014bc448282754fa7aa191156890b8a3acfcf9af4960bf249008f83075e19a6ab892e358723cb7b22c226864851580ceac871c166e97dfaa894897e23d765297e18ce6dfc7a7825350997594db2ecaedbb365184086c8adc4431dc49cf5470f9083634b3f1ae9fa3b1dce21e0f8549168516ce7ed2e3d013f73e4561b9d7eff56ce2a108fd1cd25c12e292dda80f0b327b961da8bdf2d5eae19d317b3f8ba1832c5395b6946632728922b27b3a6c810564f546f508dd4181773883a6d8a69113f0ea7953e2ad939213267e396213dd6d6c6430e5ac739a973cbbeb200a742849363228656fac0585acc9ce98d64965f324f08f84c6a9908d170c63898f794864965a805c6d4a8610dde38f812335230d109fad09c69555ef5a7e9aa4e4f80d89f2754b4416fd80cf09e244b5ab335c864fb2ece8483478e008386a422ae61c8e20d8e2c74b3457fa62a378de020316e76a06e4e644158ced06d0351b52e498911ab0b4efd3672c3b8986ab18f277abf5cb9be368dc93a938e91ef6f587e78a9601197307feae188113cf4cd953f50ac7e9b9b6a0a355307f6afac338200fa6ff909822415fecd8f391890cc6a16f17c4bdbc9c682c2afb013deec83289776f8366a5e349cfe15b67eeeb2ea9c230ae5424b9c03d491f3e8afaf5674365673973713efd3501e1e497dadab753f2ba33619478c0db7f3c2721dea4ae05b44770618134fcd930147f3586996a0020049710099268d7137b64b645f372634f8ebb1c199424175ebd248584b48766fd959e408467de6ce4deeec8ec38e78ca70ddb7a22ef1f4865f05b6ad8da37e8f56ffd49e4b6b4b455febcce566731bb17547717332e4e0c0e980f068e97e59dab0b88458e135ffd50928bbd4482b721f98de26487aef456a49345d65a51837b0a08b5371e1e2fe19ede58a2c9abb2894fa58cec53cf997d4826a98119e08e9f67eafd6236e21c2baeeac91c256ed3dc1a11691ffbf16f8d17cbcdadde200cd7b7d38ef4993524b62ca0f452a6344ce781b1261b36c6c1be5a1b7c516c8dd31052719ab5098fe7bb27d6ccc6350c56f7df933e5fb5292f5442b1afb1449120e872364cd557c72a04b67195f66e0a3f42a6b21787fa83e64b85a70d77dcc42cd4772dfb2881497ad18bf85561416fd491da25dfd472adcd4e18ea649b91bad1bed50d01006bb273e6f1f57d73773c64c7623dd494a3651321ffdb0e9ab1e5e855f03b6188b7e03815a163876a85283cca96b9957abad95875fbd06195a0883862555613311773973d8b1c744e0ec493ad622796d60f01e57b15f6d8bb45428ab58d668cf7f338b6dd92d413af514efbe184ff7c1712ead2f092da2552a3d187c654c60634bbdf594b20c004b7cbd41594be426a8f0d0c3c226545220822f20da0dc8b790fd5ec6765138b9be74b30c5f31ff9712b4e2cd047a800ca5e4f41d3f766f658fb1c51925b7e3db2ec9f0cc3aa60e1b9b37b3b10fae512d984e29cb4017355063c40bac12f6bc431086c4307923bb1a06d677f7f7bb36f902f3bf8c3c74c0d87744d32884c8a3f0b42403fc08505466f8334678ca4fa712b040ce13d84cbf94dde260c3c269d6392548d234938e4ac587a1ddcf796d2c6e90c1e0c8f396034f91ae198453c53ea994ecd8815e07030d0362037bcfc2de6864d2946ad891d5f717b8cc3b63b79d2c42f2277fea109057dbf264145c476a1daa24737eca7ec0c440b2a71e723831d986ad55af38053362a8ee2af36fddf66975e094f4f209c747988ae3deedb01bde7ebb3d57c5c456878cddf6e69af8bbd0cb4c7d9d02dde1d5ba70d6a577e31711cf0cc231eee09cf1653ec8bdfa9274cea910dabe37b7eeed552e89ff23d9bda657fb82f8335b399703c0302781b4be7169d953f545a04d666aafc4f3ba6527f35c53b91f0a25b8a6d3d9e7c87cbfd39f14fd3612732bb511cc64b5e6c42159067990f4b24e336e38047610d58c2ceaadb6e18baf8c065dfd5d9c497ad828f28272a7bf39e695f40086bc7afe65e26b8852a089e46ebed72313ce9941daef2ab59fd898d0d0fc7f1f415e0a0e5b517886c76150acdefdd6b8e359f5e57e728fe0c60cb830182608286ffe482e7e3f4e4b238f30dbd48d66767420179ecc11a53b4a6239dfdb248334a898a93b803d1d9782d2e3e8a0ac2d25f6b05964bfc849f6d5e03c2ba542c5b346e91e05be95957c3bfc153e972b41004d23246d7006a2b03b6652240a2bde87ee35f25c25783bde28872c6cf5fc12ca946286a678ca7e7cf61ce5b3274537601b4d6cd96e3a71ddd85070f895699b385898e31d80608b026905c970b8714750497025b585255ee154935c44d97383d20c102223dc387ffb347b21f4d3371054c3d59431360f21f5763233fbaeb77e6b4569e50fb719e32fac669c9244b325df565a37538181f1eaf66dfc612d90915cf1b211dc68219a9dcf99a5f42b19b35e5ab1197f52aad110a2a6d5abd61b65a9c68972abf3bcd8d3380c008ed2e79a79d8879be761aa8a0a0ddecd1261a12b9afd74c40ce32d696099ba42ce0940f409285ad4b5bc29e5f41b495ef69a76071665fe07903de07f1c1991ab4d43ca8df9ee6816844b766028a0d05b543dc1637712c204d00c3156aa9965def2215c83af989b4921af24ab49b963b9e881091af1d0f1f2e4bc854c30daaa925fd9226af0772156edaff52f341333c3f128976eac7ed37f499f32cba6ece78b9f90031a97924c37b3e88ab9d9d48870679510ad8b0498c94ea66e027e593f414e11575e42352d2251bf9aa8f82ce2791fce09d4e2341c40fb74ea887b8bfb103aa49bd895d312879e0942df417f4b49220a891710eaa43be1a8452d53c861e0bc41ca2bfc664177e88e6f352b73c1f07f3dba0aae3861d966d68c5029e2a6afae1ed0c06ce907731f6e5ba420c1fa5721bbdff9d7532e4053384c0aabf0d389772ca2ae7704be2c75cf7c3ba2ab5a6d7fcaba31021a0606e2a5e0a1ba8adaa02678b1061c0fbbfd951d19d8d97d7d4e8f9e5e728a6ff20008f9f91b7129f58f6f3b56bc51eafef7a18a51f1883cefe9297b1a22b8139b8ed6e452a56a9a7557de2d072f4cd2712fa4b1cb00f43e1944819bb2cdbefa28e2a08e5707afe6ba4b97acdc80c8c861622789183beadeca37d6a7ac9fb6eb284ab2b24aad020de6632191055a2e6259d1d610d3dbed1ee83ff9ae386de4b5f53653d6794e03cc91301c692addeae68ed561f0ca4aa3860c5d9f73b03561564b512ef2719ee18210544522638960f87fb56ae8c8774687df17dd4ea02db21f0ae3eb40f8f963ca67ee823b7f2e54986c9d92fe195cad52c67f5f92924c6500875a1032984f63bebbd9306755341999a5ed788d2ffabf8947fd01d7945c0390c3c8e0c2768a7283c03b57c09257aae544a7bc22dfed36ca88ec29d5326d224fe29f3581f96e1b19e83d2cf4090401203a2fda4d547b463af5c9959f907e420ee7412bd60875aa5a0d0b75de1f52564a435a91d52990b103a0a2cca0b7de51bacb562eacd5590685612a010912ad06d83215faa7e17ec035d1e78bc8ffa1d8f1d1a36108ec8ac8c49a77dffcc8d00020edb92eee8053129c3cf8d53d06a5d273afdd7bcff33893e2d74a7ef6c2027a9e88ad00c9ab69bbd40b20124ef745bd7d497b3a557133f341a819bc691745f0c49698ed3e104a68bf0389e91b428018f8c45e35d81b6d251f3382b129be8ea2b6787fe88f77c3c325af2b16ea71f37c7b730cb404dd49ed5638f60be297f1350b13e3274c66a74c6ceae1f727ba79bad92597dff82d7bee0a440018cc83b971d06c685eb1bdac1965876807d7251b2e07271cd5baef0f0620db2c4246a5ac7e0e0c8c6e45bee1f317a89c99c450a9c2584a4c448af0aacab6930fde136d09b950b26cd080ae6d85f66e9aa52b2bdac0a26708fa4d4d4c19359da00492f84c845a1176653c19d0b8d2191c0392ca77da29138e4775e63049dcd7d4a5b1bdcf7e43e5c756840bde176e1abdf22b8688ed92d93b5f5b66ad7792373cc127a915a8175f1f9c0e215e42db8191c7f4c6fbfbf60aea6f668c241709ff2fe303f92d6697ce364f0022cee3216cd306715f2fe4fe07a7725a1e5955d389e44d7a73d2fbec30ddf58c7c23c1cc7e1634bc105a103fef0f341035da61b45b7d2d66561f021776c895f954daceb489a392ab08e8ba092a8c9af701215ac54ec7cf5d1b4eb4c3f49fa9f5b59e985e2decf3d692a94d41c6fd4ee4c02175b353005d2c1c0b9f06f0066f1468277543a2bce510808f59abeff7fec9fec9877e339b8eae2f3cfb0ad231565ec893770f0f234f95014a4b6bab4d5c7da1b43ac5dd8efa22f520c21d83a5637116a743ea8fa4855d800f8a39aa14743bdd126388881bb714c89d512fa8c3e340ca26e34979c305b0c9821789cab0287898ea22ed43519e80c4c72ce9bf29c8ffb99ec053f2d45cf9b9dba116754a063238b6a1ca7bdbc9d873c9be7d9b18611dc3ca2d5103ac3344c0315035576b2366c06f6579d63a7f5c02011ea6d8dc3d546aae99754e44887fe67f07c675bca0b15689ea02473acd5139bbaf3279131c12bac446f9e065a2315087ba27c0b894874f92f4d14429cf8bd7d7b45134ee39b58c1c9e60a54a281795d6d4c4aed00e9c905631b943bb7968c9f25fc6044ea9bc66083f0ed63b72b3c95d442227a7fc355ddec4522b4179e5418f4857f809830b6fa4dbe35277434accb7791c59c820541be15de6ea5db7e26749604ca67a9512996318c2132d36e2ef993fc838a311208cd35c70e98e55fe0d4ddc29002ffc425941cc3c0956e469089ef03077f6afaf3ff37ba82898860ac9281f86eddbce02105014bc786e075051516c97b8fa63c7bb3b6c648dc4c3dc6a6848af54e37954b5133af70b9e2f3657fe0729914832c97871a888952148719d5d06d5fcb4bcc37049ab56e54dbc2c711ea9b6e9eb6d2a6c0097d0ee3dd026145c63fb05b63510ab016f62e788e5dfd5e8179350690e7f9ffdc0e9edc2a08e26a7ee4b8d34c953676f0acb6ce6568251840b8a42af35aaddc0cd7dc695988df27e1148c1c19db1d3f62ce23f2f180c9e8ec10f4546fe533cd5582ee3af936f466bce7912c8ec988b8134f093df7e3871b0e54034a54483ec20e14c6d91db661fda9402098ef1e9c403e25b942913674848b977665c9dae06840799bb0379e999caac83d5db67c65683ddfb4cadf6161a4361c99b5207ab1473d89cd82f72dfedb281156b9c3b2dfe9e84e62793858d6e71f2136f7d6c024ed7f08e48aa2ee40d74d7b6536a47ec5848d5ab5cf22af24d4e638c1ff2f6f58a22041732af162ff63f9c44cf4af930f499619b7d118290577491cb56292cf570108b359d56d4e7e0f48ee07f9dbd791e29731f2e763296fd3e6e53f82de62fdd517142063a37803df0b6749d5eb1e06f24babdd378d6f905bca5e1f15648dd54d8c7711c0ebaefe452eff5fd8efc7a7fdb460d691bc739362b206d5921557ceecd4a78ac1d38483ac176f99ede61ba8c1b2fb787d04594b363fcbbaa05c45fb888561d9d0e1e64e680a0a180f967fd42d2675a010e5e469102e7064c062f83a7a46ac858f4905d5f7a800", 0x1000, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000340)="074a11e3d45fbca0f0252692d7ab9c87cccc8014b1f7e648d9182db3aaaf2335bbfb5540b1409d53d0327830da54fbcf31977efd3e0fe43d2fce42a6cd55157ee050")
ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f00000003c0)=r1)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r2, r2, 0x0, 0x200000)
read$FUSE(r0, &(0x7f00000022c0)={0x2020}, 0x2020)
r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341)
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f00000000c0)={0x80, 0x6, 0x300, 0xfffe, 0x0, 0xfffffff9, 0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000003e00290200000000fcdbdf250a000000ae2ccf88180f18eaa76008b26788a8281d72ca931dd801ded0a93b26ae9bab3e3a8bc97f1a7746040c4286d82ec39ff03ff3a3080000000000000013c094007b51287e3c58f364cbe0b2f0b578a139f096035c8e889e1a6016dcc065551e4972683db646d245131bcfd7fa6d7a18ebf7070000000000000012c42456b098c3772eeee12051"], 0x14}}, 0x8000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioprio_get$pid(0x2, 0x0)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)

4m11.433000373s ago: executing program 3 (id=636):
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0xd, 0x0, 0x5, 0xffffffff, 0xfffffffd})
r0 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newqdisc={0x48, 0x14, 0xf0b, 0x70bd26, 0x0, {0x2, 0x0, 0x0, 0x0, {0x7, 0xc}, {0x9, 0xffe0}, {0x4, 0xa}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd4, 0x3, 0x200, 0xc, 0x1, 0x40000002, 0x81}}, {0x4}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x10000000}, 0x0)

4m10.810488491s ago: executing program 3 (id=639):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x121)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0xfffffffffffffff7]}, 0x8, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000140), 0x84, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000100)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, &(0x7f0000000180)=[0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x48, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0xec, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000440)={r3}, 0x4)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000000c0)=0x5)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r4 = getpgrp(0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000032680)=""/102392, 0x18ff8)
r8 = open(&(0x7f0000000140)='./file1\x00', 0x145142, 0x0)
r9 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r9, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r9, 0x80047437, 0x0)
ftruncate(r8, 0x2007ffa)
sendfile(r9, r8, 0x0, 0x7ffff000)

4m4.747236286s ago: executing program 3 (id=645):
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
creat(&(0x7f00000000c0)='./file0\x00', 0x2)
pipe2$9p(&(0x7f0000003500)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x2200055, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESHEX=r1, @ANYBLOB="2c63616368653d7265616461686561642c736d61636b66736465663d7472e16e733d"])
syz_usb_connect(0x5, 0x56, &(0x7f0000000680)={{0x12, 0x1, 0x250, 0x36, 0x39, 0xc9, 0x8, 0x6cd, 0x115, 0x933f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x6, 0x8f, 0x60, 0x5, [{{0x9, 0x4, 0x56, 0x5, 0x4, 0x2, 0x1b, 0x6e, 0x3f, [], [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x93, 0x6, 0xff}}, {{0x9, 0x5, 0x1a, 0x0, 0x1f7, 0x7, 0x3, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x4, 0x836}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x1}]}}, {{0x9, 0x5, 0xe, 0xc, 0x230, 0xdb, 0x8}}, {{0x9, 0x5, 0x9, 0x2, 0x3ff, 0x3, 0x3c, 0x3b}}]}}]}}]}}, &(0x7f00000005c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0x55, 0x8, 0x3, 0x20, 0x3}, 0x43, 0x0, 0x6, [{0x0, 0x0}, {0x0, 0x0}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x40f}}, {0x25, &(0x7f0000000480)=ANY=[@ANYBLOB="250372358c8398e5cd63d601da5abab1dea9a7efc93883bf65993a57d0d6f09081036b"]}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x406}}, {0xb7, &(0x7f0000000500)=ANY=[@ANYBLOB="b70350c7da183b186577cc319f6176621928f541483746d4d5a85ab8790393659fa1fb3ead94753ba643ab6d6d0bdf5fd6772dd0091de37e222e67db212defe651e197b0cd7c1a5e4bcadb11bcbce1810da570729d15216da71d146c8da7fadf529920178723cde34e33"]}]})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[], 0x60}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
writev(r3, &(0x7f0000000640)=[{0x0}, {&(0x7f0000000000)="414ded3762b024cbec8509a7d1786bab402c37ab73072b19b0b3cfc64af4bc838d440a6fdef1010aec6eda1575723208382d60", 0x33}], 0x2)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r5 = open$dir(&(0x7f00000002c0)='./file0\x00', 0x181040, 0x102)
openat(r5, &(0x7f0000000400)='./file0\x00', 0x206041, 0x15)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x20, 0x1402, 0x1, 0x70bd2e, 0x25dfdc01, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0xfffffffffffffd54}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x40810)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_CONFIG(r7, &(0x7f00000196c0)={0x0, 0x0, &(0x7f0000019680)={&(0x7f0000019640)={0x14, r8, 0x1, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x40)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r9, &(0x7f0000000380)={0xa, 0x2, 0x9, @private0={0xfc, 0x0, '\x00', 0x9}}, 0x1c)

3m49.440444022s ago: executing program 33 (id=645):
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
creat(&(0x7f00000000c0)='./file0\x00', 0x2)
pipe2$9p(&(0x7f0000003500)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x2200055, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESHEX=r1, @ANYBLOB="2c63616368653d7265616461686561642c736d61636b66736465663d7472e16e733d"])
syz_usb_connect(0x5, 0x56, &(0x7f0000000680)={{0x12, 0x1, 0x250, 0x36, 0x39, 0xc9, 0x8, 0x6cd, 0x115, 0x933f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x6, 0x8f, 0x60, 0x5, [{{0x9, 0x4, 0x56, 0x5, 0x4, 0x2, 0x1b, 0x6e, 0x3f, [], [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x93, 0x6, 0xff}}, {{0x9, 0x5, 0x1a, 0x0, 0x1f7, 0x7, 0x3, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x4, 0x836}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x1}]}}, {{0x9, 0x5, 0xe, 0xc, 0x230, 0xdb, 0x8}}, {{0x9, 0x5, 0x9, 0x2, 0x3ff, 0x3, 0x3c, 0x3b}}]}}]}}]}}, &(0x7f00000005c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0x55, 0x8, 0x3, 0x20, 0x3}, 0x43, 0x0, 0x6, [{0x0, 0x0}, {0x0, 0x0}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x40f}}, {0x25, &(0x7f0000000480)=ANY=[@ANYBLOB="250372358c8398e5cd63d601da5abab1dea9a7efc93883bf65993a57d0d6f09081036b"]}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x406}}, {0xb7, &(0x7f0000000500)=ANY=[@ANYBLOB="b70350c7da183b186577cc319f6176621928f541483746d4d5a85ab8790393659fa1fb3ead94753ba643ab6d6d0bdf5fd6772dd0091de37e222e67db212defe651e197b0cd7c1a5e4bcadb11bcbce1810da570729d15216da71d146c8da7fadf529920178723cde34e33"]}]})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[], 0x60}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
writev(r3, &(0x7f0000000640)=[{0x0}, {&(0x7f0000000000)="414ded3762b024cbec8509a7d1786bab402c37ab73072b19b0b3cfc64af4bc838d440a6fdef1010aec6eda1575723208382d60", 0x33}], 0x2)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r5 = open$dir(&(0x7f00000002c0)='./file0\x00', 0x181040, 0x102)
openat(r5, &(0x7f0000000400)='./file0\x00', 0x206041, 0x15)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x20, 0x1402, 0x1, 0x70bd2e, 0x25dfdc01, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0xfffffffffffffd54}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x40810)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_GET_CONFIG(r7, &(0x7f00000196c0)={0x0, 0x0, &(0x7f0000019680)={&(0x7f0000019640)={0x14, r8, 0x1, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x40)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r9, &(0x7f0000000380)={0xa, 0x2, 0x9, @private0={0xfc, 0x0, '\x00', 0x9}}, 0x1c)

2m54.388430084s ago: executing program 0 (id=751):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={0x0, 0x0, 0x43}, 0x28)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x500, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x30, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, r2, {0x0, 0x6}, {0xfff1, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5c00000012006b04000000d86e6c1d000a887ea6ea65670000000000000090f9c3dc90f8f41f8ecff32c6e020075e300250045586c8da718ad4b4460bc24eab55600000000000000bf9367b4fa51f60a64c9f4d4938037e786a6d0bd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x14, 0x2, [@TCA_PIE_ECN={0x8, 0x6, 0xfffffffe}, @TCA_PIE_BYTEMODE={0x8, 0x7, 0x1}]}}]}, 0x40}}, 0x4c840)
r6 = syz_open_procfs(0x0, &(0x7f0000002340)='fdinfo\x00')
getdents(r6, &(0x7f0000000000)=""/43, 0x2b)
getdents64(r6, 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0x16, &(0x7f0000000e00)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa000000000000007000000080000002d1501000000000095000000000000006916000000000000bf67000000000000350607000fff07206706000003000000160302000ee60060bf350000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dc725f431bcab0ef59b8f0e431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa0100000000000000b93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4ffcae1a8a793a7795a9214a92f66e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc3086936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154baa8e51489a614e69722bac30000000000000000000000000000a006b178438e930b2494db1bf624a70a19a45b8b71869afb13cb2ac1d2f3ec0d93a3e4fd0ad076c7d826f218aa6ba8ec5e58b7c64dc8616127087901dc65418a4b25bfa7ae8b5ad9642815f319230425e8bd89c6983d816d97d81a739917eecd26f9a3aecaf0acdaf6cffab38eae3b10b122b4bf521a46bf01a0c136f745113b589459fbe1666087a7c554a55e2b42ab7e405a77f405a348a64e356b7fb61e48ea9c87bf13f97052c51fdd49f3dbccf9874cf61807ae4b1665ccdd026d4580a068395e8cb851eeadb1da6d1009513ca73a685c66fb15f27eb74a7a4eb5966e3ef4be3ca8ba81b2d17d797265390ce616c3d7b566fe956fb93c6a43f4dc6b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)

2m54.01953931s ago: executing program 0 (id=752):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0xb, [@struct={0x4, 0x1, 0x0, 0x4, 0x0, 0x1, [{0xa, 0x3, 0x6}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}]}, {0x0, [0x61, 0x0, 0x2e, 0x2e, 0x61, 0x61, 0x61, 0x0, 0x5f]}}, 0x0, 0x53}, 0x28)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xd3)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
accept(r0, &(0x7f0000000100)=@caif=@rfm, &(0x7f0000000180)=0x80)
mount(0x0, 0x0, &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r1, 0x0, 0x23, 0x0, 0x0)
syz_emit_vhci(0x0, 0xd)
syz_open_procfs(0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000012c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xb000000}, {{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)

2m50.891570978s ago: executing program 0 (id=754):
sched_setscheduler(0x0, 0x2, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000ffffffff180800002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000400008500000010000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r4}, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040880}, 0x24004045)
io_uring_setup(0x1b7b, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect$packet(r6, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x82, 0x6, @random="a55378321800"}, 0x14)
shutdown(r6, 0x1)
syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f00000002c0)=<r7=>0xffffffffffffffff, 0x0, 0x0, {0xb}, 0x0, 0x0, 0x0, 0x0}, 0x58)
pidfd_send_signal(r7, 0xb, &(0x7f00000001c0)={0xb, 0xe, 0x20005}, 0x0)

2m48.874707585s ago: executing program 0 (id=755):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x1, 0x80000000, 0x4, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8, 0x1, 0xf4b6}, @TCA_FQ_PIE_ECN={0x8}]}}]}, 0x44}}, 0x20004055)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket(0xa, 0x3, 0x87)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
sendto(r0, &(0x7f00000003c0)="e1118ce4769b", 0xfdef, 0x800, &(0x7f0000000600)=@l2tp6={0xa, 0x0, 0x7, @local, 0x5}, 0x80)

2m40.925962026s ago: executing program 0 (id=762):
socket$key(0xf, 0x3, 0x2)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x24a0, 0x4c1, 0x43, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$inet(0xa, 0xa, 0x84)
connect$inet(r1, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[], 0x50)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000002000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB, @ANYRES32=r2, @ANYBLOB], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x61800, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$IOCTL_STOP_ACCEL_DEV(0xffffffffffffffff, 0x40096101, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000005580)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
listen(r1, 0x8)
r5 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000005ac0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40045}], 0x1, 0x4081)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x80, 0x700, 0x4, 0x8001, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x65, 0x0, 0x0, 0x4, 0x0, @empty, @empty}}}})

2m34.611807564s ago: executing program 0 (id=772):
r0 = syz_open_dev$ndb(&(0x7f0000000180), 0x0, 0x1)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
r1 = memfd_secret(0x80000)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MEDIA_SET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="60010000", @ANYRES16=r2, @ANYBLOB="010028bd7000fbdbdf250c0000004c0105802c00028008000200da0800000800040003000000080001001d000000080002000000000008000300580f00003400028008000400f9ffffff080002000400000008000300dc0000000800040040000000080002000008000008000200080000003c000280080003000c00000008000200e303000008000300ff07000008000200faffffff080003000400000008000100060000000800020000100000080001007564700008000100756470004c000280080001001f000000080002"], 0x160}, 0x1, 0x0, 0x0, 0x28000021}, 0x24008854)
ftruncate(r1, 0x3)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000084355450000000000000109022400010000200009040000010300020009210b000001220500090581031000"], 0x0)
pselect6(0x40, &(0x7f0000000140)={0x7fff, 0x8, 0x1, 0x2, 0x7, 0x7, 0x400, 0x9}, &(0x7f0000000800)={0x0, 0x1, 0x1, 0xe100000000000000, 0x0, 0xb, 0x6, 0x9}, &(0x7f0000000840)={0x2, 0x10001, 0xfffffffffffffff9, 0x8000, 0x0, 0x6, 0x100, 0xfffffffffffffff9}, &(0x7f0000000880)={0x77359400}, &(0x7f0000000900)={&(0x7f00000008c0)={[0x4]}, 0x8})
syz_usb_control_io$hid(r4, 0x0, 0x0)
r5 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0xb81, 0x80, 0x8002, 0x25f}, 0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(0x0, r6, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r5, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r5, 0x6e2, 0x620, 0x1, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000002540)={0xfffffffffffffcc1, 0x0, 0x0, &(0x7f00000013c0)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xa, '\"\x00\b\x00'}]}}, 0x0}, 0x0)
r7 = syz_usb_connect(0x2, 0x68, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902240001000000000904fb00026c5d650009050402100000fa"], 0x0)
syz_usb_control_io$printer(r7, 0x0, 0x0)
syz_usb_control_io$sierra_net(r7, &(0x7f0000000040)={0x14, &(0x7f00000001c0)={0x20, 0xf, 0xe3, {0xe3, 0x22, "1c472db5d1a937c0f656c9c3e5bf37de1f980d71fa43e2da069a10551a8922eff0a16a8199a61538fa6f7a1efb3101024b45f7e32f56dbcf541136ff236c75f248a3b998ec3e608e9c1effecbc2ddfb81df6e201075f75d98a6fdc1b80e852b15ea67a27d267db7a37c79b50a0635015579e7641868dafb1059365659882c6a1e08781eb3d471bf3eab9f5bb027907e1253fa0cb4a8d724c280fc817d994f49d27456af7613ff1652ca0a03287af4b2d944e96cb6262ec199be4098f85e110c2c10c7f8766fa1a5ebfc436d619b21ba62f935b84202cfa5559d92690b845a393f0"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2801}}}, &(0x7f0000000100)={0x1c, &(0x7f00000002c0)={0x0, 0xe, 0xdd, "cfbd856100ae2001d7e56b37b411fc2515f51eb05b53194c5fc62376f4acc3ae35bdbf160dd7d4b756179c70437970f4df2c099712da246156529657d393cf6d5414a8ecd054228f79ead311d24b42feb61717045deaa01242124063c43eaed11ae325104eb34dbc5b9a6ea7ef86e3b83dfa6cab5dac799c4ee2b516b0776f993173ea122ed9bb215ffd2ac9ee99614f9b0f74e01556556d58c07008da076867168fc3e7d06db71e78a248eae7dfd23aa3644625e6a53fa24c22431a358a2995b336695376544fd0f2779a42c9596752151b70fba91f21bc2acda67dd7"}, &(0x7f00000003c0)={0xa1, 0x1, 0x400, "fde3461534a527f739c3e48b6d416143f320f4fa1dda4910c098ef05a84da8c05b1f610f8729d4f533bf273ea58ed95b507226027474b44f39d0db70a9bd73279ccfb58c5e02d6fac16c015e195d2f25d68db4aed00af09c6fab42a904256685f2d95ad4d0f3504ab2ae8227f24c698add9173b037f3bf39338250b84708f95a51d384922425d21c13095dabf2f4807a52a31c661876337c92788e3ffcf7defc1fd572456d01942570d2a5b81af9093f46abe482a8f8b65261ff750fe67d91a576dfc8f14b5679d9cdb3b9ac94a055a5761d6005d05a734b585b65e1c9e0da9a183ed195c2c0c08a9fd3a2c0afb1fbfc8eb1a11b11a4ef33428cf2e0409aede0c4cd758f0f85ba3ff06e8604584539143cf0ceff0bf0a7a0ff1ae8242c388cefb6404903c334b3dd045dc035709faee8b1c14c01b0b9b08341605475d471f13c47690d0a0b03fa9560fb92e8f031246e41fa8e79c2351c8815679b94ba9e7d5b202be78dd560c2353f039bcaf4cd48a300ccdd588227ba4a927c09fb70d91c26103e9221d038cba4a46a3661b56d1dee79012ed8ab7185993f89fe0a6ea0293e3a68b1f43acfcd4a1803bb07aff0d60b05b7e74c69cf57e6bcc7a53987884d1ee7337c39a43872a02672d1c151e534a8bd7a3cb2915e998b1a3077f85a66bb38ca866c13538cb50dbaff4aebc5821ed407c39b7d0e5f0ea23fb683193049e26ee6a1df7ad63204ec5d0c7b8c428f35fc55a4e3cce47ddd7aaff9498e6dbf5cc8d824c03bb729684ae8ea02c8f767dcf035dc26ee436581d6211f934a5e0553e4510537a05180ac281e832aaddd27860dac43132d2cc82ec73cddd2ece4bc5221518810c21fe92d554cfaf309d61ce2717c142605681e7183cd2f0844189c8da3c261db6582571dee0ababaaf8a49346c99364106968588047580dbe01f2894b9bd2e8e8dda826b460540e717679ec5ffccee1782fe2a6c3df65badc02d1676c9e4608bb840b9190a953fee9885f1122aaf5be3b32d6471a522762b19c94a40867b420c61d8647aac9578dc69ecdae00ddce7ec848a86084786483f46e3a37e3da97a09097fa2847f74e56e9e133a89291acb2388738c8565ecd31b620ad435acdb1d962e235e57aa2d69a5de2ec265d2e6392a91962a75c1a64ecbcca9d102f42e0671e9af03ef20a9c3e043fc5902e195f320494541b4eeb410646a48ca084bdb22d222b2e6071f36c3e22b321dd18f111f881bb2c78a2d70351e1f41620b98b1c617e93a1cfc76e18e6478e4c6853f640e628c1f33da5e4e5e308f207c857cd5a7414c0a901be8000768cb114396d5b44ca851c2f60b81aea1d5a2b6e5fae52bb37cece2c15fab409226a18e76b97695c2b90ee0fa04ab879f3a5f71a2182369427db4ecf909160f58d7e186e738ba88aa1ab8d25dfdba3593834a0916191b"}, &(0x7f0000000940)=ANY=[@ANYBLOB="21000200000054ab170c000000000000f8e2790b0db758"]})

2m18.925859358s ago: executing program 34 (id=772):
r0 = syz_open_dev$ndb(&(0x7f0000000180), 0x0, 0x1)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
r1 = memfd_secret(0x80000)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_MEDIA_SET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="60010000", @ANYRES16=r2, @ANYBLOB="010028bd7000fbdbdf250c0000004c0105802c00028008000200da0800000800040003000000080001001d000000080002000000000008000300580f00003400028008000400f9ffffff080002000400000008000300dc0000000800040040000000080002000008000008000200080000003c000280080003000c00000008000200e303000008000300ff07000008000200faffffff080003000400000008000100060000000800020000100000080001007564700008000100756470004c000280080001001f000000080002"], 0x160}, 0x1, 0x0, 0x0, 0x28000021}, 0x24008854)
ftruncate(r1, 0x3)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000084355450000000000000109022400010000200009040000010300020009210b000001220500090581031000"], 0x0)
pselect6(0x40, &(0x7f0000000140)={0x7fff, 0x8, 0x1, 0x2, 0x7, 0x7, 0x400, 0x9}, &(0x7f0000000800)={0x0, 0x1, 0x1, 0xe100000000000000, 0x0, 0xb, 0x6, 0x9}, &(0x7f0000000840)={0x2, 0x10001, 0xfffffffffffffff9, 0x8000, 0x0, 0x6, 0x100, 0xfffffffffffffff9}, &(0x7f0000000880)={0x77359400}, &(0x7f0000000900)={&(0x7f00000008c0)={[0x4]}, 0x8})
syz_usb_control_io$hid(r4, 0x0, 0x0)
r5 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0xb81, 0x80, 0x8002, 0x25f}, 0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(0x0, r6, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r5, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r5, 0x6e2, 0x620, 0x1, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000002540)={0xfffffffffffffcc1, 0x0, 0x0, &(0x7f00000013c0)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0xa, '\"\x00\b\x00'}]}}, 0x0}, 0x0)
r7 = syz_usb_connect(0x2, 0x68, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902240001000000000904fb00026c5d650009050402100000fa"], 0x0)
syz_usb_control_io$printer(r7, 0x0, 0x0)
syz_usb_control_io$sierra_net(r7, &(0x7f0000000040)={0x14, &(0x7f00000001c0)={0x20, 0xf, 0xe3, {0xe3, 0x22, "1c472db5d1a937c0f656c9c3e5bf37de1f980d71fa43e2da069a10551a8922eff0a16a8199a61538fa6f7a1efb3101024b45f7e32f56dbcf541136ff236c75f248a3b998ec3e608e9c1effecbc2ddfb81df6e201075f75d98a6fdc1b80e852b15ea67a27d267db7a37c79b50a0635015579e7641868dafb1059365659882c6a1e08781eb3d471bf3eab9f5bb027907e1253fa0cb4a8d724c280fc817d994f49d27456af7613ff1652ca0a03287af4b2d944e96cb6262ec199be4098f85e110c2c10c7f8766fa1a5ebfc436d619b21ba62f935b84202cfa5559d92690b845a393f0"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2801}}}, &(0x7f0000000100)={0x1c, &(0x7f00000002c0)={0x0, 0xe, 0xdd, "cfbd856100ae2001d7e56b37b411fc2515f51eb05b53194c5fc62376f4acc3ae35bdbf160dd7d4b756179c70437970f4df2c099712da246156529657d393cf6d5414a8ecd054228f79ead311d24b42feb61717045deaa01242124063c43eaed11ae325104eb34dbc5b9a6ea7ef86e3b83dfa6cab5dac799c4ee2b516b0776f993173ea122ed9bb215ffd2ac9ee99614f9b0f74e01556556d58c07008da076867168fc3e7d06db71e78a248eae7dfd23aa3644625e6a53fa24c22431a358a2995b336695376544fd0f2779a42c9596752151b70fba91f21bc2acda67dd7"}, &(0x7f00000003c0)={0xa1, 0x1, 0x400, "fde3461534a527f739c3e48b6d416143f320f4fa1dda4910c098ef05a84da8c05b1f610f8729d4f533bf273ea58ed95b507226027474b44f39d0db70a9bd73279ccfb58c5e02d6fac16c015e195d2f25d68db4aed00af09c6fab42a904256685f2d95ad4d0f3504ab2ae8227f24c698add9173b037f3bf39338250b84708f95a51d384922425d21c13095dabf2f4807a52a31c661876337c92788e3ffcf7defc1fd572456d01942570d2a5b81af9093f46abe482a8f8b65261ff750fe67d91a576dfc8f14b5679d9cdb3b9ac94a055a5761d6005d05a734b585b65e1c9e0da9a183ed195c2c0c08a9fd3a2c0afb1fbfc8eb1a11b11a4ef33428cf2e0409aede0c4cd758f0f85ba3ff06e8604584539143cf0ceff0bf0a7a0ff1ae8242c388cefb6404903c334b3dd045dc035709faee8b1c14c01b0b9b08341605475d471f13c47690d0a0b03fa9560fb92e8f031246e41fa8e79c2351c8815679b94ba9e7d5b202be78dd560c2353f039bcaf4cd48a300ccdd588227ba4a927c09fb70d91c26103e9221d038cba4a46a3661b56d1dee79012ed8ab7185993f89fe0a6ea0293e3a68b1f43acfcd4a1803bb07aff0d60b05b7e74c69cf57e6bcc7a53987884d1ee7337c39a43872a02672d1c151e534a8bd7a3cb2915e998b1a3077f85a66bb38ca866c13538cb50dbaff4aebc5821ed407c39b7d0e5f0ea23fb683193049e26ee6a1df7ad63204ec5d0c7b8c428f35fc55a4e3cce47ddd7aaff9498e6dbf5cc8d824c03bb729684ae8ea02c8f767dcf035dc26ee436581d6211f934a5e0553e4510537a05180ac281e832aaddd27860dac43132d2cc82ec73cddd2ece4bc5221518810c21fe92d554cfaf309d61ce2717c142605681e7183cd2f0844189c8da3c261db6582571dee0ababaaf8a49346c99364106968588047580dbe01f2894b9bd2e8e8dda826b460540e717679ec5ffccee1782fe2a6c3df65badc02d1676c9e4608bb840b9190a953fee9885f1122aaf5be3b32d6471a522762b19c94a40867b420c61d8647aac9578dc69ecdae00ddce7ec848a86084786483f46e3a37e3da97a09097fa2847f74e56e9e133a89291acb2388738c8565ecd31b620ad435acdb1d962e235e57aa2d69a5de2ec265d2e6392a91962a75c1a64ecbcca9d102f42e0671e9af03ef20a9c3e043fc5902e195f320494541b4eeb410646a48ca084bdb22d222b2e6071f36c3e22b321dd18f111f881bb2c78a2d70351e1f41620b98b1c617e93a1cfc76e18e6478e4c6853f640e628c1f33da5e4e5e308f207c857cd5a7414c0a901be8000768cb114396d5b44ca851c2f60b81aea1d5a2b6e5fae52bb37cece2c15fab409226a18e76b97695c2b90ee0fa04ab879f3a5f71a2182369427db4ecf909160f58d7e186e738ba88aa1ab8d25dfdba3593834a0916191b"}, &(0x7f0000000940)=ANY=[@ANYBLOB="21000200000054ab170c000000000000f8e2790b0db758"]})

16.233721246s ago: executing program 6 (id=1145):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f0000000240)=@file={0x1, './file1\x00'}, 0x6e)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x407f, &(0x7f00000004c0)={0x0, 0x1c66, 0x400, 0x0, 0x126})
io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x40c89f, 0x200, 0x7, 0x20002f9, 0x0, r2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000240), 0x0, 0x501, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
socket$inet(0x2, 0x80001, 0x84)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000001000/0x2000)=nil, 0x100000, 0x8)

16.232854516s ago: executing program 7 (id=1146):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xf, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(0x0, 0x2, 0x0)
openat$ptp0(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000ffffffff180800002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000400008500000010000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r4}, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040880}, 0x24004045)
io_uring_setup(0x1b7b, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect$packet(r6, &(0x7f0000000200)={0x1f, 0xf8, 0x0, 0x1, 0x82, 0x6, @random="a55378321800"}, 0x14)
shutdown(r6, 0x1)
syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f00000002c0)=<r7=>0xffffffffffffffff, 0x0, 0x0, {0xb}, 0x0, 0x0, 0x0, 0x0}, 0x58)
pidfd_send_signal(r7, 0xb, &(0x7f00000001c0)={0xb, 0xe, 0x20005}, 0x0)

15.838136422s ago: executing program 6 (id=1150):
socket$netlink(0x10, 0x3, 0x8000000004)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x1, 0x80000000, 0x4, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8, 0x1, 0xf4b6}, @TCA_FQ_PIE_ECN={0x8}]}}]}, 0x44}}, 0x20004055)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket(0xa, 0x3, 0x87)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000800001000088}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
sendto(r0, &(0x7f00000003c0)="e1118ce4769b", 0xfdef, 0x800, &(0x7f0000000600)=@l2tp6={0xa, 0x0, 0x7, @local, 0x5}, 0x80)

13.312852127s ago: executing program 6 (id=1154):
openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000008c0), 0x1, 0x0)
r0 = syz_open_dev$vcsn(0x0, 0xffffffffffff0001, 0x880)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x50862bb7c2218362, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$evdev(0x0, 0x40002, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x0, 0x4a}, 0x28)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000004040)={&(0x7f0000000200)=ANY=[@ANYRES16=0x0], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r4, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x3000c041)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000007000000000000002000000091117b00000000009500f80000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbff, 0x200000}, 0xc)

11.879673626s ago: executing program 2 (id=1155):
r0 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0xffffffff80000002)

11.873405092s ago: executing program 7 (id=1156):
add_key$user(0x0, &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe)
add_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r2=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f00000020c0)={"d15bdc905a4b158a18073a22ba721cf332050536d279f542bd139b566e45d487", r2})
ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000000a40)=0xfff)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x4d, 0x6, 0x3, 0x9, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x7, 0x3c5b, 0x80000001, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x17, 0x1, 0x7, 0x200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x7, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x1, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x6, 0x5, 0x1, 0x86, 0x3, 0x303c, 0x3ea, 0xb, 0x5, 0x8000001, 0x2, 0x3, 0x2000000c, 0x2, 0x6d03, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0xdb400, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x7f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x1, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000002100), &(0x7f0000002140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffa)
r3 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r4 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, r3)
add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x3}, 0x0, 0x0, r4)
keyctl$KEYCTL_MOVE(0x1e, r4, r4, r3, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r5 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$SW_SYNC_IOC_INC(r1, 0x40045701, &(0x7f00000002c0)=0x3)

11.646652015s ago: executing program 2 (id=1157):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0xb, [@struct={0x4, 0x1, 0x0, 0x4, 0x0, 0x1, [{0xa, 0x3, 0x6}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}]}, {0x0, [0x61, 0x0, 0x2e, 0x2e, 0x61, 0x61, 0x61, 0x0, 0x5f]}}, 0x0, 0x53}, 0x28)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0xd3)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
accept(r0, &(0x7f0000000100)=@caif=@rfm, &(0x7f0000000180)=0x80)
mount(0x0, 0x0, &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x0)
syz_emit_vhci(0x0, 0xd)
syz_open_procfs(0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000012c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xb000000}, {{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1c}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x4}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x4, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)

11.289859412s ago: executing program 4 (id=1160):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f0000000240)=@file={0x1, './file1\x00'}, 0x6e)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x407f, &(0x7f00000004c0)={0x0, 0x1c66, 0x400, 0x0, 0x126})
io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x40c89f, 0x200, 0x7, 0x20002f9, 0x0, r2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000240), 0x0, 0x501, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000001000/0x2000)=nil, 0x100000, 0x8)

10.209663436s ago: executing program 2 (id=1161):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
read(r1, &(0x7f0000001640)=""/87, 0x57)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x2d, 0x20040040)
readv(r1, 0x0, 0x0)
recvmmsg$unix(r0, &(0x7f0000002640)=[{{0x0, 0x0, 0x0}}], 0x1, 0x100, 0x0)

9.904954621s ago: executing program 4 (id=1163):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x28)
connect$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c)
r2 = fcntl$dupfd(r1, 0x406, r1)
setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
readv(0xffffffffffffffff, &(0x7f0000000200), 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000025c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELSET={0x150, 0xb, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x21}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x2}, @NFTA_SET_USERDATA={0xfd, 0xd, 0x1, 0x0, "074746f63d973ad5ff4e5c63d7c16dbb2ee1ca1f63166cad15bf21a45d0fd058151eb5acf0930e8b7356e0f0a71c94b5a7fcc18ef7193ba772c9f3efd1334905ca09bef0321b09c7321467415457b62b36c2d2c9f95d8139e6d92b614854c034d8874e5e7810c663aab2a4477bd2d8c1784e7d4500f30f6bd5bff0007ea2c2cdd630bbd41112027e64c1c0da0bee22c55c20258b0a8f59d1daade36605856cd10dfaf1311a4bd647582a79fd058fd8c8c80afcc36a5762b622eb8934a8a7d7ff314a6d485daf73ec752eb4cefb0020ff555a4528f4e21283b0e79dff8cd88df601323f1d5b866ddc2c1d850cc3a3564105db774b5b50ff4307"}, @NFTA_SET_GC_INTERVAL={0x8}, @NFTA_SET_POLICY={0x8}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0xde}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x8}]}, @NFT_MSG_DELSETELEM={0x28, 0xe, 0xa, 0x401, 0x0, 0x0, {0xd, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x7}, @NFT_OBJECT_SYNPROXY=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}, @NFT_MSG_NEWSET={0x28, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x9}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0xa}, @NFT_OBJECT_SECMARK=@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @connlimit={{0xe}, @void}}]}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}]}], {0x14}}, 0x250}, 0x1, 0x0, 0x0, 0x2c000000}, 0x40008884)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffb, @loopback, 0x23}, 0x1c)
write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r2, @ANYRES64=r0, @ANYRES32=r3], 0xfffffdcf)

8.580719157s ago: executing program 2 (id=1165):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
r2 = syz_clone(0x80000000, &(0x7f0000000800)="27fb8e0f0c49ac4dd6a5f9815d9c97741dc7a5fb0e57b60e192f34158ed4ce6a86f90b83856a55f78f30945908cc58b1a532fb756820a0c7f1481c2e0447f262a81e9ca06c5c7ca727f1f8d2ff7eb345162c5696dbd18eb288765c048e43385173014bc448282754fa7aa191156890b8a3acfcf9af4960bf249008f83075e19a6ab892e358723cb7b22c226864851580ceac871c166e97dfaa894897e23d765297e18ce6dfc7a7825350997594db2ecaedbb365184086c8adc4431dc49cf5470f9083634b3f1ae9fa3b1dce21e0f8549168516ce7ed2e3d013f73e4561b9d7eff56ce2a108fd1cd25c12e292dda80f0b327b961da8bdf2d5eae19d317b3f8ba1832c5395b6946632728922b27b3a6c810564f546f508dd4181773883a6d8a69113f0ea7953e2ad939213267e396213dd6d6c6430e5ac739a973cbbeb200a742849363228656fac0585acc9ce98d64965f324f08f84c6a9908d170c63898f794864965a805c6d4a8610dde38f812335230d109fad09c69555ef5a7e9aa4e4f80d89f2754b4416fd80cf09e244b5ab335c864fb2ece8483478e008386a422ae61c8e20d8e2c74b3457fa62a378de020316e76a06e4e644158ced06d0351b52e498911ab0b4efd3672c3b8986ab18f277abf5cb9be368dc93a938e91ef6f587e78a9601197307feae188113cf4cd953f50ac7e9b9b6a0a355307f6afac338200fa6ff909822415fecd8f391890cc6a16f17c4bdbc9c682c2afb013deec83289776f8366a5e349cfe15b67eeeb2ea9c230ae5424b9c03d491f3e8afaf5674365673973713efd3501e1e497dadab753f2ba33619478c0db7f3c2721dea4ae05b44770618134fcd930147f3586996a0020049710099268d7137b64b645f372634f8ebb1c199424175ebd248584b48766fd959e408467de6ce4deeec8ec38e78ca70ddb7a22ef1f4865f05b6ad8da37e8f56ffd49e4b6b4b455febcce566731bb17547717332e4e0c0e980f068e97e59dab0b88458e135ffd50928bbd4482b721f98de26487aef456a49345d65a51837b0a08b5371e1e2fe19ede58a2c9abb2894fa58cec53cf997d4826a98119e08e9f67eafd6236e21c2baeeac91c256ed3dc1a11691ffbf16f8d17cbcdadde200cd7b7d38ef4993524b62ca0f452a6344ce781b1261b36c6c1be5a1b7c516c8dd31052719ab5098fe7bb27d6ccc6350c56f7df933e5fb5292f5442b1afb1449120e872364cd557c72a04b67195f66e0a3f42a6b21787fa83e64b85a70d77dcc42cd4772dfb2881497ad18bf85561416fd491da25dfd472adcd4e18ea649b91bad1bed50d01006bb273e6f1f57d73773c64c7623dd494a3651321ffdb0e9ab1e5e855f03b6188b7e03815a163876a85283cca96b9957abad95875fbd06195a0883862555613311773973d8b1c744e0ec493ad622796d60f01e57b15f6d8bb45428ab58d668cf7f338b6dd92d413af514efbe184ff7c1712ead2f092da2552a3d187c654c60634bbdf594b20c004b7cbd41594be426a8f0d0c3c226545220822f20da0dc8b790fd5ec6765138b9be74b30c5f31ff9712b4e2cd047a800ca5e4f41d3f766f658fb1c51925b7e3db2ec9f0cc3aa60e1b9b37b3b10fae512d984e29cb4017355063c40bac12f6bc431086c4307923bb1a06d677f7f7bb36f902f3bf8c3c74c0d87744d32884c8a3f0b42403fc08505466f8334678ca4fa712b040ce13d84cbf94dde260c3c269d6392548d234938e4ac587a1ddcf796d2c6e90c1e0c8f396034f91ae198453c53ea994ecd8815e07030d0362037bcfc2de6864d2946ad891d5f717b8cc3b63b79d2c42f2277fea109057dbf264145c476a1daa24737eca7ec0c440b2a71e723831d986ad55af38053362a8ee2af36fddf66975e094f4f209c747988ae3deedb01bde7ebb3d57c5c456878cddf6e69af8bbd0cb4c7d9d02dde1d5ba70d6a577e31711cf0cc231eee09cf1653ec8bdfa9274cea910dabe37b7eeed552e89ff23d9bda657fb82f8335b399703c0302781b4be7169d953f545a04d666aafc4f3ba6527f35c53b91f0a25b8a6d3d9e7c87cbfd39f14fd3612732bb511cc64b5e6c42159067990f4b24e336e38047610d58c2ceaadb6e18baf8c065dfd5d9c497ad828f28272a7bf39e695f40086bc7afe65e26b8852a089e46ebed72313ce9941daef2ab59fd898d0d0fc7f1f415e0a0e5b517886c76150acdefdd6b8e359f5e57e728fe0c60cb830182608286ffe482e7e3f4e4b238f30dbd48d66767420179ecc11a53b4a6239dfdb248334a898a93b803d1d9782d2e3e8a0ac2d25f6b05964bfc849f6d5e03c2ba542c5b346e91e05be95957c3bfc153e972b41004d23246d7006a2b03b6652240a2bde87ee35f25c25783bde28872c6cf5fc12ca946286a678ca7e7cf61ce5b3274537601b4d6cd96e3a71ddd85070f895699b385898e31d80608b026905c970b8714750497025b585255ee154935c44d97383d20c102223dc387ffb347b21f4d3371054c3d59431360f21f5763233fbaeb77e6b4569e50fb719e32fac669c9244b325df565a37538181f1eaf66dfc612d90915cf1b211dc68219a9dcf99a5f42b19b35e5ab1197f52aad110a2a6d5abd61b65a9c68972abf3bcd8d3380c008ed2e79a79d8879be761aa8a0a0ddecd1261a12b9afd74c40ce32d696099ba42ce0940f409285ad4b5bc29e5f41b495ef69a76071665fe07903de07f1c1991ab4d43ca8df9ee6816844b766028a0d05b543dc1637712c204d00c3156aa9965def2215c83af989b4921af24ab49b963b9e881091af1d0f1f2e4bc854c30daaa925fd9226af0772156edaff52f341333c3f128976eac7ed37f499f32cba6ece78b9f90031a97924c37b3e88ab9d9d48870679510ad8b0498c94ea66e027e593f414e11575e42352d2251bf9aa8f82ce2791fce09d4e2341c40fb74ea887b8bfb103aa49bd895d312879e0942df417f4b49220a891710eaa43be1a8452d53c861e0bc41ca2bfc664177e88e6f352b73c1f07f3dba0aae3861d966d68c5029e2a6afae1ed0c06ce907731f6e5ba420c1fa5721bbdff9d7532e4053384c0aabf0d389772ca2ae7704be2c75cf7c3ba2ab5a6d7fcaba31021a0606e2a5e0a1ba8adaa02678b1061c0fbbfd951d19d8d97d7d4e8f9e5e728a6ff20008f9f91b7129f58f6f3b56bc51eafef7a18a51f1883cefe9297b1a22b8139b8ed6e452a56a9a7557de2d072f4cd2712fa4b1cb00f43e1944819bb2cdbefa28e2a08e5707afe6ba4b97acdc80c8c861622789183beadeca37d6a7ac9fb6eb284ab2b24aad020de6632191055a2e6259d1d610d3dbed1ee83ff9ae386de4b5f53653d6794e03cc91301c692addeae68ed561f0ca4aa3860c5d9f73b03561564b512ef2719ee18210544522638960f87fb56ae8c8774687df17dd4ea02db21f0ae3eb40f8f963ca67ee823b7f2e54986c9d92fe195cad52c67f5f92924c6500875a1032984f63bebbd9306755341999a5ed788d2ffabf8947fd01d7945c0390c3c8e0c2768a7283c03b57c09257aae544a7bc22dfed36ca88ec29d5326d224fe29f3581f96e1b19e83d2cf4090401203a2fda4d547b463af5c9959f907e420ee7412bd60875aa5a0d0b75de1f52564a435a91d52990b103a0a2cca0b7de51bacb562eacd5590685612a010912ad06d83215faa7e17ec035d1e78bc8ffa1d8f1d1a36108ec8ac8c49a77dffcc8d00020edb92eee8053129c3cf8d53d06a5d273afdd7bcff33893e2d74a7ef6c2027a9e88ad00c9ab69bbd40b20124ef745bd7d497b3a557133f341a819bc691745f0c49698ed3e104a68bf0389e91b428018f8c45e35d81b6d251f3382b129be8ea2b6787fe88f77c3c325af2b16ea71f37c7b730cb404dd49ed5638f60be297f1350b13e3274c66a74c6ceae1f727ba79bad92597dff82d7bee0a440018cc83b971d06c685eb1bdac1965876807d7251b2e07271cd5baef0f0620db2c4246a5ac7e0e0c8c6e45bee1f317a89c99c450a9c2584a4c448af0aacab6930fde136d09b950b26cd080ae6d85f66e9aa52b2bdac0a26708fa4d4d4c19359da00492f84c845a1176653c19d0b8d2191c0392ca77da29138e4775e63049dcd7d4a5b1bdcf7e43e5c756840bde176e1abdf22b8688ed92d93b5f5b66ad7792373cc127a915a8175f1f9c0e215e42db8191c7f4c6fbfbf60aea6f668c241709ff2fe303f92d6697ce364f0022cee3216cd306715f2fe4fe07a7725a1e5955d389e44d7a73d2fbec30ddf58c7c23c1cc7e1634bc105a103fef0f341035da61b45b7d2d66561f021776c895f954daceb489a392ab08e8ba092a8c9af701215ac54ec7cf5d1b4eb4c3f49fa9f5b59e985e2decf3d692a94d41c6fd4ee4c02175b353005d2c1c0b9f06f0066f1468277543a2bce510808f59abeff7fec9fec9877e339b8eae2f3cfb0ad231565ec893770f0f234f95014a4b6bab4d5c7da1b43ac5dd8efa22f520c21d83a5637116a743ea8fa4855d800f8a39aa14743bdd126388881bb714c89d512fa8c3e340ca26e34979c305b0c9821789cab0287898ea22ed43519e80c4c72ce9bf29c8ffb99ec053f2d45cf9b9dba116754a063238b6a1ca7bdbc9d873c9be7d9b18611dc3ca2d5103ac3344c0315035576b2366c06f6579d63a7f5c02011ea6d8dc3d546aae99754e44887fe67f07c675bca0b15689ea02473acd5139bbaf3279131c12bac446f9e065a2315087ba27c0b894874f92f4d14429cf8bd7d7b45134ee39b58c1c9e60a54a281795d6d4c4aed00e9c905631b943bb7968c9f25fc6044ea9bc66083f0ed63b72b3c95d442227a7fc355ddec4522b4179e5418f4857f809830b6fa4dbe35277434accb7791c59c820541be15de6ea5db7e26749604ca67a9512996318c2132d36e2ef993fc838a311208cd35c70e98e55fe0d4ddc29002ffc425941cc3c0956e469089ef03077f6afaf3ff37ba82898860ac9281f86eddbce02105014bc786e075051516c97b8fa63c7bb3b6c648dc4c3dc6a6848af54e37954b5133af70b9e2f3657fe0729914832c97871a888952148719d5d06d5fcb4bcc37049ab56e54dbc2c711ea9b6e9eb6d2a6c0097d0ee3dd026145c63fb05b63510ab016f62e788e5dfd5e8179350690e7f9ffdc0e9edc2a08e26a7ee4b8d34c953676f0acb6ce6568251840b8a42af35aaddc0cd7dc695988df27e1148c1c19db1d3f62ce23f2f180c9e8ec10f4546fe533cd5582ee3af936f466bce7912c8ec988b8134f093df7e3871b0e54034a54483ec20e14c6d91db661fda9402098ef1e9c403e25b942913674848b977665c9dae06840799bb0379e999caac83d5db67c65683ddfb4cadf6161a4361c99b5207ab1473d89cd82f72dfedb281156b9c3b2dfe9e84e62793858d6e71f2136f7d6c024ed7f08e48aa2ee40d74d7b6536a47ec5848d5ab5cf22af24d4e638c1ff2f6f58a22041732af162ff63f9c44cf4af930f499619b7d118290577491cb56292cf570108b359d56d4e7e0f48ee07f9dbd791e29731f2e763296fd3e6e53f82de62fdd517142063a37803df0b6749d5eb1e06f24babdd378d6f905bca5e1f15648dd54d8c7711c0ebaefe452eff5fd8efc7a7fdb460d691bc739362b206d5921557ceecd4a78ac1d38483ac176f99ede61ba8c1b2fb787d04594b363fcbbaa05c45fb888561d9d0e1e64e680a0a180f967fd42d2675a010e5e469102e7064c062f83a7a46ac858f4905d5f7a800", 0x1000, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000340)="074a11e3d45fbca0f0252692d7ab9c87cccc8014b1f7e648d9182db3aaaf2335bbfb5540b1409d53d0327830da54fbcf31977efd3e0fe43d2fce42a6cd55157ee050")
ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f00000003c0)=r2)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r3, r3, 0x0, 0x200000)
read$FUSE(r0, &(0x7f00000022c0)={0x2020}, 0x2020)
r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341)
ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f00000000c0)={0x80, 0x6, 0x300, 0xfffe, 0x0, 0xfffffff9, 0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000003e00290200000000fcdbdf250a000000ae2ccf88180f18eaa76008b26788a8281d72ca931dd801ded0a93b26ae9bab3e3a8bc97f1a7746040c4286d82ec39ff03ff3a3080000000000000013c094007b51287e3c58f364cbe0b2f0b578a139f096035c8e889e1a6016dcc065551e4972683db646d245131bcfd7fa6d7a18ebf7070000000000000012c42456b098c3772eeee12051"], 0x14}}, 0x8000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioprio_get$pid(0x2, 0x0)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)

8.519204152s ago: executing program 4 (id=1166):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c000080080003400000000214000000110001"], 0xb0}, 0x1, 0x0, 0x0, 0x14}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a31000000001800038014000080080003"], 0x44}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r5, 0x84, 0x1b, 0x0, &(0x7f0000000f00)=0x22)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x143)
inotify_init()
r6 = semget$private(0x0, 0x7, 0x180)
semtimedop(r6, &(0x7f0000000100)=[{0x4, 0xfff8, 0x1000}], 0x1, 0x0)
semtimedop(r6, &(0x7f0000000100)=[{0x4, 0x7ff}], 0x1f4, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002440)=@delchain={0x620, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x5f0, 0x2, [@TCA_BASIC_EMATCHES={0x5ec, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x228, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0x4, 0x3, 0x7}, {0x2d81, 0x8, 0x19, 0xf}}}, @TCF_EM_META={0xa0, 0x2, 0x0, 0x0, {{0xdc, 0x4, 0x8}, [@TCA_EM_META_RVALUE={0x2b, 0x3, [@TCF_META_TYPE_VAR="4c85d202b4c37557cd2f", @TCF_META_TYPE_VAR="bf476298cb6e", @TCF_META_TYPE_VAR="b7", @TCF_META_TYPE_VAR="3ecc986c", @TCF_META_TYPE_VAR="68a718d3e0c7", @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT, @TCF_META_TYPE_INT]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x7e9f, 0x5, 0x2}, {0xf7a3, 0x1, 0x1}}}, @TCA_EM_META_RVALUE={0x8, 0x3, [@TCF_META_TYPE_INT=0x5]}, @TCA_EM_META_RVALUE={0xc, 0x3, [@TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_INT=0x1]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x7, 0x6, 0x1}, {0x2000, 0x15, 0x3}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x6, 0xfd}, {0x8, 0x7f, 0x2}}}, @TCA_EM_META_RVALUE={0x22, 0x3, [@TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR=' ', @TCF_META_TYPE_VAR="780c45424784f5", @TCF_META_TYPE_VAR="0fa0595a25c4256b64e8"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x6, 0x3, 0x1}, {0x5b, 0x3, 0xffffffffffffffff}}}]}}, @TCF_EM_META={0xd4, 0x3, 0x0, 0x0, {{0x9, 0x4, 0x1}, [@TCA_EM_META_RVALUE={0x1e, 0x3, [@TCF_META_TYPE_VAR="09580cb1164a", @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="5efaacbf", @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x8]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x8, 0x7, 0x1}, {0x3, 0xc, 0x1}}}, @TCA_EM_META_RVALUE={0x15, 0x3, [@TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR="5d8dce84", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="a9a1bd117e"]}, @TCA_EM_META_RVALUE={0x35, 0x3, [@TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_INT, @TCF_META_TYPE_VAR="9d69020b79580569", @TCF_META_TYPE_VAR="fd4a5a94e935abbd15", @TCF_META_TYPE_VAR="ddd01cad5b7f43", @TCF_META_TYPE_VAR="8c0e861e43"]}, @TCA_EM_META_LVALUE={0x21, 0x2, [@TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_VAR="dad9dce3", @TCF_META_TYPE_VAR="7527959e31cd39b6dc", @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR="03260923"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x10, 0xa, 0x1}, {0x4, 0x3, 0x2}}}, @TCA_EM_META_LVALUE={0x19, 0x2, [@TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="94b7", @TCF_META_TYPE_VAR="b58177d919f71cdfcf", @TCF_META_TYPE_VAR="f234b2338ad3"]}]}}, @TCF_EM_CONTAINER={0x6c, 0x3, 0x0, 0x0, {{0x8, 0x0, 0x1}, "6f9b77e748636db71ffaeedb01aee8d2fa362ec3236005ecd801e3fe51aed2bd8065470d4878439b63ce134cb9596212be4dbed0329cbd034513bdcf6d9064aab5ac6b08a6b4c214342e7aaf75acb64684d6d9f21c1c17f3eaf300ab1c"}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x1, 0x8, 0x1}, {0x4, 0x4, 0x1}}}, @TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x2c, 0x1, 0x20c}, {0x8, 0xa, 0x7, 0x5, 0x2, 0x1, 0x1}}}]}, @TCA_EMATCH_TREE_LIST={0x78, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0x8, 0x3, 0x3}, {0x1115, 0x2, 0x7f0, 0xff}}}, @TCF_EM_IPT={0x2c, 0x2, 0x0, 0x0, {{0xf, 0x9, 0xf800}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x1}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x1}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x1}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x4}]}}, @TCF_EM_META={0x2c, 0x1, 0x0, 0x0, {{0x0, 0x4, 0xebe}, [@TCA_EM_META_LVALUE={0x4}, @TCA_EM_META_LVALUE={0x19, 0x2, [@TCF_META_TYPE_VAR='!', @TCF_META_TYPE_VAR="4bf1db", @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR='Qo', @TCF_META_TYPE_VAR="4a002496e31c06", @TCF_META_TYPE_INT=0x8]}]}}]}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x400, 0x8, 0x7ff}, {0x0, 0x6}}}]}, @TCA_EMATCH_TREE_LIST={0xc8, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x4, 0x3, 0x101}, {0x10001, 0x0, 0x2, 0x7ff}}}, @TCF_EM_NBYTE={0x14, 0x1, 0x0, 0x0, {{0x1000, 0x2, 0x6b27}, {0x4, 0x1, 0x2, '\\'}}}, @TCF_EM_META={0x94, 0x2, 0x0, 0x0, {{0x2, 0x4, 0x8000}, [@TCA_EM_META_RVALUE={0x24, 0x3, [@TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="f3fcad552aeac4", @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT, @TCF_META_TYPE_VAR="922996cfb0", @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x4, 0x0, 0x1}, {0x7, 0x6, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x98e, 0x0, 0x1}, {0x7ff, 0x3, 0x1}}}, @TCA_EM_META_RVALUE={0x19, 0x3, [@TCF_META_TYPE_VAR="763d2d12eec6799d7c", @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="83aeadee4d96b576"]}, @TCA_EM_META_RVALUE={0x2d, 0x3, [@TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="43f5b18bf9e9fa", @TCF_META_TYPE_VAR="affa3c967d20", @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="37d4f001ad1afeaa", @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT]}]}}]}, @TCA_EMATCH_TREE_LIST={0x234, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x14, 0x2, 0x0, 0x0, {{0xa04, 0x2, 0x14c}, {0x4, 0x1, 0x0, "b6"}}}, @TCF_EM_CONTAINER={0x98, 0x1, 0x0, 0x0, {{0x7, 0x0, 0x401}, "f65135298fcd43f2a9b723a47267b79d075c9fad784b3dadc67d843206fdf9d6fabb159ab4d230cae9c3e12e7aa448a5edcd75752d321c43b4897783aeb58ef02b3643548fced505b921826b68da5be80ac3cbe5760efe455e1faef782ab2dcb9c5248fcc0f79ca4b8f06932e28519afa7390a235c159d218901b6ef28314f4543d305cc4ebe82a732"}}, @TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x9, 0x7, 0x5}, {{0x1, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1, 0x1}}}}, @TCF_EM_CONTAINER={0xa4, 0x2, 0x0, 0x0, {{0x200, 0x0, 0x10}, "fe76f8c9fd0985188a58e986f7ace2e7c35beb3850d49b97ccca81acf5950a7b01e5aa598996fc2a0232baef1919b29c0cc2f8836087a53edf06dbe2580f3a6ce02abef77a2c7bba79328731e7bd59f3c0eafa840a1ebedf377e1edb37723cbc7e76d928c51c665b99e1de9c0436de2dde6d644cf21bfd082886d5137b475d15575f1b9d45ecd45cf6b008d65bccdfd16d1102b94c"}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x20, 0x8, 0x556}, {0x4, 0x6, 0x2}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x6}, {0x7, 0x4ac, 0xffffffff, 0xfff}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x6, 0x1, 0x5}, {0x2, 0x4, 0x70, 0x2, 0x3, 0x2, 0x2}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0xffff, 0x3, 0x2}, {0x2, 0x401, 0x401, 0x5}}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x100, 0x8, 0x4}, {0xffffffffffffffff, 0x4, 0x3}}}, @TCF_EM_CONTAINER={0x5c, 0x2, 0x0, 0x0, {{0x800, 0x0, 0x4}, "588efdae01ad5587f46c21e4338336b6b8fd850398e83ed758aeff236c084fe3429a3fe7b0d6e077b39a823d01957f7aabe4a6f36226cf1395d46d0de4155915e0d320c2e02dfc123913d22169"}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x40, 0x3, 0x6}, {0xfffffff9, 0x7, 0x17, 0x4}}}]}]}]}}]}, 0x620}, 0x1, 0x0, 0x0, 0x40008c5}, 0x20000080)
r7 = socket(0x10, 0x803, 0x0)
sendto(r7, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)

8.435424337s ago: executing program 6 (id=1167):
r0 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0xffffffff80000002)

6.510358525s ago: executing program 4 (id=1168):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000), 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040880}, 0x24004045)
io_uring_setup(0x1b7b, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
pidfd_send_signal(0xffffffffffffffff, 0xb, &(0x7f00000001c0)={0xb, 0xe, 0x20005}, 0x0)

6.415799034s ago: executing program 6 (id=1169):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x121)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0xfffffffffffffff7]}, 0x8, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000140), 0x84, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000100)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, &(0x7f0000000180)=[0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x48, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0xec, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000440)={r3}, 0x4)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000000c0)=0x5)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r4 = getpgrp(0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000032680)=""/102392, 0x18ff8)
r8 = open(&(0x7f0000000140)='./file1\x00', 0x145142, 0x0)
r9 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$PPPIOCGCHAN(r9, 0x80047437, 0x0)
ftruncate(r8, 0x2007ffa)
sendfile(r9, r8, 0x0, 0x7ffff000)
socket$inet(0x2, 0x3, 0xd)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)

4.993249092s ago: executing program 4 (id=1170):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000))
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000004140)={0x7fbf, 0x9, 0x4, 0x9, 0xa, "dbc02b00"})
r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9)
write(r1, &(0x7f0000002780)="a788b9a48d1de6603c475fe3cfa8a27d7c8425073f756d1cefddc08a6dd4c4c0a5323f8f93d65682bc4974397001a396624e1bd23560952dee5736311e3d06e60f168e59f8a3125595ff42643b55d9addf2ea3fa01", 0x55)

4.960588671s ago: executing program 2 (id=1171):
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000000)=ANY=[@ANYBLOB="1b1b", @ANYRES16=r0])

4.819543912s ago: executing program 5 (id=1172):
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e000000234000380060002004e230000060002004e240000060001004e200000060002004e200000060002004e230000060001004e200000140004"], 0x1e8}}, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xa, "0062ba7d82000000160000000000f738096304"})
r1 = syz_open_pts(r0, 0x900)
r2 = dup3(r1, r0, 0x80000)
read(r2, &(0x7f00000000c0)=""/226, 0xe2)
read$watch_queue(r2, &(0x7f0000001d40)=""/4095, 0xfff)

3.266752926s ago: executing program 7 (id=1173):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000006c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
eventfd2(0x200000, 0x800)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000036000/0x2000)=nil, &(0x7f0000594000/0x4000)=nil, &(0x7f0000f36000/0x2000)=nil, &(0x7f0000918000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000c12000/0x2000)=nil, &(0x7f000003f000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0x30}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000004"], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x33, 0x0, 0x0)

2.885989696s ago: executing program 6 (id=1174):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f0000000240)=@file={0x1, './file1\x00'}, 0x6e)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x407f, &(0x7f00000004c0)={0x0, 0x1c66, 0x400, 0x0, 0x126})
io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x40c89f, 0x200, 0x7, 0x20002f9, 0x0, r2})
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000001000/0x2000)=nil, 0x100000, 0x8)

2.791437411s ago: executing program 7 (id=1175):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
read(r1, &(0x7f0000001640)=""/87, 0x57)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x2d, 0x20040040)
readv(r1, 0x0, 0x0)
recvmmsg$unix(r0, &(0x7f0000002640)=[{{0x0, 0x0, 0x0}}], 0x1, 0x100, 0x0)

2.416717304s ago: executing program 5 (id=1176):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x28)
connect$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c)
r2 = fcntl$dupfd(r1, 0x406, r1)
setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
readv(0xffffffffffffffff, &(0x7f0000000200), 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000025c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELSET={0x150, 0xb, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x21}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x2}, @NFTA_SET_USERDATA={0xfd, 0xd, 0x1, 0x0, "074746f63d973ad5ff4e5c63d7c16dbb2ee1ca1f63166cad15bf21a45d0fd058151eb5acf0930e8b7356e0f0a71c94b5a7fcc18ef7193ba772c9f3efd1334905ca09bef0321b09c7321467415457b62b36c2d2c9f95d8139e6d92b614854c034d8874e5e7810c663aab2a4477bd2d8c1784e7d4500f30f6bd5bff0007ea2c2cdd630bbd41112027e64c1c0da0bee22c55c20258b0a8f59d1daade36605856cd10dfaf1311a4bd647582a79fd058fd8c8c80afcc36a5762b622eb8934a8a7d7ff314a6d485daf73ec752eb4cefb0020ff555a4528f4e21283b0e79dff8cd88df601323f1d5b866ddc2c1d850cc3a3564105db774b5b50ff4307"}, @NFTA_SET_GC_INTERVAL={0x8}, @NFTA_SET_POLICY={0x8}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0xde}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x8}]}, @NFT_MSG_DELSETELEM={0x28, 0xe, 0xa, 0x401, 0x0, 0x0, {0xd, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x7}, @NFT_OBJECT_SYNPROXY=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}, @NFT_MSG_NEWSET={0x28, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x9}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0xa}, @NFT_OBJECT_SECMARK=@NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @connlimit={{0xe}, @void}}]}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}]}], {0x14}}, 0x250}, 0x1, 0x0, 0x0, 0x2c000000}, 0x40008884)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffb, @loopback, 0x23}, 0x1c)
write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r2, @ANYRES64=r0, @ANYRES32=r3], 0xfffffdcf)

1.947041949s ago: executing program 4 (id=1177):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000906010200000000000000000500000205000100070000002c0007800c00148008000140e00000020c0001800800014064010100060004404e200000050007008800"], 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x4800)
syz_kvm_add_vcpu$x86(0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r1, 0x107, 0x12, 0x0, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00')
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000180)={0x48, 0x5, r4, 0x0, <r5=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_REPLACE_IOAS(r3, 0x3ba0, &(0x7f00000000c0)={0x48, 0xb, r5})
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x9)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r6, &(0x7f00000000c0)='blkio.bfq.io_wait_time\x00', 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r7 = syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0xd, 0x200000)
ioctl$FE_GET_INFO(r7, 0x80a86f3d, &(0x7f0000001580))
syz_pidfd_open(0x0, 0x0)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r8, 0x0, 0x484, &(0x7f0000001e00)=""/218, &(0x7f0000001f00)=0xda)

1.805861528s ago: executing program 7 (id=1178):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9fa0000000f8701d1d10fc4020a1bf7b805000000b908001bfe0fae41d9a0000005009100918b7fae260f3200000f30660fc775022e0fba600c980f320f3566b85700c30fefd0", 0x4c}], 0x2d891dc90fe8a01, 0x19, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0}, 0xac)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}, 0x7}], 0x40000000000015d, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x12, &(0x7f0000000180)=0x80000001, 0x4)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000140)=0x7, 0x4)
syz_emit_ethernet(0x36, &(0x7f0000000400)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x28, 0x66, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0x8d}]}}, {0x1, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x0, 0x0, @val=0x80}}}}}}}, 0x0)

1.795881005s ago: executing program 5 (id=1179):
bind$netlink(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x0, 0x25dfdbfb, 0x4}, 0xc)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.716901944s ago: executing program 5 (id=1180):
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000500)=ANY=[@ANYBLOB="a0000000", @ANYRES16, @ANYBLOB="050424bd7000fedbdf250100000008000100", @ANYRES32=0x0, @ANYBLOB="84000280400001"], 0xa0}, 0x1, 0x0, 0x0, 0x4040800}, 0x24040084)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="180100002f00010000000200fc"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x4000)

1.629547506s ago: executing program 5 (id=1181):
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000), 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040880}, 0x24004045)
io_uring_setup(0x1b7b, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
pidfd_send_signal(0xffffffffffffffff, 0xb, &(0x7f00000001c0)={0xb, 0xe, 0x20005}, 0x0)

115.580538ms ago: executing program 5 (id=1182):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000440)={0x1, 0x1, 0x1000, 0x1000, &(0x7f0000fe6000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

59.649438ms ago: executing program 2 (id=1183):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20004055)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket(0xa, 0x3, 0x87)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
sendto(r0, &(0x7f00000003c0)="e1118ce4769b", 0xfdef, 0x800, &(0x7f0000000600)=@l2tp6={0xa, 0x0, 0x7, @local, 0x5}, 0x80)

0s ago: executing program 7 (id=1184):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
close(0x3)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r2, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x0, 0x0}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r3, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30, 0x180}], 0x1, 0x0)
setsockopt(r0, 0x84, 0x80, &(0x7f0000000000)="1400000009000000", 0x8)

kernel console output (not intermixed with test programs):

K>
[  281.145349][ T7431] binder: 7430:7431 ioctl 80585882 200000000280 returned -22
[  281.228049][ T7435] FAULT_INJECTION: forcing a failure.
[  281.228049][ T7435] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  281.228078][ T7435] CPU: 0 UID: 0 PID: 7435 Comm: syz.0.421 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  281.228102][ T7435] Tainted: [L]=SOFTLOCKUP
[  281.228108][ T7435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  281.228118][ T7435] Call Trace:
[  281.228125][ T7435]  <TASK>
[  281.228132][ T7435]  dump_stack_lvl+0xe8/0x150
[  281.228162][ T7435]  should_fail_ex+0x46b/0x600
[  281.228192][ T7435]  __kvm_read_guest_page+0x18d/0x240
[  281.228215][ T7435]  kvm_fetch_guest_virt+0x12b/0x170
[  281.228244][ T7435]  ? __pfx_kvm_fetch_guest_virt+0x10/0x10
[  281.228269][ T7435]  __do_insn_fetch_bytes+0x31c/0x700
[  281.228295][ T7435]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  281.228319][ T7435]  ? __lock_acquire+0x6b5/0x2cf0
[  281.228340][ T7435]  x86_decode_insn+0x38e/0x5df0
[  281.228359][ T7435]  ? rcu_is_watching+0x15/0xb0
[  281.228381][ T7435]  ? handle_changed_spte+0x4c6/0x14a0
[  281.228411][ T7435]  ? kvm_tdp_mmu_map+0x3bf/0x1ed0
[  281.228432][ T7435]  ? __pfx_x86_decode_insn+0x10/0x10
[  281.228458][ T7435]  ? vmx_read_guest_seg_ar+0x3e9/0x640
[  281.228499][ T7435]  ? __asan_memset+0x22/0x50
[  281.228519][ T7435]  ? init_decode_cache+0xea/0x160
[  281.228539][ T7435]  ? init_emulate_ctxt+0x514/0x6c0
[  281.228558][ T7435]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  281.228579][ T7435]  ? rt_read_unlock+0x14f/0x220
[  281.228599][ T7435]  x86_emulate_instruction+0x64a/0x21c0
[  281.228660][ T7435]  ? kvm_mmu_do_page_fault+0x522/0x690
[  281.228709][ T7435]  ? __pfx_x86_emulate_instruction+0x10/0x10
[  281.228745][ T7435]  ? __lock_acquire+0x6b5/0x2cf0
[  281.228774][ T7435]  kvm_mmu_page_fault+0x90e/0xb90
[  281.228809][ T7435]  ? handle_ept_violation+0x450/0x790
[  281.228835][ T7435]  ? __pfx_handle_ept_violation+0x10/0x10
[  281.228860][ T7435]  vmx_handle_exit+0xfd1/0x16c0
[  281.228909][ T7435]  vcpu_run+0x5fa2/0x7b90
[  281.228959][ T7435]  ? vcpu_run+0x4ca8/0x7b90
[  281.229013][ T7435]  ? __pfx_vcpu_run+0x10/0x10
[  281.229032][ T7435]  ? complete_emulated_mmio+0x18e/0x7a0
[  281.229051][ T7435]  ? __asan_memcpy+0x40/0x70
[  281.229071][ T7435]  ? complete_emulated_mmio+0x4d2/0x7a0
[  281.229097][ T7435]  kvm_arch_vcpu_ioctl_run+0x11e6/0x20d0
[  281.229128][ T7435]  ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0
[  281.229148][ T7435]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  281.229182][ T7435]  ? kasan_quarantine_put+0xbb/0x1f0
[  281.229215][ T7435]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  281.229238][ T7435]  ? lockdep_hardirqs_on+0x7a/0x110
[  281.229258][ T7435]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  281.229280][ T7435]  ? _mutex_lock_killable+0x152/0x1d0
[  281.229296][ T7435]  ? kvm_vcpu_ioctl+0x283/0xfe0
[  281.229316][ T7435]  kvm_vcpu_ioctl+0xa65/0xfe0
[  281.229337][ T7435]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  281.229358][ T7435]  ? __asan_memset+0x22/0x50
[  281.229377][ T7435]  ? smack_file_ioctl+0x331/0x360
[  281.229398][ T7435]  ? __pfx_smack_file_ioctl+0x10/0x10
[  281.229424][ T7435]  ? __fget_files+0x2a/0x420
[  281.229442][ T7435]  ? __fget_files+0x3a6/0x420
[  281.229460][ T7435]  ? __fget_files+0x2a/0x420
[  281.229483][ T7435]  ? bpf_lsm_file_ioctl+0x9/0x20
[  281.229512][ T7435]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  281.229534][ T7435]  __se_sys_ioctl+0xff/0x170
[  281.229564][ T7435]  do_syscall_64+0x14d/0xf80
[  281.229586][ T7435]  ? trace_irq_disable+0x3b/0x150
[  281.229604][ T7435]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.229620][ T7435]  ? clear_bhb_loop+0x40/0x90
[  281.229640][ T7435]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.229656][ T7435] RIP: 0033:0x7f025164c629
[  281.229672][ T7435] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  281.229686][ T7435] RSP: 002b:00007f024f8a6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  281.229708][ T7435] RAX: ffffffffffffffda RBX: 00007f02518c5fa0 RCX: 00007f025164c629
[  281.229720][ T7435] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  281.229729][ T7435] RBP: 00007f024f8a6090 R08: 0000000000000000 R09: 0000000000000000
[  281.229739][ T7435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  281.229748][ T7435] R13: 00007f02518c6038 R14: 00007f02518c5fa0 R15: 00007ffd4d734e68
[  281.229772][ T7435]  </TASK>
[  282.521557][ T7455] netlink: 'syz.2.426': attribute type 1 has an invalid length.
[  282.521716][ T7455] netlink: 'syz.2.426': attribute type 2 has an invalid length.
[  282.521732][ T7455] netlink: 'syz.2.426': attribute type 1 has an invalid length.
[  282.521746][ T7455] netlink: 8 bytes leftover after parsing attributes in process `syz.2.426'.
[  283.265602][ T7466] bridge1: entered promiscuous mode
[  283.572798][ T7472] capability: warning: `syz.2.430' uses 32-bit capabilities (legacy support in use)
[  284.302687][ T7484] IPVS: length: 218 != 24
[  284.847364][ T5883] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  285.022250][ T5883] usb 5-1: Using ep0 maxpacket: 16
[  285.024641][ T5883] usb 5-1: config index 0 descriptor too short (expected 4495, got 71)
[  285.024670][ T5883] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  285.024691][ T5883] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  285.024710][ T5883] usb 5-1: config 0 has no interface number 0
[  285.081489][ T5883] usb 5-1: New USB device found, idVendor=046c, idProduct=14e0, bcdDevice= 0.01
[  285.081523][ T5883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.081543][ T5883] usb 5-1: Product: syz
[  285.081558][ T5883] usb 5-1: Manufacturer: syz
[  285.081573][ T5883] usb 5-1: SerialNumber: syz
[  285.173371][ T5883] usb 5-1: config 0 descriptor??
[  285.205264][ T7487] FAULT_INJECTION: forcing a failure.
[  285.205264][ T7487] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  285.205306][ T7487] CPU: 0 UID: 0 PID: 7487 Comm: syz.5.434 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  285.205337][ T7487] Tainted: [L]=SOFTLOCKUP
[  285.205345][ T7487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  285.205360][ T7487] Call Trace:
[  285.205368][ T7487]  <TASK>
[  285.205378][ T7487]  dump_stack_lvl+0xe8/0x150
[  285.205416][ T7487]  should_fail_ex+0x46b/0x600
[  285.205460][ T7487]  _copy_from_iter+0x1d3/0x1670
[  285.205497][ T7487]  ? __pfx__copy_from_iter+0x10/0x10
[  285.205522][ T7487]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  285.205559][ T7487]  ? __lock_acquire+0x6b5/0x2cf0
[  285.205582][ T7487]  ? skb_put+0x11b/0x210
[  285.205614][ T7487]  hci_sock_sendmsg+0x426/0xf40
[  285.205644][ T7487]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  285.205680][ T7487]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  285.205717][ T7487]  sock_write_iter+0x509/0x550
[  285.205756][ T7487]  ? __pfx_sock_write_iter+0x10/0x10
[  285.205814][ T7487]  vfs_write+0x629/0xba0
[  285.205856][ T7487]  ? __pfx_vfs_write+0x10/0x10
[  285.205899][ T7487]  ? __fget_files+0x2a/0x420
[  285.205936][ T7487]  ksys_write+0x156/0x270
[  285.205970][ T7487]  ? __pfx_ksys_write+0x10/0x10
[  285.206015][ T7487]  do_syscall_64+0x14d/0xf80
[  285.206063][ T7487]  ? trace_irq_disable+0x3b/0x150
[  285.206089][ T7487]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.206112][ T7487]  ? clear_bhb_loop+0x40/0x90
[  285.206141][ T7487]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.206163][ T7487] RIP: 0033:0x7f202155c629
[  285.206184][ T7487] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  285.206204][ T7487] RSP: 002b:00007f201f7b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  285.206228][ T7487] RAX: ffffffffffffffda RBX: 00007f20217d5fa0 RCX: 00007f202155c629
[  285.206246][ T7487] RDX: 0000000000000008 RSI: 0000200000000580 RDI: 0000000000000004
[  285.206261][ T7487] RBP: 00007f201f7b6090 R08: 0000000000000000 R09: 0000000000000000
[  285.206274][ T7487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  285.206287][ T7487] R13: 00007f20217d6038 R14: 00007f20217d5fa0 R15: 00007ffd6de435c8
[  285.206322][ T7487]  </TASK>
[  285.276896][ T5883] uvcvideo 5-1:0.105: Found UVC 0.00 device syz (046c:14e0)
[  285.276931][ T5883] uvcvideo 5-1:0.105: No valid video chain found.
[  285.420248][ T7483] netlink: 'syz.4.433': attribute type 2 has an invalid length.
[  285.420310][ T7483] netlink: 164 bytes leftover after parsing attributes in process `syz.4.433'.
[  285.606021][  T899] usb 5-1: USB disconnect, device number 10
[  288.697670][ T5905] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  290.021306][ T5905] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  290.021335][ T5905] usb 3-1: config 0 has no interfaces?
[  290.021368][ T5905] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  290.021393][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.125278][ T5905] usb 3-1: config 0 descriptor??
[  290.362637][ T5904] usb 3-1: USB disconnect, device number 6
[  290.557292][ T5905] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  290.687727][ T5905] usb 5-1: device descriptor read/64, error -71
[  290.937720][ T5905] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  291.067278][ T5905] usb 5-1: device descriptor read/64, error -71
[  291.181234][ T5905] usb usb5-port1: attempt power cycle
[  291.427733][ T5800] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  291.528922][ T5905] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  291.550148][ T5905] usb 5-1: device descriptor read/8, error -71
[  291.590992][ T5800] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  291.591016][ T5800] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  291.591034][ T5800] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  291.595395][ T5800] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  291.595418][ T5800] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.595433][ T5800] usb 3-1: Product: syz
[  291.595444][ T5800] usb 3-1: Manufacturer: syz
[  291.595454][ T5800] usb 3-1: SerialNumber: syz
[  293.957301][ T5905] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  294.117349][ T5905] usb 5-1: device descriptor read/8, error -71
[  294.129922][ T5800] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  294.231096][ T5905] usb usb5-port1: unable to enumerate USB device
[  294.297405][   T36] usb 3-1: USB disconnect, device number 7
[  294.365290][   T36] usblp0: removed
[  296.799133][   T32] block nbd0: Possible stuck request ffff888026605080: control (read@0,4096B). Runtime 180 seconds
[  296.868870][ T7553] ieee802154 phy0 wpan0: encryption failed: -22
[  296.888718][ T7553] 9p: Bad value for 'source'
[  297.306923][ T7567] netlink: 'syz.2.452': attribute type 10 has an invalid length.
[  297.324119][ T7567] veth1_macvtap: left promiscuous mode
[  299.692666][ T5883] hid-generic 0003:0004:0000.0006: unknown main item tag 0x0
[  299.692706][ T5883] hid-generic 0003:0004:0000.0006: unknown main item tag 0x0
[  299.692735][ T5883] hid-generic 0003:0004:0000.0006: unknown main item tag 0x0
[  300.040838][ T5883] hid-generic 0003:0004:0000.0006: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  300.152057][ T7585] netlink: 16 bytes leftover after parsing attributes in process `syz.4.456'.
[  300.207930][   T60] Bluetooth: hci5: link tx timeout
[  300.208123][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.253277][   T60] Bluetooth: hci5: link tx timeout
[  300.253297][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.272039][   T60] Bluetooth: hci5: link tx timeout
[  300.272060][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.278476][   T60] Bluetooth: hci5: link tx timeout
[  300.278536][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.330363][   T60] Bluetooth: hci5: link tx timeout
[  300.330388][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.353397][   T60] Bluetooth: hci5: link tx timeout
[  300.355586][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.377774][   T60] Bluetooth: hci5: link tx timeout
[  300.377796][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.437395][   T60] Bluetooth: hci5: link tx timeout
[  300.437464][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.540193][   T60] Bluetooth: hci5: link tx timeout
[  300.540218][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.590352][   T60] Bluetooth: hci5: link tx timeout
[  300.590379][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.640645][   T60] Bluetooth: hci5: link tx timeout
[  300.640668][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.641224][   T60] Bluetooth: hci5: link tx timeout
[  300.641242][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.641373][   T60] Bluetooth: hci5: link tx timeout
[  300.641450][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.643253][   T60] Bluetooth: hci5: link tx timeout
[  300.643274][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.645029][   T60] Bluetooth: hci5: link tx timeout
[  300.645293][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.645631][   T60] Bluetooth: hci5: link tx timeout
[  300.645646][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.646281][   T60] Bluetooth: hci5: link tx timeout
[  300.646295][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.646539][   T60] Bluetooth: hci5: link tx timeout
[  300.646554][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.713810][   T60] Bluetooth: hci5: link tx timeout
[  300.713833][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.781642][   T60] Bluetooth: hci5: link tx timeout
[  300.781706][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.861608][   T60] Bluetooth: hci5: link tx timeout
[  300.861630][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.861762][   T60] Bluetooth: hci5: link tx timeout
[  300.861777][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.878665][   T60] Bluetooth: hci5: link tx timeout
[  300.878716][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.903142][   T60] Bluetooth: hci5: link tx timeout
[  300.903165][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  300.971117][   T60] Bluetooth: hci5: link tx timeout
[  300.971138][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.016395][   T60] Bluetooth: hci5: link tx timeout
[  301.016418][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.034035][   T60] Bluetooth: hci5: link tx timeout
[  301.034063][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.071387][   T60] Bluetooth: hci5: link tx timeout
[  301.071411][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.097381][   T60] Bluetooth: hci5: link tx timeout
[  301.097494][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.097635][   T60] Bluetooth: hci5: link tx timeout
[  301.097751][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.097893][   T60] Bluetooth: hci5: link tx timeout
[  301.098014][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.098406][   T60] Bluetooth: hci5: link tx timeout
[  301.098421][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.098547][   T60] Bluetooth: hci5: link tx timeout
[  301.098561][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.098678][   T60] Bluetooth: hci5: link tx timeout
[  301.098807][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.098940][   T60] Bluetooth: hci5: link tx timeout
[  301.099061][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.099196][   T60] Bluetooth: hci5: link tx timeout
[  301.099210][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.104349][   T60] Bluetooth: hci5: link tx timeout
[  301.104368][   T60] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  301.408690][ T7600] warning: `syz.2.461' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  302.239632][   T60] Bluetooth: hci5: command 0x0406 tx timeout
[  302.706636][ T7618] 9p: Bad value for 'rfdno'
[  305.117403][ T5801] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  305.436695][ T5801] usb 1-1: Using ep0 maxpacket: 8
[  305.450277][ T5801] usb 1-1: unable to get BOS descriptor or descriptor too short
[  305.453624][ T5801] usb 1-1: config 6 has an invalid interface number: 86 but max is 0
[  305.453645][ T5801] usb 1-1: config 6 has no interface number 0
[  305.453677][ T5801] usb 1-1: config 6 interface 86 altsetting 5 endpoint 0x2 has an invalid bInterval 147, changing to 11
[  305.453698][ T5801] usb 1-1: config 6 interface 86 altsetting 5 has an endpoint descriptor with address 0x1A, changing to 0xA
[  305.453720][ T5801] usb 1-1: config 6 interface 86 altsetting 5 endpoint 0xA has invalid maxpacket 503, setting to 64
[  305.453740][ T5801] usb 1-1: config 6 interface 86 altsetting 5 endpoint 0xE has invalid maxpacket 560, setting to 64
[  305.453759][ T5801] usb 1-1: config 6 interface 86 altsetting 5 bulk endpoint 0x9 has invalid maxpacket 1023
[  305.453776][ T5801] usb 1-1: config 6 interface 86 has no altsetting 0
[  305.571160][ T5801] usb 1-1: string descriptor 0 read error: -22
[  305.571309][ T5801] usb 1-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=93.3f
[  305.571335][ T5801] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.769237][ T5801] usb 1-1: can't set config #6, error -71
[  305.864183][ T5801] usb 1-1: USB disconnect, device number 5
[  313.312632][ T7683] netlink: 36 bytes leftover after parsing attributes in process `syz.2.478'.
[  317.346881][ T7714] netlink: 28 bytes leftover after parsing attributes in process `syz.0.485'.
[  317.513543][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  317.513616][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  317.788190][ T7722] FAULT_INJECTION: forcing a failure.
[  317.788190][ T7722] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  317.788231][ T7722] CPU: 1 UID: 0 PID: 7722 Comm: syz.0.486 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  317.788256][ T7722] Tainted: [L]=SOFTLOCKUP
[  317.788262][ T7722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  317.788284][ T7722] Call Trace:
[  317.788292][ T7722]  <TASK>
[  317.788300][ T7722]  dump_stack_lvl+0xe8/0x150
[  317.788333][ T7722]  should_fail_ex+0x46b/0x600
[  317.788385][ T7722]  _copy_to_user+0x31/0xb0
[  317.788408][ T7722]  simple_read_from_buffer+0xe1/0x170
[  317.788444][ T7722]  proc_fail_nth_read+0x1be/0x230
[  317.788466][ T7722]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  317.788488][ T7722]  ? rw_verify_area+0x2ac/0x4e0
[  317.788518][ T7722]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  317.788538][ T7722]  vfs_read+0x212/0xa80
[  317.788569][ T7722]  ? __pfx_vfs_read+0x10/0x10
[  317.788594][ T7722]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  317.788619][ T7722]  ? lockdep_hardirqs_on+0x7a/0x110
[  317.788643][ T7722]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  317.788665][ T7722]  ? mutex_lock_nested+0x152/0x1d0
[  317.788682][ T7722]  ? fdget_pos+0x252/0x320
[  317.788709][ T7722]  ksys_read+0x156/0x270
[  317.788735][ T7722]  ? __pfx_ksys_read+0x10/0x10
[  317.788768][ T7722]  do_syscall_64+0x14d/0xf80
[  317.788791][ T7722]  ? trace_irq_disable+0x3b/0x150
[  317.788812][ T7722]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.788830][ T7722]  ? clear_bhb_loop+0x40/0x90
[  317.788851][ T7722]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.788869][ T7722] RIP: 0033:0x7f025160cece
[  317.788885][ T7722] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  317.788901][ T7722] RSP: 002b:00007f024f8a5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  317.788919][ T7722] RAX: ffffffffffffffda RBX: 00007f024f8a66c0 RCX: 00007f025160cece
[  317.788933][ T7722] RDX: 000000000000000f RSI: 00007f024f8a60a0 RDI: 0000000000000004
[  317.788944][ T7722] RBP: 00007f024f8a6090 R08: 0000000000000000 R09: 0000000000000000
[  317.788955][ T7722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  317.788965][ T7722] R13: 00007f02518c6038 R14: 00007f02518c5fa0 R15: 00007ffd4d734e68
[  317.788993][ T7722]  </TASK>
[  321.007581][ T5801] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  321.157732][ T5801] usb 3-1: Using ep0 maxpacket: 32
[  321.161307][ T5801] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  321.161337][ T5801] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  321.161357][ T5801] usb 3-1: config 0 has no interface number 0
[  321.165409][ T5801] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  321.165433][ T5801] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.165448][ T5801] usb 3-1: Product: syz
[  321.165458][ T5801] usb 3-1: Manufacturer: syz
[  321.165469][ T5801] usb 3-1: SerialNumber: syz
[  322.050337][ T5801] usb 3-1: config 0 descriptor??
[  322.081018][ T5801] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  322.506693][ T5801] usb 3-1: qt2_setup_urbs - submit read urb failed -8
[  322.506942][ T5801] quatech2 3-1:0.51: probe with driver quatech2 failed with error -8
[  322.640146][ T7766] FAULT_INJECTION: forcing a failure.
[  322.640146][ T7766] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  322.640185][ T7766] CPU: 0 UID: 0 PID: 7766 Comm: syz.4.496 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  322.640217][ T7766] Tainted: [L]=SOFTLOCKUP
[  322.640225][ T7766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  322.640240][ T7766] Call Trace:
[  322.640249][ T7766]  <TASK>
[  322.640258][ T7766]  dump_stack_lvl+0xe8/0x150
[  322.640298][ T7766]  should_fail_ex+0x46b/0x600
[  322.640339][ T7766]  _copy_from_user+0x2d/0xb0
[  322.640368][ T7766]  snd_seq_ioctl+0x21c/0x4c0
[  322.640391][ T7766]  ? smk_tskacc+0x311/0x3a0
[  322.640420][ T7766]  ? __pfx_snd_seq_ioctl+0x10/0x10
[  322.640442][ T7766]  ? smack_file_ioctl+0x2c2/0x360
[  322.640488][ T7766]  ? __fget_files+0x3a6/0x420
[  322.640515][ T7766]  ? __fget_files+0x2a/0x420
[  322.640546][ T7766]  ? bpf_lsm_file_ioctl+0x9/0x20
[  322.640582][ T7766]  ? __pfx_snd_seq_ioctl+0x10/0x10
[  322.640608][ T7766]  __se_sys_ioctl+0xff/0x170
[  322.640641][ T7766]  do_syscall_64+0x14d/0xf80
[  322.640671][ T7766]  ? trace_irq_disable+0x3b/0x150
[  322.640695][ T7766]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.640719][ T7766]  ? clear_bhb_loop+0x40/0x90
[  322.640748][ T7766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.640770][ T7766] RIP: 0033:0x7fda29a6c629
[  322.640792][ T7766] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  322.640812][ T7766] RSP: 002b:00007fda27c7c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  322.640843][ T7766] RAX: ffffffffffffffda RBX: 00007fda29ce6180 RCX: 00007fda29a6c629
[  322.640860][ T7766] RDX: 00002000000001c0 RSI: 00000000c058534f RDI: 0000000000000007
[  322.640874][ T7766] RBP: 00007fda27c7c090 R08: 0000000000000000 R09: 0000000000000000
[  322.640887][ T7766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  322.640899][ T7766] R13: 00007fda29ce6218 R14: 00007fda29ce6180 R15: 00007fff2f575808
[  322.640933][ T7766]  </TASK>
[  325.276453][   T36] usb 3-1: USB disconnect, device number 8
[  325.307390][  T899] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  325.443840][  T899] usb 6-1: device descriptor read/64, error -71
[  326.144076][ T7784] netlink: 20 bytes leftover after parsing attributes in process `syz.3.504'.
[  326.159337][ T7784] netlink: 20 bytes leftover after parsing attributes in process `syz.3.504'.
[  326.452063][ T7786] netlink: 252 bytes leftover after parsing attributes in process `syz.5.505'.
[  327.690948][   T32] block nbd0: Possible stuck request ffff888026605080: control (read@0,4096B). Runtime 210 seconds
[  328.066842][ T7807] netlink: 32 bytes leftover after parsing attributes in process `syz.0.511'.
[  329.101349][ T7825] netlink: 252 bytes leftover after parsing attributes in process `syz.3.518'.
[  330.062674][ T7841] netlink: 12 bytes leftover after parsing attributes in process `syz.4.522'.
[  330.066306][ T7841] netlink: 12 bytes leftover after parsing attributes in process `syz.4.522'.
[  330.294163][ T7839] netlink: 24 bytes leftover after parsing attributes in process `syz.2.513'.
[  332.259284][ T7859] 9p: Bad value for 'rfdno'
[  332.547328][  T899] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  334.267239][  T899] usb 3-1: Using ep0 maxpacket: 16
[  334.273330][  T899] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  334.273356][  T899] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  334.273373][  T899] usb 3-1: config 0 has no interface number 0
[  334.273409][  T899] usb 3-1: config 0 interface 128 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  334.273431][  T899] usb 3-1: config 0 interface 128 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  334.288276][  T899] usb 3-1: New USB device found, idVendor=1b3d, idProduct=01d3, bcdDevice= 1.16
[  334.288362][  T899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.288423][  T899] usb 3-1: Product: syz
[  334.288466][  T899] usb 3-1: Manufacturer: syz
[  334.288508][  T899] usb 3-1: SerialNumber: syz
[  334.350102][  T899] usb 3-1: config 0 descriptor??
[  334.448523][  T899] ftdi_sio 3-1:0.128: FTDI USB Serial Device converter detected
[  334.474075][  T899] usb 3-1: Detected SIO
[  334.474099][  T899] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 2
[  334.499460][  T899] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  334.718112][ T7859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  334.718679][ T7859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  334.725543][ T7859] netlink: 32 bytes leftover after parsing attributes in process `syz.2.525'.
[  334.727066][ T7859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  334.728003][ T7859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  334.883346][ T5905] usb 3-1: USB disconnect, device number 9
[  334.927286][  T899] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  334.955003][ T5905] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  334.955480][ T5905] ftdi_sio 3-1:0.128: device disconnected
[  335.101710][  T899] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[  335.101737][  T899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  335.101757][  T899] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  335.101775][  T899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  335.101794][  T899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  335.104699][  T899] usb 4-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  335.104722][  T899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.104737][  T899] usb 4-1: Product: syz
[  335.104747][  T899] usb 4-1: Manufacturer: syz
[  335.104758][  T899] usb 4-1: SerialNumber: syz
[  335.222219][  T899] usb 4-1: config 0 descriptor??
[  335.293038][  T899] iguanair 4-1:0.0: probe with driver iguanair failed with error -12
[  335.813944][ T7883] netlink: 252 bytes leftover after parsing attributes in process `syz.5.531'.
[  336.042260][ T7886] FAULT_INJECTION: forcing a failure.
[  336.042260][ T7886] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  336.042300][ T7886] CPU: 0 UID: 0 PID: 7886 Comm: syz.5.532 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  336.042330][ T7886] Tainted: [L]=SOFTLOCKUP
[  336.042337][ T7886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  336.042352][ T7886] Call Trace:
[  336.042360][ T7886]  <TASK>
[  336.042370][ T7886]  dump_stack_lvl+0xe8/0x150
[  336.042411][ T7886]  should_fail_ex+0x46b/0x600
[  336.042455][ T7886]  _copy_to_user+0x31/0xb0
[  336.042476][ T7886]  drm_mode_getplane+0x544/0x800
[  336.042500][ T7886]  drm_ioctl_kernel+0x2e2/0x3b0
[  336.042520][ T7886]  ? __pfx_drm_mode_getplane+0x10/0x10
[  336.042542][ T7886]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  336.042567][ T7886]  drm_ioctl+0x6c0/0xb80
[  336.042582][ T7886]  ? smk_tskacc+0x311/0x3a0
[  336.042600][ T7886]  ? __pfx_drm_mode_getplane+0x10/0x10
[  336.042622][ T7886]  ? __pfx_drm_ioctl+0x10/0x10
[  336.042648][ T7886]  ? __fget_files+0x2a/0x420
[  336.042669][ T7886]  ? bpf_lsm_file_ioctl+0x9/0x20
[  336.042694][ T7886]  ? __pfx_drm_ioctl+0x10/0x10
[  336.042711][ T7886]  __se_sys_ioctl+0xff/0x170
[  336.042736][ T7886]  do_syscall_64+0x14d/0xf80
[  336.042758][ T7886]  ? trace_irq_disable+0x3b/0x150
[  336.042776][ T7886]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.042792][ T7886]  ? clear_bhb_loop+0x40/0x90
[  336.042812][ T7886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.042828][ T7886] RIP: 0033:0x7f202155c629
[  336.042842][ T7886] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  336.042856][ T7886] RSP: 002b:00007f201f7b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  336.042874][ T7886] RAX: ffffffffffffffda RBX: 00007f20217d5fa0 RCX: 00007f202155c629
[  336.042886][ T7886] RDX: 00002000000002c0 RSI: 00000000c02064b6 RDI: 0000000000000003
[  336.042896][ T7886] RBP: 00007f201f7b6090 R08: 0000000000000000 R09: 0000000000000000
[  336.042906][ T7886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  336.042915][ T7886] R13: 00007f20217d6038 R14: 00007f20217d5fa0 R15: 00007ffd6de435c8
[  336.042939][ T7886]  </TASK>
[  338.204520][ T7892] bridge0: port 3(hsr0) entered blocking state
[  338.204777][ T7892] bridge0: port 3(hsr0) entered disabled state
[  338.205015][ T7892] hsr0: entered allmulticast mode
[  338.205031][ T7892] hsr_slave_0: entered allmulticast mode
[  338.205052][ T7892] hsr_slave_1: entered allmulticast mode
[  338.236429][ T7892] hsr0: entered promiscuous mode
[  338.241457][ T7892] bridge0: port 3(hsr0) entered blocking state
[  338.241820][ T7892] bridge0: port 3(hsr0) entered forwarding state
[  338.345312][   T10] usb 4-1: USB disconnect, device number 14
[  338.923617][ T7903] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  339.667779][ T7908] netlink: 12 bytes leftover after parsing attributes in process `syz.3.539'.
[  340.204093][ T5801] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  340.493609][ T5801] usb 5-1: Using ep0 maxpacket: 8
[  340.503965][ T5801] usb 5-1: config 0 has an invalid interface number: 143 but max is 0
[  340.503996][ T5801] usb 5-1: config 0 has no interface number 0
[  340.504041][ T5801] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  340.504066][ T5801] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.677983][ T7913] netlink: 252 bytes leftover after parsing attributes in process `syz.3.542'.
[  340.899943][ T5801] usb 5-1: config 0 descriptor??
[  341.037277][ T5801] viperboard 5-1:0.143: version 0.00 found at bus 005 address 015
[  341.105544][ T5801] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[  341.105577][ T5801] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  341.106472][ T7921] loop7: detected capacity change from 0 to 7
[  341.519279][ T7921] Dev loop7: unable to read RDB block 7
[  341.519328][ T7921]  loop7: unable to read partition table
[  341.519518][ T7921] loop7: partition table beyond EOD, truncated
[  341.519553][ T7921] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  341.519597][    C0] blk_print_req_error: 30 callbacks suppressed
[  341.519614][    C0] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2
[  341.519644][    C0] buffer_io_error: 30 callbacks suppressed
[  341.519656][    C0] Buffer I/O error on dev loop7, logical block 0, lost async page write
[  342.896790][ T7936] 9p: Bad value for 'rfdno'
[  342.907320][ T5801] usb 5-1: USB disconnect, device number 15
[  343.156368][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  343.307314][    T9] usb 1-1: Using ep0 maxpacket: 8
[  343.310027][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  343.312354][    T9] usb 1-1: config 6 has an invalid interface number: 86 but max is 0
[  343.312383][    T9] usb 1-1: config 6 has no interface number 0
[  343.312430][    T9] usb 1-1: config 6 interface 86 altsetting 5 endpoint 0x2 has an invalid bInterval 147, changing to 11
[  343.312468][    T9] usb 1-1: config 6 interface 86 altsetting 5 has an endpoint descriptor with address 0x1A, changing to 0xA
[  343.312495][    T9] usb 1-1: config 6 interface 86 altsetting 5 endpoint 0xA has invalid maxpacket 503, setting to 64
[  343.312524][    T9] usb 1-1: config 6 interface 86 altsetting 5 endpoint 0xE has invalid maxpacket 560, setting to 64
[  343.312552][    T9] usb 1-1: config 6 interface 86 altsetting 5 bulk endpoint 0x9 has invalid maxpacket 1023
[  343.312577][    T9] usb 1-1: config 6 interface 86 has no altsetting 0
[  343.357719][    T9] usb 1-1: string descriptor 0 read error: -22
[  343.357862][    T9] usb 1-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=93.3f
[  343.357888][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.558053][ T7941] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  343.697959][ T7947] netlink: 4 bytes leftover after parsing attributes in process `syz.2.552'.
[  344.595872][ T7954] syz.3.553 (7954) used greatest stack depth: 17840 bytes left
[  344.773827][ T7936] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  344.785328][    T9] keyspan 1-1:6.86: Keyspan 2 port adapter converter detected
[  344.785727][    T9] keyspan 1-1:6.86: found no endpoint descriptor for endpoint 87
[  344.785800][    T9] keyspan 1-1:6.86: found no endpoint descriptor for endpoint 7
[  344.809078][    T9] keyspan 1-1:6.86: found no endpoint descriptor for endpoint 81
[  344.809356][    T9] keyspan 1-1:6.86: found no endpoint descriptor for endpoint 1
[  344.809628][    T9] keyspan 1-1:6.86: found no endpoint descriptor for endpoint 85
[  344.809839][    T9] keyspan 1-1:6.86: found no endpoint descriptor for endpoint 5
[  344.890847][    T9] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  344.893451][    T9] keyspan 1-1:6.86: found no endpoint descriptor for endpoint 83
[  344.893578][    T9] keyspan 1-1:6.86: found no endpoint descriptor for endpoint 3
[  344.893664][    T9] keyspan 1-1:6.86: found no endpoint descriptor for endpoint 4
[  344.893748][    T9] keyspan 1-1:6.86: found no endpoint descriptor for endpoint 86
[  344.893831][    T9] keyspan 1-1:6.86: found no endpoint descriptor for endpoint 6
[  344.982207][    T9] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  345.064475][ T7959] netlink: 252 bytes leftover after parsing attributes in process `syz.2.554'.
[  345.150106][ T7961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.549'.
[  345.171790][    T9] usb 1-1: USB disconnect, device number 6
[  345.504912][    T9] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  345.608952][    T9] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  345.611319][    T9] keyspan 1-1:6.86: device disconnected
[  345.776835][ T7969] mmap: syz.4.559 (7969) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  348.897416][ T5801] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  349.047277][ T5801] usb 3-1: Using ep0 maxpacket: 32
[  349.065223][ T5801] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  349.065252][ T5801] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  349.065294][ T5801] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  349.065315][ T5801] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  349.065336][ T5801] usb 3-1: config 1 has no interface number 0
[  349.065387][ T5801] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  349.065412][ T5801] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.650986][ T5801] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  349.654476][ T5801] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values
[  349.654999][ T5801] snd_usb_pod 3-1:1.1: invalid control EP
[  349.655016][ T5801] snd_usb_pod 3-1:1.1: cannot start listening: -22
[  349.656276][ T5801] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  349.656845][ T5801] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[  349.871782][ T5801] usb 3-1: USB disconnect, device number 10
[  350.074436][ T8007] FAULT_INJECTION: forcing a failure.
[  350.074436][ T8007] name failslab, interval 1, probability 0, space 0, times 0
[  350.074479][ T8007] CPU: 0 UID: 0 PID: 8007 Comm: syz.5.569 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  350.074508][ T8007] Tainted: [L]=SOFTLOCKUP
[  350.074516][ T8007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  350.074529][ T8007] Call Trace:
[  350.074536][ T8007]  <TASK>
[  350.074545][ T8007]  dump_stack_lvl+0xe8/0x150
[  350.074585][ T8007]  should_fail_ex+0x46b/0x600
[  350.074633][ T8007]  should_failslab+0xa8/0x100
[  350.074670][ T8007]  __kmalloc_cache_noprof+0x84/0x690
[  350.074704][ T8007]  ? fuse_direct_io+0x2c7/0x2940
[  350.074735][ T8007]  fuse_direct_io+0x2c7/0x2940
[  350.074803][ T8007]  ? __pfx_fuse_direct_io+0x10/0x10
[  350.074831][ T8007]  ? __kasan_kmalloc+0x93/0xb0
[  350.074873][ T8007]  fuse_direct_IO+0x8e9/0x1280
[  350.074933][ T8007]  ? __pfx_fuse_direct_IO+0x10/0x10
[  350.074959][ T8007]  ? do_raw_spin_lock+0x12b/0x2f0
[  350.075019][ T8007]  ? generic_write_checks+0xc8/0x110
[  350.075049][ T8007]  fuse_file_write_iter+0x6c0/0x1130
[  350.075078][ T8007]  ? __lock_acquire+0x146e/0x2cf0
[  350.075101][ T8007]  ? __pfx_fuse_file_write_iter+0x10/0x10
[  350.075127][ T8007]  ? stack_trace_save+0xa9/0x100
[  350.075157][ T8007]  ? __pfx_stack_trace_save+0x10/0x10
[  350.075196][ T8007]  ? stack_depot_save_flags+0x33/0x810
[  350.075238][ T8007]  ? kasan_save_track+0x4f/0x80
[  350.075282][ T8007]  ? aio_write+0x559/0x880
[  350.075318][ T8007]  aio_write+0x5df/0x880
[  350.075357][ T8007]  ? __pfx_aio_write+0x10/0x10
[  350.075428][ T8007]  io_submit_one+0x7bb/0x14c0
[  350.075464][ T8007]  ? irqentry_exit+0x59e/0x620
[  350.075498][ T8007]  ? trace_irq_disable+0x3b/0x150
[  350.075528][ T8007]  ? __pfx_io_submit_one+0x10/0x10
[  350.075577][ T8007]  ? __might_fault+0xaf/0x130
[  350.075612][ T8007]  __se_sys_io_submit+0x195/0x340
[  350.075644][ T8007]  ? __pfx___se_sys_io_submit+0x10/0x10
[  350.075671][ T8007]  ? ksys_write+0x248/0x270
[  350.075721][ T8007]  do_syscall_64+0x14d/0xf80
[  350.075751][ T8007]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.075776][ T8007]  ? clear_bhb_loop+0x40/0x90
[  350.075804][ T8007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.075827][ T8007] RIP: 0033:0x7f202155c629
[  350.075849][ T8007] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  350.075868][ T8007] RSP: 002b:00007f201f795028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  350.075893][ T8007] RAX: ffffffffffffffda RBX: 00007f20217d6090 RCX: 00007f202155c629
[  350.075910][ T8007] RDX: 0000200000000780 RSI: 0000000000000001 RDI: 00007f201f76c000
[  350.075925][ T8007] RBP: 00007f201f795090 R08: 0000000000000000 R09: 0000000000000000
[  350.075940][ T8007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  350.075954][ T8007] R13: 00007f20217d6128 R14: 00007f20217d6090 R15: 00007ffd6de435c8
[  350.075990][ T8007]  </TASK>
[  351.280200][ T8025] ubi31: attaching mtd0
[  351.283353][ T8025] ubi31: scanning is finished
[  351.542008][ T8025] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  351.542054][ T8025] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  351.542074][ T8025] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  351.542093][ T8025] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  351.542117][ T8025] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  351.542131][ T8025] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  351.542144][ T8025] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3157481806
[  351.542160][ T8025] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  351.544611][ T8033] ubi31: background thread "ubi_bgt31d" started, PID 8033
[  351.860112][ T8039] netlink: 24 bytes leftover after parsing attributes in process `syz.3.582'.
[  351.900688][ T8042] FAULT_INJECTION: forcing a failure.
[  351.900688][ T8042] name failslab, interval 1, probability 0, space 0, times 0
[  351.900729][ T8042] CPU: 1 UID: 0 PID: 8042 Comm: syz.5.579 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  351.900758][ T8042] Tainted: [L]=SOFTLOCKUP
[  351.900766][ T8042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  351.900779][ T8042] Call Trace:
[  351.900788][ T8042]  <TASK>
[  351.900797][ T8042]  dump_stack_lvl+0xe8/0x150
[  351.900850][ T8042]  should_fail_ex+0x46b/0x600
[  351.900892][ T8042]  should_failslab+0xa8/0x100
[  351.900928][ T8042]  __kmalloc_noprof+0xdf/0x7b0
[  351.900963][ T8042]  ? tomoyo_encode+0x28b/0x550
[  351.901002][ T8042]  tomoyo_encode+0x28b/0x550
[  351.901043][ T8042]  tomoyo_realpath_from_path+0x58d/0x5d0
[  351.901089][ T8042]  ? tomoyo_path_number_perm+0x219/0x630
[  351.901117][ T8042]  tomoyo_path_number_perm+0x246/0x630
[  351.901150][ T8042]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  351.901200][ T8042]  ? do_raw_spin_lock+0x12b/0x2f0
[  351.901252][ T8042]  ? rwbase_write_lock+0x568/0x730
[  351.901300][ T8042]  security_path_chmod+0x132/0x330
[  351.901329][ T8042]  chmod_common+0x1b2/0x4a0
[  351.901362][ T8042]  ? __pfx_chmod_common+0x10/0x10
[  351.901395][ T8042]  ? strncpy_from_user+0x150/0x2b0
[  351.901434][ T8042]  ? do_getname+0x151/0x250
[  351.901462][ T8042]  do_fchmodat+0x12d/0x230
[  351.901494][ T8042]  ? __pfx_do_fchmodat+0x10/0x10
[  351.901523][ T8042]  ? __pfx_ksys_write+0x10/0x10
[  351.901563][ T8042]  __x64_sys_fchmodat+0x7d/0x90
[  351.901588][ T8042]  do_syscall_64+0x14d/0xf80
[  351.901616][ T8042]  ? trace_irq_disable+0x3b/0x150
[  351.901642][ T8042]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.901671][ T8042]  ? clear_bhb_loop+0x40/0x90
[  351.901700][ T8042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.901723][ T8042] RIP: 0033:0x7f202155c629
[  351.901744][ T8042] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  351.901765][ T8042] RSP: 002b:00007f201f795028 EFLAGS: 00000246 ORIG_RAX: 000000000000010c
[  351.901789][ T8042] RAX: ffffffffffffffda RBX: 00007f20217d6090 RCX: 00007f202155c629
[  351.901806][ T8042] RDX: 000000000000017f RSI: 0000200000000300 RDI: ffffffffffffff9c
[  351.901828][ T8042] RBP: 00007f201f795090 R08: 0000000000000000 R09: 0000000000000000
[  351.901843][ T8042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.901857][ T8042] R13: 00007f20217d6128 R14: 00007f20217d6090 R15: 00007ffd6de435c8
[  351.901895][ T8042]  </TASK>
[  351.925659][ T8042] ERROR: Out of memory at tomoyo_realpath_from_path.
[  353.297445][    T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  353.498780][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  353.498975][    T9] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  353.546370][    T9] usb 4-1: config 6 has an invalid interface number: 193 but max is 0
[  353.546417][    T9] usb 4-1: config 6 has no interface number 0
[  353.546572][    T9] usb 4-1: config 6 interface 193 altsetting 250 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  353.546618][    T9] usb 4-1: config 6 interface 193 has no altsetting 0
[  353.602702][    T9] usb 4-1: config 6 has an invalid interface number: 193 but max is 0
[  353.602733][    T9] usb 4-1: config 6 has no interface number 0
[  353.602781][    T9] usb 4-1: config 6 interface 193 altsetting 250 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  353.602810][    T9] usb 4-1: config 6 interface 193 has no altsetting 0
[  353.623020][    T9] usb 4-1: config 6 has an invalid interface number: 193 but max is 0
[  353.623052][    T9] usb 4-1: config 6 has no interface number 0
[  353.623099][    T9] usb 4-1: config 6 interface 193 altsetting 250 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  353.623130][    T9] usb 4-1: config 6 interface 193 has no altsetting 0
[  353.679287][    T9] usb 4-1: config 6 has an invalid interface number: 193 but max is 0
[  353.679317][    T9] usb 4-1: config 6 has no interface number 0
[  353.679365][    T9] usb 4-1: config 6 interface 193 altsetting 250 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  353.679395][    T9] usb 4-1: config 6 interface 193 has no altsetting 0
[  353.879205][    T9] usb 4-1: config 6 has an invalid interface number: 193 but max is 0
[  353.879237][    T9] usb 4-1: config 6 has no interface number 0
[  353.879284][    T9] usb 4-1: config 6 interface 193 altsetting 250 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  353.879315][    T9] usb 4-1: config 6 interface 193 has no altsetting 0
[  353.884568][    T9] usb 4-1: config 6 has an invalid interface number: 193 but max is 0
[  353.884600][    T9] usb 4-1: config 6 has no interface number 0
[  353.884648][    T9] usb 4-1: config 6 interface 193 altsetting 250 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  353.884679][    T9] usb 4-1: config 6 interface 193 has no altsetting 0
[  353.886082][    T9] usb 4-1: config 6 has an invalid interface number: 193 but max is 0
[  353.886108][    T9] usb 4-1: config 6 has no interface number 0
[  353.886154][    T9] usb 4-1: config 6 interface 193 altsetting 250 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  353.886183][    T9] usb 4-1: config 6 interface 193 has no altsetting 0
[  353.930861][    T9] usb 4-1: config 6 has an invalid interface number: 193 but max is 0
[  353.930894][    T9] usb 4-1: config 6 has no interface number 0
[  353.930951][    T9] usb 4-1: config 6 interface 193 altsetting 250 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  353.930981][    T9] usb 4-1: config 6 interface 193 has no altsetting 0
[  354.184420][    T9] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=f2.84
[  354.184453][    T9] usb 4-1: New USB device strings: Mfr=253, Product=144, SerialNumber=106
[  354.184475][    T9] usb 4-1: Product: syz
[  354.184490][    T9] usb 4-1: Manufacturer: syz
[  354.184504][    T9] usb 4-1: SerialNumber: syz
[  354.239777][    T9] r8152-cfgselector 4-1: Unknown version 0x0000
[  354.474356][ T8054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  354.474925][ T8054] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  354.477610][ T5800] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  354.634807][ T5800] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  354.634841][ T5800] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.634862][ T5800] usb 6-1: Product: syz
[  354.634878][ T5800] usb 6-1: Manufacturer: syz
[  354.634893][ T5800] usb 6-1: SerialNumber: syz
[  354.677688][ T5801] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  354.725614][ T5800] usb 6-1: config 0 descriptor??
[  354.735799][ T5800] ch341 6-1:0.0: ch341-uart converter detected
[  354.814474][ T8071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  354.827318][ T5801] usb 1-1: Using ep0 maxpacket: 16
[  354.833532][ T8071] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  354.836266][ T5801] usb 1-1: config index 0 descriptor too short (expected 4495, got 71)
[  354.836295][ T5801] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  354.836318][ T5801] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  354.836394][ T5801] usb 1-1: config 0 has no interface number 0
[  354.894568][ T5801] usb 1-1: New USB device found, idVendor=046c, idProduct=14e0, bcdDevice= 0.01
[  354.894664][ T5801] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.894685][ T5801] usb 1-1: Product: syz
[  354.894700][ T5801] usb 1-1: Manufacturer: syz
[  354.894714][ T5801] usb 1-1: SerialNumber: syz
[  354.981474][ T5801] usb 1-1: config 0 descriptor??
[  355.150930][ T5801] uvcvideo 1-1:0.105: Found UVC 0.00 device syz (046c:14e0)
[  355.151322][ T5801] uvcvideo 1-1:0.105: No valid video chain found.
[  355.334961][ T8068] netlink: 'syz.0.590': attribute type 2 has an invalid length.
[  355.334986][ T8068] netlink: 164 bytes leftover after parsing attributes in process `syz.0.590'.
[  355.399641][ T5905] usb 1-1: USB disconnect, device number 7
[  355.505280][ T8066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  355.534497][ T8066] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  355.589618][ T8077] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  356.302699][ T5800] usb 6-1: failed to send control message: -110
[  356.303123][ T5800] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[  356.629225][ T5800] usb 6-1: USB disconnect, device number 4
[  356.685113][ T5800] ch341 6-1:0.0: device disconnected
[  357.237691][    T9] r8152-cfgselector 4-1: USB disconnect, device number 15
[  357.334430][ T8086] overlayfs: missing 'lowerdir'
[  359.609096][   T32] block nbd0: Possible stuck request ffff888026605080: control (read@0,4096B). Runtime 240 seconds
[  359.717943][ T8095] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  365.207755][ T8142] FAULT_INJECTION: forcing a failure.
[  365.207755][ T8142] name failslab, interval 1, probability 0, space 0, times 0
[  365.207799][ T8142] CPU: 1 UID: 0 PID: 8142 Comm: syz.3.614 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  365.207829][ T8142] Tainted: [L]=SOFTLOCKUP
[  365.207837][ T8142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  365.207850][ T8142] Call Trace:
[  365.207858][ T8142]  <TASK>
[  365.207868][ T8142]  dump_stack_lvl+0xe8/0x150
[  365.207908][ T8142]  should_fail_ex+0x46b/0x600
[  365.207949][ T8142]  should_failslab+0xa8/0x100
[  365.207982][ T8142]  __kmalloc_noprof+0xdf/0x7b0
[  365.208015][ T8142]  ? ioctl_standard_iw_point+0x516/0xd90
[  365.208047][ T8142]  ioctl_standard_iw_point+0x516/0xd90
[  365.208078][ T8142]  ? rt_mutex_slowlock+0x1fd/0x7b0
[  365.208112][ T8142]  ? __pfx_cfg80211_wext_giwessid+0x10/0x10
[  365.208147][ T8142]  ? __pfx_ioctl_standard_iw_point+0x10/0x10
[  365.208187][ T8142]  ? __pfx_cfg80211_wext_giwessid+0x10/0x10
[  365.208225][ T8142]  ioctl_standard_call+0xaf/0x1b0
[  365.208263][ T8142]  ? __pfx_cfg80211_wext_giwessid+0x10/0x10
[  365.208295][ T8142]  wext_ioctl_dispatch+0xee/0x410
[  365.208319][ T8142]  ? __pfx_ioctl_standard_call+0x10/0x10
[  365.208349][ T8142]  wext_handle_ioctl+0x10f/0x1d0
[  365.208377][ T8142]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  365.208406][ T8142]  ? __asan_memset+0x22/0x50
[  365.208432][ T8142]  ? smack_file_ioctl+0x263/0x360
[  365.208466][ T8142]  sock_ioctl+0x15c/0x7f0
[  365.208502][ T8142]  ? __pfx_sock_ioctl+0x10/0x10
[  365.208535][ T8142]  ? __fget_files+0x2a/0x420
[  365.208559][ T8142]  ? __fget_files+0x3a6/0x420
[  365.208584][ T8142]  ? __fget_files+0x2a/0x420
[  365.208614][ T8142]  ? bpf_lsm_file_ioctl+0x9/0x20
[  365.208648][ T8142]  ? __pfx_sock_ioctl+0x10/0x10
[  365.208679][ T8142]  __se_sys_ioctl+0xff/0x170
[  365.208716][ T8142]  do_syscall_64+0x14d/0xf80
[  365.208745][ T8142]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.208768][ T8142]  ? clear_bhb_loop+0x40/0x90
[  365.208796][ T8142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.208819][ T8142] RIP: 0033:0x7fe3754ec629
[  365.208839][ T8142] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  365.208859][ T8142] RSP: 002b:00007fe37373e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  365.208883][ T8142] RAX: ffffffffffffffda RBX: 00007fe375765fa0 RCX: 00007fe3754ec629
[  365.208899][ T8142] RDX: 0000200000000000 RSI: 0000000000008b1b RDI: 0000000000000004
[  365.208914][ T8142] RBP: 00007fe37373e090 R08: 0000000000000000 R09: 0000000000000000
[  365.208928][ T8142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.208941][ T8142] R13: 00007fe375766038 R14: 00007fe375765fa0 R15: 00007ffff1bb70a8
[  365.208978][ T8142]  </TASK>
[  365.417295][  T808] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  365.619417][  T808] usb 6-1: Using ep0 maxpacket: 8
[  365.632701][  T808] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  365.632730][  T808] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  365.632783][  T808] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  365.632812][  T808] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  365.632856][  T808] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  365.632880][  T808] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.707611][  T808] hub 6-1:1.0: bad descriptor, ignoring hub
[  365.707654][  T808] hub 6-1:1.0: probe with driver hub failed with error -5
[  365.708608][  T808] cdc_wdm 6-1:1.0: skipping garbage
[  365.708627][  T808] cdc_wdm 6-1:1.0: skipping garbage
[  365.714109][  T808] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  365.714155][  T808] cdc_wdm 6-1:1.0: Unknown control protocol
[  366.518960][   T36] usb 6-1: USB disconnect, device number 5
[  366.589040][ T8153] netlink: 32 bytes leftover after parsing attributes in process `syz.0.619'.
[  369.867259][  T899] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  370.650960][ T8176] netlink: 48 bytes leftover after parsing attributes in process `syz.3.623'.
[  370.697509][ T8174] netlink: 16 bytes leftover after parsing attributes in process `syz.5.624'.
[  370.821707][ T8172] ALSA: mixer_oss: invalid OSS volume 'w'
[  374.807356][ T8201] hfs: unable to load iocharset "io#harset"
[  375.493083][ T8214] FAULT_INJECTION: forcing a failure.
[  375.493083][ T8214] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  375.493299][ T8214] CPU: 1 UID: 0 PID: 8214 Comm: syz.5.634 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  375.493331][ T8214] Tainted: [L]=SOFTLOCKUP
[  375.493340][ T8214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  375.493354][ T8214] Call Trace:
[  375.493363][ T8214]  <TASK>
[  375.493373][ T8214]  dump_stack_lvl+0xe8/0x150
[  375.493412][ T8214]  should_fail_ex+0x46b/0x600
[  375.493453][ T8214]  _copy_from_user+0x2d/0xb0
[  375.493481][ T8214]  ___sys_sendmsg+0x1c6/0x360
[  375.493518][ T8214]  ? __pfx____sys_sendmsg+0x10/0x10
[  375.493586][ T8214]  ? __fget_files+0x2a/0x420
[  375.493611][ T8214]  ? __fget_files+0x3a6/0x420
[  375.493649][ T8214]  __x64_sys_sendmsg+0x1c3/0x2a0
[  375.493683][ T8214]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  375.493725][ T8214]  ? __pfx_ksys_write+0x10/0x10
[  375.493770][ T8214]  do_syscall_64+0x14d/0xf80
[  375.493798][ T8214]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.493822][ T8214]  ? clear_bhb_loop+0x40/0x90
[  375.493850][ T8214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.493872][ T8214] RIP: 0033:0x7f202155c629
[  375.493893][ T8214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  375.493915][ T8214] RSP: 002b:00007f201f7b6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  375.493939][ T8214] RAX: ffffffffffffffda RBX: 00007f20217d5fa0 RCX: 00007f202155c629
[  375.493956][ T8214] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  375.493970][ T8214] RBP: 00007f201f7b6090 R08: 0000000000000000 R09: 0000000000000000
[  375.493984][ T8214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  375.493997][ T8214] R13: 00007f20217d6038 R14: 00007f20217d5fa0 R15: 00007ffd6de435c8
[  375.494033][ T8214]  </TASK>
[  376.659256][ T8219] FAULT_INJECTION: forcing a failure.
[  376.659256][ T8219] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  376.659297][ T8219] CPU: 0 UID: 0 PID: 8219 Comm: syz.5.635 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  376.659326][ T8219] Tainted: [L]=SOFTLOCKUP
[  376.659334][ T8219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  376.659347][ T8219] Call Trace:
[  376.659355][ T8219]  <TASK>
[  376.659367][ T8219]  dump_stack_lvl+0xe8/0x150
[  376.659406][ T8219]  should_fail_ex+0x46b/0x600
[  376.659449][ T8219]  _copy_from_user+0x2d/0xb0
[  376.659476][ T8219]  ___sys_sendmsg+0x1c6/0x360
[  376.659512][ T8219]  ? __pfx____sys_sendmsg+0x10/0x10
[  376.659580][ T8219]  ? __fget_files+0x2a/0x420
[  376.659608][ T8219]  ? __fget_files+0x3a6/0x420
[  376.659646][ T8219]  __x64_sys_sendmsg+0x1c3/0x2a0
[  376.659681][ T8219]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  376.659721][ T8219]  ? __pfx_ksys_write+0x10/0x10
[  376.659766][ T8219]  do_syscall_64+0x14d/0xf80
[  376.659795][ T8219]  ? trace_irq_disable+0x3b/0x150
[  376.659821][ T8219]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.659845][ T8219]  ? clear_bhb_loop+0x40/0x90
[  376.659873][ T8219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.659896][ T8219] RIP: 0033:0x7f202155c629
[  376.659917][ T8219] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  376.659938][ T8219] RSP: 002b:00007f201f7b6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  376.659962][ T8219] RAX: ffffffffffffffda RBX: 00007f20217d5fa0 RCX: 00007f202155c629
[  376.659980][ T8219] RDX: 0000000000000000 RSI: 0000200000001600 RDI: 0000000000000003
[  376.659994][ T8219] RBP: 00007f201f7b6090 R08: 0000000000000000 R09: 0000000000000000
[  376.660007][ T8219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  376.660020][ T8219] R13: 00007f20217d6038 R14: 00007f20217d5fa0 R15: 00007ffd6de435c8
[  376.660055][ T8219]  </TASK>
[  378.984495][    T9] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  379.013525][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  379.013576][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  380.727948][    T9] usb 3-1: Using ep0 maxpacket: 32
[  380.954172][    T9] usb 3-1: device descriptor read/all, error -71
[  386.275110][ T8266] netlink: 260 bytes leftover after parsing attributes in process `syz.4.649'.
[  390.071192][   T60] Bluetooth: hci2: command 0x0406 tx timeout
[  390.132683][   T32] block nbd0: Possible stuck request ffff888026605080: control (read@0,4096B). Runtime 270 seconds
[  392.847890][ T8298] FAULT_INJECTION: forcing a failure.
[  392.847890][ T8298] name failslab, interval 1, probability 0, space 0, times 0
[  392.847931][ T8298] CPU: 0 UID: 0 PID: 8298 Comm: syz.5.658 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  392.847961][ T8298] Tainted: [L]=SOFTLOCKUP
[  392.847970][ T8298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  392.847984][ T8298] Call Trace:
[  392.848002][ T8298]  <TASK>
[  392.848012][ T8298]  dump_stack_lvl+0xe8/0x150
[  392.848051][ T8298]  should_fail_ex+0x46b/0x600
[  392.848094][ T8298]  should_failslab+0xa8/0x100
[  392.848129][ T8298]  __kmalloc_noprof+0xdf/0x7b0
[  392.848161][ T8298]  ? kfree+0x4d/0x6c0
[  392.848188][ T8298]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  392.848230][ T8298]  tomoyo_realpath_from_path+0xe3/0x5d0
[  392.848278][ T8298]  ? tomoyo_path_number_perm+0x219/0x630
[  392.848307][ T8298]  tomoyo_path_number_perm+0x246/0x630
[  392.848341][ T8298]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  392.848374][ T8298]  ? __lock_acquire+0x6b5/0x2cf0
[  392.848434][ T8298]  ? __fget_files+0x2a/0x420
[  392.848464][ T8298]  ? __fget_files+0x2a/0x420
[  392.848490][ T8298]  ? __fget_files+0x3a6/0x420
[  392.848515][ T8298]  ? __fget_files+0x2a/0x420
[  392.848546][ T8298]  security_file_ioctl+0xc3/0x2a0
[  392.848581][ T8298]  __se_sys_ioctl+0x47/0x170
[  392.848624][ T8298]  do_syscall_64+0x14d/0xf80
[  392.848653][ T8298]  ? trace_irq_disable+0x3b/0x150
[  392.848679][ T8298]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.848702][ T8298]  ? clear_bhb_loop+0x40/0x90
[  392.848731][ T8298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.848754][ T8298] RIP: 0033:0x7f202155c629
[  392.848775][ T8298] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  392.848796][ T8298] RSP: 002b:00007f201f7b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  392.848820][ T8298] RAX: ffffffffffffffda RBX: 00007f20217d5fa0 RCX: 00007f202155c629
[  392.848837][ T8298] RDX: 0000200000000040 RSI: 00000000c02c563a RDI: 0000000000000003
[  392.848852][ T8298] RBP: 00007f201f7b6090 R08: 0000000000000000 R09: 0000000000000000
[  392.848867][ T8298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  392.848881][ T8298] R13: 00007f20217d6038 R14: 00007f20217d5fa0 R15: 00007ffd6de435c8
[  392.848918][ T8298]  </TASK>
[  392.849222][ T8298] ERROR: Out of memory at tomoyo_realpath_from_path.
[  395.740930][ T8307] 9p: Bad value for 'rfdno'
[  395.997652][ T5904] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  396.177615][ T5904] usb 4-1: Using ep0 maxpacket: 8
[  396.180660][ T5904] usb 4-1: unable to get BOS descriptor or descriptor too short
[  396.182229][ T5904] usb 4-1: config 6 has an invalid interface number: 86 but max is 0
[  396.182257][ T5904] usb 4-1: config 6 has no interface number 0
[  396.182305][ T5904] usb 4-1: config 6 interface 86 altsetting 5 endpoint 0x2 has an invalid bInterval 147, changing to 11
[  396.182335][ T5904] usb 4-1: config 6 interface 86 altsetting 5 has an endpoint descriptor with address 0x1A, changing to 0xA
[  396.182363][ T5904] usb 4-1: config 6 interface 86 altsetting 5 endpoint 0xA has invalid maxpacket 503, setting to 64
[  396.182391][ T5904] usb 4-1: config 6 interface 86 altsetting 5 endpoint 0xE has invalid maxpacket 560, setting to 64
[  396.182418][ T5904] usb 4-1: config 6 interface 86 altsetting 5 bulk endpoint 0x9 has invalid maxpacket 1023
[  396.182443][ T5904] usb 4-1: config 6 interface 86 has no altsetting 0
[  396.186013][ T5904] usb 4-1: string descriptor 0 read error: -22
[  396.186160][ T5904] usb 4-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=93.3f
[  396.186186][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.336696][ T8307] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  396.357699][ T5904] keyspan 4-1:6.86: Keyspan 2 port adapter converter detected
[  396.358123][ T5904] keyspan 4-1:6.86: found no endpoint descriptor for endpoint 87
[  396.358198][ T5904] keyspan 4-1:6.86: found no endpoint descriptor for endpoint 7
[  396.406175][ T5904] keyspan 4-1:6.86: found no endpoint descriptor for endpoint 81
[  396.406271][ T5904] keyspan 4-1:6.86: found no endpoint descriptor for endpoint 1
[  396.406394][ T5904] keyspan 4-1:6.86: found no endpoint descriptor for endpoint 85
[  396.406480][ T5904] keyspan 4-1:6.86: found no endpoint descriptor for endpoint 5
[  396.463106][ T5904] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  396.481553][ T5904] keyspan 4-1:6.86: found no endpoint descriptor for endpoint 83
[  396.481650][ T5904] keyspan 4-1:6.86: found no endpoint descriptor for endpoint 3
[  396.481737][ T5904] keyspan 4-1:6.86: found no endpoint descriptor for endpoint 4
[  396.481822][ T5904] keyspan 4-1:6.86: found no endpoint descriptor for endpoint 86
[  396.484069][ T5904] keyspan 4-1:6.86: found no endpoint descriptor for endpoint 6
[  396.531353][ T5904] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  396.709225][ T8307] netlink: 8 bytes leftover after parsing attributes in process `syz.3.645'.
[  396.870623][ T5800] usb 4-1: USB disconnect, device number 16
[  396.904237][ T8315] netlink: 260 bytes leftover after parsing attributes in process `syz.0.663'.
[  396.921233][ T5800] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  396.978069][ T5800] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  397.009222][ T5800] keyspan 4-1:6.86: device disconnected
[  399.039725][ T8324] netlink: 'syz.2.656': attribute type 5 has an invalid length.
[  399.039750][ T8324] netlink: 8 bytes leftover after parsing attributes in process `syz.2.656'.
[  399.068978][ T8324] netlink: 'syz.2.656': attribute type 1 has an invalid length.
[  399.179278][   T60] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  399.209937][   T60] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  399.212574][   T60] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  399.215219][   T60] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  399.227954][   T60] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  401.887190][   T60] Bluetooth: hci3: command tx timeout
[  403.707816][ T8358] netlink: 260 bytes leftover after parsing attributes in process `syz.5.674'.
[  403.907546][   T60] Bluetooth: hci3: command tx timeout
[  404.321844][   T43] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.958914][ T8378] FAULT_INJECTION: forcing a failure.
[  404.958914][ T8378] name failslab, interval 1, probability 0, space 0, times 0
[  404.959148][ T8378] CPU: 0 UID: 0 PID: 8378 Comm: syz.4.679 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  404.959182][ T8378] Tainted: [L]=SOFTLOCKUP
[  404.959188][ T8378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  404.959198][ T8378] Call Trace:
[  404.959204][ T8378]  <TASK>
[  404.959212][ T8378]  dump_stack_lvl+0xe8/0x150
[  404.959241][ T8378]  should_fail_ex+0x46b/0x600
[  404.959270][ T8378]  should_failslab+0xa8/0x100
[  404.959294][ T8378]  __kmalloc_noprof+0xdf/0x7b0
[  404.959315][ T8378]  ? kfree+0x4d/0x6c0
[  404.959333][ T8378]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  404.959360][ T8378]  tomoyo_realpath_from_path+0xe3/0x5d0
[  404.959390][ T8378]  ? tomoyo_path_number_perm+0x219/0x630
[  404.959415][ T8378]  tomoyo_path_number_perm+0x246/0x630
[  404.959438][ T8378]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  404.959461][ T8378]  ? __lock_acquire+0x6b5/0x2cf0
[  404.959502][ T8378]  ? __fget_files+0x2a/0x420
[  404.959522][ T8378]  ? __fget_files+0x2a/0x420
[  404.959540][ T8378]  ? __fget_files+0x3a6/0x420
[  404.959557][ T8378]  ? __fget_files+0x2a/0x420
[  404.959578][ T8378]  security_file_ioctl+0xc3/0x2a0
[  404.959602][ T8378]  __se_sys_ioctl+0x47/0x170
[  404.959628][ T8378]  do_syscall_64+0x14d/0xf80
[  404.959649][ T8378]  ? trace_irq_disable+0x3b/0x150
[  404.959667][ T8378]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.959684][ T8378]  ? clear_bhb_loop+0x40/0x90
[  404.959704][ T8378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.959720][ T8378] RIP: 0033:0x7fda29a6c629
[  404.959734][ T8378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  404.959749][ T8378] RSP: 002b:00007fda27cbe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  404.959765][ T8378] RAX: ffffffffffffffda RBX: 00007fda29ce5fa0 RCX: 00007fda29a6c629
[  404.959777][ T8378] RDX: 00002000000000c0 RSI: 00000000c040aed4 RDI: 0000000000000004
[  404.959788][ T8378] RBP: 00007fda27cbe090 R08: 0000000000000000 R09: 0000000000000000
[  404.959798][ T8378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.959807][ T8378] R13: 00007fda29ce6038 R14: 00007fda29ce5fa0 R15: 00007fff2f575808
[  404.959832][ T8378]  </TASK>
[  404.959838][ T8378] ERROR: Out of memory at tomoyo_realpath_from_path.
[  405.258189][   T43] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.073672][   T60] Bluetooth: hci3: command tx timeout
[  407.374329][ T8386] netlink: 132 bytes leftover after parsing attributes in process `syz.4.683'.
[  407.856426][   T43] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  408.428982][ T8389] syz_tun: entered allmulticast mode
[  409.124602][   T60] Bluetooth: hci3: command tx timeout
[  409.879486][   T43] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  409.930435][ T8326] chnl_net:caif_netlink_parms(): no params data found
[  409.936574][ T8397] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  409.936604][ T8397] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  409.936619][ T8397] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  410.005389][   T37] audit: type=1800 audit(1772104579.423:67): pid=8397 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.684" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  410.442004][ T8404] netlink: 260 bytes leftover after parsing attributes in process `syz.4.685'.
[  410.763210][ T8326] bridge0: port 1(bridge_slave_0) entered blocking state
[  410.763434][ T8326] bridge0: port 1(bridge_slave_0) entered disabled state
[  410.763647][ T8326] bridge_slave_0: entered allmulticast mode
[  410.809118][ T8407] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  410.837977][ T8326] bridge_slave_0: entered promiscuous mode
[  410.857464][ T8326] bridge0: port 2(bridge_slave_1) entered blocking state
[  410.859880][ T8326] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.860130][ T8326] bridge_slave_1: entered allmulticast mode
[  410.896288][ T8326] bridge_slave_1: entered promiscuous mode
[  411.297275][   T36] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  411.302812][   T43] bridge_slave_1: left allmulticast mode
[  411.302844][   T43] bridge_slave_1: left promiscuous mode
[  411.303172][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.508272][   T43] bridge_slave_0: left allmulticast mode
[  411.508303][   T43] bridge_slave_0: left promiscuous mode
[  411.508573][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  413.470813][   T36] usb 5-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  413.470849][   T36] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.470871][   T36] usb 5-1: Product: syz
[  413.470886][   T36] usb 5-1: Manufacturer: syz
[  413.470993][   T36] usb 5-1: SerialNumber: syz
[  413.526102][   T36] usb 5-1: config 0 descriptor??
[  413.562388][   T36] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  413.688418][   T36] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  413.715370][   T36] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[  413.809861][   T36] usb 5-1: USB disconnect, device number 17
[  414.930974][ T8431] netlink: zone id is out of range
[  414.930990][ T8431] netlink: zone id is out of range
[  414.931000][ T8431] netlink: zone id is out of range
[  414.931009][ T8431] netlink: zone id is out of range
[  414.931018][ T8431] netlink: zone id is out of range
[  414.931026][ T8431] netlink: zone id is out of range
[  414.931035][ T8431] netlink: zone id is out of range
[  414.931044][ T8431] netlink: zone id is out of range
[  414.931052][ T8431] netlink: zone id is out of range
[  414.931060][ T8431] netlink: zone id is out of range
[  415.099105][   T36] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  415.195777][ T8433] netlink: 4 bytes leftover after parsing attributes in process `syz.2.697'.
[  415.247408][   T36] usb 5-1: Using ep0 maxpacket: 32
[  415.254181][   T36] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  415.254212][   T36] usb 5-1: config 0 has no interface number 0
[  415.267533][   T36] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  415.267624][   T36] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.267684][   T36] usb 5-1: Product: syz
[  415.267718][   T36] usb 5-1: Manufacturer: syz
[  415.267769][   T36] usb 5-1: SerialNumber: syz
[  415.391930][   T36] usb 5-1: config 0 descriptor??
[  415.431574][   T36] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  415.663109][   T36] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  415.706102][   T36] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  416.013258][    C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  416.015688][   T10] usb 5-1: USB disconnect, device number 18
[  416.055203][   T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  416.074473][   T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  416.075315][   T10] quatech2 5-1:0.51: device disconnected
[  416.118272][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  416.157426][    T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  416.209216][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  416.238445][   T43] bond0 (unregistering): Released all slaves
[  416.271914][ T8326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  416.340377][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  416.340424][    T9] usb 1-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  416.340443][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.351019][    T9] usb 1-1: config 0 descriptor??
[  416.720850][ T8437] bridge0: port 2(bridge_slave_1) entered disabled state
[  416.736989][ T8437] bridge0: port 1(bridge_slave_0) entered disabled state
[  419.209969][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  419.210088][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  419.241972][    T9] usb 1-1: USB disconnect, device number 8
[  419.429157][ T8437] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  419.598404][ T8437] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  421.337563][   T32] block nbd0: Possible stuck request ffff888026605080: control (read@0,4096B). Runtime 300 seconds
[  423.147446][ T8470] netlink: 'syz.4.705': attribute type 10 has an invalid length.
[  424.142224][ T8474] netlink: 4 bytes leftover after parsing attributes in process `syz.0.707'.
[  424.381365][ T8481] netlink: 8 bytes leftover after parsing attributes in process `syz.0.709'.
[  424.381403][ T8481] netlink: 8 bytes leftover after parsing attributes in process `syz.0.709'.
[  424.949997][ T5803] Bluetooth: hci3: command 0x0405 tx timeout
[  425.899272][ T8437] bridge1: left promiscuous mode
[  425.963284][ T8326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  428.320240][   T37] audit: type=1800 audit(1772104597.813:68): pid=8498 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.713" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0
[  428.322767][ T8498] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  428.322811][ T8498] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  428.322833][ T8498] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  428.428002][ T8470] bridge0: port 2(bridge_slave_1) entered disabled state
[  428.447419][ T8470] bridge0: port 1(bridge_slave_0) entered disabled state
[  428.521633][ T8470] bridge0: port 2(bridge_slave_1) entered blocking state
[  428.521796][ T8470] bridge0: port 2(bridge_slave_1) entered forwarding state
[  428.522149][ T8470] bridge0: port 1(bridge_slave_0) entered blocking state
[  428.522304][ T8470] bridge0: port 1(bridge_slave_0) entered forwarding state
[  428.533918][ T8470] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  428.727614][ T1285] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  429.019276][ T8510] netlink: 4 bytes leftover after parsing attributes in process `syz.2.718'.
[  430.010001][ T1285] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  430.175690][ T1285] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  430.887510][ T8522] netlink: 8 bytes leftover after parsing attributes in process `syz.2.720'.
[  430.887568][ T8522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.720'.
[  430.887720][ T8522] netlink: 'syz.2.720': attribute type 18 has an invalid length.
[  430.887766][ T8522] netlink: 8 bytes leftover after parsing attributes in process `syz.2.720'.
[  431.629732][ T8524] FAULT_INJECTION: forcing a failure.
[  431.629732][ T8524] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  431.629776][ T8524] CPU: 1 UID: 0 PID: 8524 Comm: syz.0.722 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  431.629798][ T8524] Tainted: [L]=SOFTLOCKUP
[  431.629804][ T8524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  431.629817][ T8524] Call Trace:
[  431.629826][ T8524]  <TASK>
[  431.629833][ T8524]  dump_stack_lvl+0xe8/0x150
[  431.629863][ T8524]  should_fail_ex+0x46b/0x600
[  431.629893][ T8524]  _copy_from_iter+0x1d3/0x1670
[  431.629916][ T8524]  ? trace_kmem_cache_alloc+0x29/0xf0
[  431.629939][ T8524]  ? __alloc_skb+0x27d/0x7d0
[  431.629958][ T8524]  ? __pfx__copy_from_iter+0x10/0x10
[  431.629972][ T8524]  ? kmem_cache_alloc_node_noprof+0x27c/0x6e0
[  431.629995][ T8524]  ? __alloc_skb+0x27d/0x7d0
[  431.630017][ T8524]  ? netlink_sendmsg+0x650/0xb40
[  431.630032][ T8524]  ? skb_put+0x11b/0x210
[  431.630054][ T8524]  netlink_sendmsg+0x6c0/0xb40
[  431.630078][ T8524]  ? __pfx_netlink_sendmsg+0x10/0x10
[  431.630100][ T8524]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  431.630126][ T8524]  ____sys_sendmsg+0xa4e/0xac0
[  431.630154][ T8524]  ? __pfx_____sys_sendmsg+0x10/0x10
[  431.630182][ T8524]  ? import_iovec+0x73/0xa0
[  431.630203][ T8524]  ___sys_sendmsg+0x2a5/0x360
[  431.630228][ T8524]  ? __pfx____sys_sendmsg+0x10/0x10
[  431.630275][ T8524]  ? __fget_files+0x2a/0x420
[  431.630293][ T8524]  ? __fget_files+0x3a6/0x420
[  431.630319][ T8524]  __x64_sys_sendmsg+0x1c3/0x2a0
[  431.630343][ T8524]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  431.630371][ T8524]  ? __pfx_ksys_write+0x10/0x10
[  431.630403][ T8524]  do_syscall_64+0x14d/0xf80
[  431.630431][ T8524]  ? trace_irq_disable+0x3b/0x150
[  431.630449][ T8524]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.630465][ T8524]  ? clear_bhb_loop+0x40/0x90
[  431.630485][ T8524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.630500][ T8524] RIP: 0033:0x7f025164c629
[  431.630515][ T8524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  431.630530][ T8524] RSP: 002b:00007f024f8a6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  431.630547][ T8524] RAX: ffffffffffffffda RBX: 00007f02518c5fa0 RCX: 00007f025164c629
[  431.630559][ T8524] RDX: 0000000000008000 RSI: 00002000000002c0 RDI: 0000000000000003
[  431.630569][ T8524] RBP: 00007f024f8a6090 R08: 0000000000000000 R09: 0000000000000000
[  431.630579][ T8524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  431.630588][ T8524] R13: 00007f02518c6038 R14: 00007f02518c5fa0 R15: 00007ffd4d734e68
[  431.630613][ T8524]  </TASK>
[  432.141988][ T1285] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  432.230185][ T8326] team0: Port device team_slave_0 added
[  432.242573][ T5803] Bluetooth: hci5: command 0x0406 tx timeout
[  432.282867][ T8326] team0: Port device team_slave_1 added
[  434.550733][ T8326] batman_adv: batadv0: Adding interface: batadv_slave_0
[  434.550752][ T8326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  434.550783][ T8326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  434.592681][ T8326] batman_adv: batadv0: Adding interface: batadv_slave_1
[  434.592699][ T8326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  434.592729][ T8326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  434.877350][   T43] hsr_slave_0: left promiscuous mode
[  434.939933][   T43] hsr_slave_1: left promiscuous mode
[  434.943322][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  434.943344][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[  435.008888][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  435.008911][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[  435.129042][   T43] veth1_macvtap: left promiscuous mode
[  435.129116][   T43] veth0_macvtap: left promiscuous mode
[  435.129286][   T43] veth1_vlan: left promiscuous mode
[  435.129399][   T43] veth0_vlan: left promiscuous mode
[  439.826553][   T43] team0 (unregistering): Port device team_slave_1 removed
[  440.818125][   T43] team0 (unregistering): Port device team_slave_0 removed
[  440.858051][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  440.858123][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  441.275140][ T8577] syz_tun: left allmulticast mode
[  443.859919][ T8326] hsr_slave_0: entered promiscuous mode
[  443.868219][ T8326] hsr_slave_1: entered promiscuous mode
[  448.595177][ T8326] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  449.171767][ T8326] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  449.269850][ T8326] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  449.391666][ T8326] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  450.780428][ T8645] netlink: 8 bytes leftover after parsing attributes in process `syz.4.749'.
[  450.842530][ T8645] netlink: 28 bytes leftover after parsing attributes in process `syz.4.749'.
[  453.027767][   T32] block nbd0: Possible stuck request ffff888026605080: control (read@0,4096B). Runtime 330 seconds
[  453.218313][ T8326] 8021q: adding VLAN 0 to HW filter on device bond0
[  453.544407][ T8326] 8021q: adding VLAN 0 to HW filter on device team0
[  453.582863][ T1367] bridge0: port 1(bridge_slave_0) entered blocking state
[  453.583017][ T1367] bridge0: port 1(bridge_slave_0) entered forwarding state
[  453.901581][ T2151] bridge0: port 2(bridge_slave_1) entered blocking state
[  453.917370][ T2151] bridge0: port 2(bridge_slave_1) entered forwarding state
[  461.485701][ T5803] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  461.499711][ T5803] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  461.512158][ T5803] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  461.528443][ T5803] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  461.531558][ T5803] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  463.224904][ T8705] chnl_net:caif_netlink_parms(): no params data found
[  465.267211][ T5803] Bluetooth: hci0: command tx timeout
[  467.368392][ T5803] Bluetooth: hci0: command tx timeout
[  469.401719][   T37] audit: type=1326 audit(1772104638.843:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.4.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda29a6c629 code=0x7ffc0000
[  469.401777][   T37] audit: type=1326 audit(1772104638.893:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.4.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fda29a6c629 code=0x7ffc0000
[  469.401824][   T37] audit: type=1326 audit(1772104638.893:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.4.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda29a6c629 code=0x7ffc0000
[  469.401869][   T37] audit: type=1326 audit(1772104638.893:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.4.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda29a6c629 code=0x7ffc0000
[  469.401910][   T37] audit: type=1326 audit(1772104638.893:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.4.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fda29a6c629 code=0x7ffc0000
[  469.401954][   T37] audit: type=1326 audit(1772104638.893:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.4.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda29a6c629 code=0x7ffc0000
[  469.401997][   T37] audit: type=1326 audit(1772104638.893:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.4.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fda29a6c629 code=0x7ffc0000
[  469.402038][   T37] audit: type=1326 audit(1772104638.893:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.4.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda29a6c629 code=0x7ffc0000
[  469.404750][   T37] audit: type=1326 audit(1772104638.893:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.4.765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fda29a6c629 code=0x7ffc0000
[  469.427393][ T5803] Bluetooth: hci0: command tx timeout
[  471.508152][ T5803] Bluetooth: hci0: command tx timeout
[  472.867962][ T8773] hfs: unable to load iocharset "io#harset"
[  473.047420][ T8705] bridge0: port 1(bridge_slave_0) entered blocking state
[  473.047551][ T8705] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.047787][ T8705] bridge_slave_0: entered allmulticast mode
[  473.056155][ T8705] bridge_slave_0: entered promiscuous mode
[  473.137729][ T8705] bridge0: port 2(bridge_slave_1) entered blocking state
[  473.137867][ T8705] bridge0: port 2(bridge_slave_1) entered disabled state
[  473.138130][ T8705] bridge_slave_1: entered allmulticast mode
[  473.140376][ T8705] bridge_slave_1: entered promiscuous mode
[  475.312706][ T8705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  475.312827][ T8796] netlink: 80 bytes leftover after parsing attributes in process `syz.0.772'.
[  475.312852][ T8796] netlink: 56 bytes leftover after parsing attributes in process `syz.0.772'.
[  475.419982][  T808] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  475.426530][ T8705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  476.983027][ T8796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  476.983731][ T8796] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  477.017221][  T808] usb 1-1: Using ep0 maxpacket: 8
[  477.022487][  T808] usb 1-1: device descriptor read/all, error -61
[  477.198995][  T808] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  477.347348][  T808] usb 1-1: device descriptor read/64, error -71
[  477.466633][  T808] usb usb1-port1: attempt power cycle
[  477.715038][ T8705] team0: Port device team_slave_0 added
[  477.817558][  T808] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  477.838045][  T808] usb 1-1: device descriptor read/8, error -71
[  477.920230][ T8705] team0: Port device team_slave_1 added
[  478.087625][  T808] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  480.222135][   T60] Bluetooth: hci0: command 0x0405 tx timeout
[  480.590121][ T8705] batman_adv: batadv0: Adding interface: batadv_slave_0
[  480.590141][ T8705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  480.590173][ T8705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  480.918931][ T8705] batman_adv: batadv0: Adding interface: batadv_slave_1
[  480.918950][ T8705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  480.918983][ T8705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  483.196134][  T808] usb 1-1: device descriptor read/8, error -110
[  483.246303][ T8705] hsr_slave_0: entered promiscuous mode
[  483.278772][ T8705] hsr_slave_1: entered promiscuous mode
[  483.279719][ T8705] debugfs: 'hsr0' already exists in 'hsr'
[  483.279745][ T8705] Cannot create hsr debugfs directory
[  483.297982][  T808] usb usb1-port1: unable to enumerate USB device
[  483.317270][   T32] block nbd0: Possible stuck request ffff888026605080: control (read@0,4096B). Runtime 360 seconds
[  483.528085][   T43] bridge_slave_1: left allmulticast mode
[  483.528116][   T43] bridge_slave_1: left promiscuous mode
[  483.528361][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  483.902015][   T43] bridge_slave_0: left allmulticast mode
[  483.902101][   T43] bridge_slave_0: left promiscuous mode
[  483.955426][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  486.567896][ T8867] hfs: unable to load iocharset "io#harset"
[  492.727017][   T60] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  492.761324][   T60] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  492.765555][   T60] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  492.791684][   T60] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  492.800597][   T60] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  493.139239][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  493.357256][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  493.390501][   T43] bond0 (unregistering): Released all slaves
[  494.827653][   T43] hsr_slave_0: left promiscuous mode
[  494.871166][ T5803] Bluetooth: hci3: command tx timeout
[  494.917668][   T43] hsr_slave_1: left promiscuous mode
[  494.918931][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[  495.039916][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[  495.357341][ T5803] Bluetooth: hci5: unexpected event for opcode 0x2005
[  495.357436][ T5803] Bluetooth: hci5: ACL packet for unknown connection handle 201
[  497.167154][ T5803] Bluetooth: hci3: command tx timeout
[  498.297254][   T36] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  498.457356][   T36] usb 6-1: Using ep0 maxpacket: 16
[  498.462181][   T36] usb 6-1: config index 0 descriptor too short (expected 4495, got 71)
[  498.462212][   T36] usb 6-1: config 0 has an invalid interface number: 105 but max is 0
[  498.462233][   T36] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  498.462259][   T36] usb 6-1: config 0 has no interface number 0
[  498.511781][   T36] usb 6-1: New USB device found, idVendor=046c, idProduct=14e0, bcdDevice= 0.01
[  498.511805][   T36] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.511820][   T36] usb 6-1: Product: syz
[  498.511831][   T36] usb 6-1: Manufacturer: syz
[  498.511842][   T36] usb 6-1: SerialNumber: syz
[  498.575648][   T36] usb 6-1: config 0 descriptor??
[  498.601134][   T36] uvcvideo 6-1:0.105: Found UVC 0.00 device syz (046c:14e0)
[  498.601161][   T36] uvcvideo 6-1:0.105: No valid video chain found.
[  500.214893][   T60] Bluetooth: hci3: command tx timeout
[  500.327675][ T8914] netlink: 'syz.5.797': attribute type 2 has an invalid length.
[  500.327692][ T8914] netlink: 164 bytes leftover after parsing attributes in process `syz.5.797'.
[  500.563960][   T43] team0 (unregistering): Port device team_slave_1 removed
[  500.649532][   T43] team0 (unregistering): Port device team_slave_0 removed
[  502.361938][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  502.362046][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  502.364088][   T60] Bluetooth: hci3: command tx timeout
[  502.991930][  T899] usb 6-1: USB disconnect, device number 6
[  506.810510][ T8894] chnl_net:caif_netlink_parms(): no params data found
[  509.617352][ T8894] bridge0: port 1(bridge_slave_0) entered blocking state
[  509.617440][ T8894] bridge0: port 1(bridge_slave_0) entered disabled state
[  509.617625][ T8894] bridge_slave_0: entered allmulticast mode
[  509.620297][ T8894] bridge_slave_0: entered promiscuous mode
[  509.658093][ T8894] bridge0: port 2(bridge_slave_1) entered blocking state
[  509.658223][ T8894] bridge0: port 2(bridge_slave_1) entered disabled state
[  509.658468][ T8894] bridge_slave_1: entered allmulticast mode
[  509.689047][ T8894] bridge_slave_1: entered promiscuous mode
[  509.900098][ T8982] netlink: 80 bytes leftover after parsing attributes in process `syz.5.807'.
[  509.900140][ T8982] netlink: 56 bytes leftover after parsing attributes in process `syz.5.807'.
[  509.959116][ T8894] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  510.020432][ T8894] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  510.157541][    T9] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  510.307226][    T9] usb 6-1: Using ep0 maxpacket: 8
[  510.314351][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  510.314406][    T9] usb 6-1: New USB device found, idVendor=5543, idProduct=0045, bcdDevice= 0.00
[  510.314431][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.384530][    T9] usb 6-1: config 0 descriptor??
[  510.385230][ T8894] team0: Port device team_slave_0 added
[  510.463911][ T8894] team0: Port device team_slave_1 added
[  510.860615][ T8705] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  511.156805][ T8982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  511.158226][ T8982] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  511.174438][    T9] usb 6-1: string descriptor 0 read error: -71
[  511.174966][    T9] uclogic 0003:5543:0045.0007: failed retrieving string descriptor #200: -71
[  511.175025][    T9] uclogic 0003:5543:0045.0007: failed retrieving pen parameters: -71
[  511.175044][    T9] uclogic 0003:5543:0045.0007: failed probing pen v2 parameters: -71
[  511.175097][    T9] uclogic 0003:5543:0045.0007: failed probing parameters: -71
[  511.175210][    T9] uclogic 0003:5543:0045.0007: probe with driver uclogic failed with error -71
[  511.260275][ T8705] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  511.260478][    T9] usb 6-1: USB disconnect, device number 7
[  511.393825][ T8894] batman_adv: batadv0: Adding interface: batadv_slave_0
[  511.393844][ T8894] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  511.393874][ T8894] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  511.395069][ T8705] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  511.506625][ T8894] batman_adv: batadv0: Adding interface: batadv_slave_1
[  511.506638][ T8894] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  511.506660][ T8894] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  511.508081][ T8705] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  511.627358][   T36] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  511.807255][   T36] usb 5-1: Using ep0 maxpacket: 16
[  511.822033][ T8894] hsr_slave_0: entered promiscuous mode
[  511.843037][   T36] usb 5-1: config index 0 descriptor too short (expected 4495, got 71)
[  511.843070][   T36] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  511.843093][   T36] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  511.843114][   T36] usb 5-1: config 0 has no interface number 0
[  511.917013][   T36] usb 5-1: New USB device found, idVendor=046c, idProduct=14e0, bcdDevice= 0.01
[  511.917194][   T36] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.917218][   T36] usb 5-1: Product: syz
[  511.917234][   T36] usb 5-1: Manufacturer: syz
[  511.917249][   T36] usb 5-1: SerialNumber: syz
[  511.918874][ T8894] hsr_slave_1: entered promiscuous mode
[  512.053789][   T36] usb 5-1: config 0 descriptor??
[  513.847234][   T32] block nbd0: Possible stuck request ffff888026605080: control (read@0,4096B). Runtime 390 seconds
[  513.892831][   T36] uvcvideo 5-1:0.105: Found UVC 0.00 device syz (046c:14e0)
[  513.892868][   T36] uvcvideo 5-1:0.105: No valid video chain found.
[  514.019875][ T8991] netlink: 'syz.4.812': attribute type 2 has an invalid length.
[  514.019902][ T8991] netlink: 164 bytes leftover after parsing attributes in process `syz.4.812'.
[  514.292135][   T36] usb 5-1: USB disconnect, device number 19
[  516.379057][ T8705] 8021q: adding VLAN 0 to HW filter on device bond0
[  516.631806][ T8705] 8021q: adding VLAN 0 to HW filter on device team0
[  516.708583][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[  516.708691][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[  516.717388][ T8894] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  516.820933][ T8894] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  516.871764][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[  516.872700][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[  516.874492][ T8894] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  518.482199][ T8894] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  518.782290][   T37] audit: type=1326 audit(1772104688.273:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fa907c629 code=0x7ffc0000
[  518.782344][   T37] audit: type=1326 audit(1772104688.273:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fa907c629 code=0x7ffc0000
[  518.783348][   T37] audit: type=1326 audit(1772104688.273:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7f6fa907c629 code=0x7ffc0000
[  518.783397][   T37] audit: type=1326 audit(1772104688.273:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fa907c629 code=0x7ffc0000
[  518.783442][   T37] audit: type=1326 audit(1772104688.273:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fa907c629 code=0x7ffc0000
[  518.784167][   T37] audit: type=1326 audit(1772104688.273:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6fa907c629 code=0x7ffc0000
[  518.784213][   T37] audit: type=1326 audit(1772104688.273:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fa907c629 code=0x7ffc0000
[  518.784258][   T37] audit: type=1326 audit(1772104688.273:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fa907c629 code=0x7ffc0000
[  518.784938][   T37] audit: type=1326 audit(1772104688.273:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7f6fa907c629 code=0x7ffc0000
[  518.784985][   T37] audit: type=1326 audit(1772104688.273:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9030 comm="syz.2.816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6fa907c629 code=0x7ffc0000
[  522.593612][   T60] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  522.614035][   T60] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  522.617555][   T60] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  522.641815][   T60] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  522.655345][   T60] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  523.078995][ T8894] 8021q: adding VLAN 0 to HW filter on device bond0
[  523.135647][ T9058] comedi comedi3: comedi_config --init_data is deprecated
[  523.573680][ T8894] 8021q: adding VLAN 0 to HW filter on device team0
[  523.622801][ T1014] bridge0: port 1(bridge_slave_0) entered blocking state
[  523.631281][ T1014] bridge0: port 1(bridge_slave_0) entered forwarding state
[  523.708842][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  523.709060][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  523.801939][ T9062] netlink: 80 bytes leftover after parsing attributes in process `syz.2.822'.
[  523.801967][ T9062] netlink: 56 bytes leftover after parsing attributes in process `syz.2.822'.
[  524.057221][  T808] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  524.217782][  T808] usb 3-1: Using ep0 maxpacket: 8
[  524.270776][  T808] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  524.270828][  T808] usb 3-1: New USB device found, idVendor=5543, idProduct=0045, bcdDevice= 0.00
[  524.270854][  T808] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  524.275305][  T808] usb 3-1: config 0 descriptor??
[  524.708242][   T60] Bluetooth: hci6: command tx timeout
[  524.853536][ T9053] chnl_net:caif_netlink_parms(): no params data found
[  524.893101][ T9062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.893658][ T9062] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.922760][  T808] usb 3-1: string descriptor 0 read error: -71
[  524.926797][  T808] uclogic 0003:5543:0045.0008: failed retrieving string descriptor #200: -71
[  524.926861][  T808] uclogic 0003:5543:0045.0008: failed retrieving pen parameters: -71
[  524.926880][  T808] uclogic 0003:5543:0045.0008: failed probing pen v2 parameters: -71
[  524.926933][  T808] uclogic 0003:5543:0045.0008: failed probing parameters: -71
[  524.927264][  T808] uclogic 0003:5543:0045.0008: probe with driver uclogic failed with error -71
[  525.005522][  T808] usb 3-1: USB disconnect, device number 13
[  526.877363][   T60] Bluetooth: hci6: command tx timeout
[  528.947833][ T5803] Bluetooth: hci6: command tx timeout
[  530.859045][ T9053] bridge0: port 1(bridge_slave_0) entered blocking state
[  530.859246][ T9053] bridge0: port 1(bridge_slave_0) entered disabled state
[  530.859500][ T9053] bridge_slave_0: entered allmulticast mode
[  530.862420][ T9053] bridge_slave_0: entered promiscuous mode
[  531.027309][ T5803] Bluetooth: hci6: command 0x0419 tx timeout
[  534.298918][ T5803] Bluetooth: hci6: command 0x0419 tx timeout
[  534.303533][ T9053] bridge0: port 2(bridge_slave_1) entered blocking state
[  534.303667][ T9053] bridge0: port 2(bridge_slave_1) entered disabled state
[  534.303918][ T9053] bridge_slave_1: entered allmulticast mode
[  534.306006][ T9053] bridge_slave_1: entered promiscuous mode
[  534.550583][ T9053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  536.299588][ T9053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  536.840376][ T9053] team0: Port device team_slave_0 added
[  536.845057][ T8894] 8021q: adding VLAN 0 to HW filter on device batadv0
[  536.915266][ T9053] team0: Port device team_slave_1 added
[  537.162655][ T9053] batman_adv: batadv0: Adding interface: batadv_slave_0
[  537.162673][ T9053] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  537.162704][ T9053] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  537.240872][ T9053] batman_adv: batadv0: Adding interface: batadv_slave_1
[  537.240891][ T9053] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  537.240924][ T9053] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  537.936664][ T9053] hsr_slave_0: entered promiscuous mode
[  537.978419][ T9053] hsr_slave_1: entered promiscuous mode
[  537.979356][ T9053] debugfs: 'hsr0' already exists in 'hsr'
[  537.979383][ T9053] Cannot create hsr debugfs directory
[  538.097676][   T43] bridge_slave_1: left allmulticast mode
[  538.097707][   T43] bridge_slave_1: left promiscuous mode
[  538.097949][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  538.270988][   T43] bridge_slave_0: left allmulticast mode
[  538.271021][   T43] bridge_slave_0: left promiscuous mode
[  538.271298][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  538.503154][ T9149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.833'.
[  538.503185][ T9149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.833'.
[  541.778381][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  541.898420][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  541.940524][   T43] bond0 (unregistering): Released all slaves
[  544.127828][   T32] block nbd0: Possible stuck request ffff888026605080: control (read@0,4096B). Runtime 420 seconds
[  544.505482][   T43] hsr_slave_0: left promiscuous mode
[  544.539150][   T43] hsr_slave_1: left promiscuous mode
[  544.539895][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[  544.573651][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[  544.907671][ T5801] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  545.067183][ T5801] usb 5-1: Using ep0 maxpacket: 8
[  545.095452][ T5801] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  545.095504][ T5801] usb 5-1: New USB device found, idVendor=5543, idProduct=0045, bcdDevice= 0.00
[  545.095530][ T5801] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  545.148354][ T5801] usb 5-1: config 0 descriptor??
[  545.757379][ T9169] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  545.758017][ T9169] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  545.819503][   T43] team0 (unregistering): Port device team_slave_1 removed
[  545.903851][   T43] team0 (unregistering): Port device team_slave_0 removed
[  546.833686][ T9168] netlink: 80 bytes leftover after parsing attributes in process `syz.4.834'.
[  546.835103][ T9168] netlink: 56 bytes leftover after parsing attributes in process `syz.4.834'.
[  546.900969][ T5801] usb 5-1: string descriptor 0 read error: -71
[  546.901484][ T5801] uclogic 0003:5543:0045.0009: failed retrieving string descriptor #200: -71
[  546.901539][ T5801] uclogic 0003:5543:0045.0009: failed retrieving pen parameters: -71
[  546.901559][ T5801] uclogic 0003:5543:0045.0009: failed probing pen v2 parameters: -71
[  546.901612][ T5801] uclogic 0003:5543:0045.0009: failed probing parameters: -71
[  546.901789][ T5801] uclogic 0003:5543:0045.0009: probe with driver uclogic failed with error -71
[  546.974885][ T5801] usb 5-1: USB disconnect, device number 20
[  547.924552][ T8894] veth0_vlan: entered promiscuous mode
[  548.164908][ T8894] veth1_vlan: entered promiscuous mode
[  548.632629][ T8894] veth0_macvtap: entered promiscuous mode
[  548.669959][ T8894] veth1_macvtap: entered promiscuous mode
[  548.789547][ T8894] batman_adv: batadv0: Interface activated: batadv_slave_0
[  548.861202][ T8894] batman_adv: batadv0: Interface activated: batadv_slave_1
[  548.969475][ T1014] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  548.993613][ T1014] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  548.995546][ T1014] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  549.039171][ T1014] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  549.644498][ T9053] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  549.690660][ T9053] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  549.788711][ T9053] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  549.793541][   T60] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  549.826614][   T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  549.835875][   T60] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  549.845576][   T60] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  549.855538][   T60] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  549.961990][ T9053] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  551.613122][   T43] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.682459][ T9237] chnl_net:caif_netlink_parms(): no params data found
[  551.907216][ T5803] Bluetooth: hci0: command tx timeout
[  551.949768][   T43] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.322645][   T43] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.420640][ T9053] 8021q: adding VLAN 0 to HW filter on device bond0
[  552.784460][   T43] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.924483][ T9237] bridge0: port 1(bridge_slave_0) entered blocking state
[  552.924679][ T9237] bridge0: port 1(bridge_slave_0) entered disabled state
[  552.924877][ T9237] bridge_slave_0: entered allmulticast mode
[  552.971489][ T9237] bridge_slave_0: entered promiscuous mode
[  553.000494][ T9237] bridge0: port 2(bridge_slave_1) entered blocking state
[  553.000624][ T9237] bridge0: port 2(bridge_slave_1) entered disabled state
[  553.000854][ T9237] bridge_slave_1: entered allmulticast mode
[  553.002794][ T9237] bridge_slave_1: entered promiscuous mode
[  553.101166][ T9053] 8021q: adding VLAN 0 to HW filter on device team0
[  553.146745][ T9237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  553.235084][ T1367] bridge0: port 1(bridge_slave_0) entered blocking state
[  553.235230][ T1367] bridge0: port 1(bridge_slave_0) entered forwarding state
[  553.284362][ T9237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  553.422232][ T1367] bridge0: port 2(bridge_slave_1) entered blocking state
[  553.422375][ T1367] bridge0: port 2(bridge_slave_1) entered forwarding state
[  553.701192][ T9237] team0: Port device team_slave_0 added
[  553.759450][ T9237] team0: Port device team_slave_1 added
[  553.996750][ T5803] Bluetooth: hci0: command tx timeout
[  554.042831][ T9237] batman_adv: batadv0: Adding interface: batadv_slave_0
[  554.042849][ T9237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  554.042879][ T9237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  554.240142][ T9237] batman_adv: batadv0: Adding interface: batadv_slave_1
[  554.240161][ T9237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  554.240193][ T9237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  554.583969][   T43] bridge_slave_1: left allmulticast mode
[  554.584010][   T43] bridge_slave_1: left promiscuous mode
[  554.584268][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  554.678242][   T43] bridge_slave_0: left allmulticast mode
[  554.678276][   T43] bridge_slave_0: left promiscuous mode
[  554.678540][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  556.067423][ T5803] Bluetooth: hci0: command tx timeout
[  556.393194][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  556.501354][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  556.562905][   T43] bond0 (unregistering): Released all slaves
[  556.635188][ T9237] hsr_slave_0: entered promiscuous mode
[  556.636838][ T9237] hsr_slave_1: entered promiscuous mode
[  556.650145][ T9237] debugfs: 'hsr0' already exists in 'hsr'
[  556.650180][ T9237] Cannot create hsr debugfs directory
[  557.439038][   T43] hsr_slave_0: left promiscuous mode
[  557.487877][   T43] hsr_slave_1: left promiscuous mode
[  557.488999][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  557.489034][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[  557.538688][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  557.538720][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[  557.632458][   T43] veth1_macvtap: left promiscuous mode
[  557.632561][   T43] veth0_macvtap: left promiscuous mode
[  557.632816][   T43] veth1_vlan: left promiscuous mode
[  557.634931][   T43] veth0_vlan: left promiscuous mode
[  558.157907][ T5803] Bluetooth: hci0: command tx timeout
[  559.428811][   T43] team0 (unregistering): Port device team_slave_1 removed
[  559.510092][   T43] team0 (unregistering): Port device team_slave_0 removed
[  561.116846][ T9053] 8021q: adding VLAN 0 to HW filter on device batadv0
[  561.553038][ T9494] kvm: kvm [9493]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x400005
[  562.316232][ T9053] veth0_vlan: entered promiscuous mode
[  562.451739][ T9053] veth1_vlan: entered promiscuous mode
[  563.047688][ T9053] veth0_macvtap: entered promiscuous mode
[  563.184296][ T9053] veth1_macvtap: entered promiscuous mode
[  563.214584][ T9237] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  563.275254][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  563.275320][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  563.309364][ T9237] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  563.374759][ T9237] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  563.472187][ T9237] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  563.621503][ T9053] batman_adv: batadv0: Interface activated: batadv_slave_0
[  563.671246][ T9053] batman_adv: batadv0: Interface activated: batadv_slave_1
[  563.756699][   T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  563.759876][   T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  563.760521][   T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  563.760866][   T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  564.581857][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  564.581882][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  564.687949][ T9237] 8021q: adding VLAN 0 to HW filter on device bond0
[  564.823096][   T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  564.823119][   T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  564.846071][ T9237] 8021q: adding VLAN 0 to HW filter on device team0
[  564.925946][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  564.926215][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  564.992290][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  564.992398][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  566.201763][ T9237] 8021q: adding VLAN 0 to HW filter on device batadv0
[  567.659700][   T37] kauditd_printk_skb: 15 callbacks suppressed
[  567.659720][   T37] audit: type=1800 audit(1772104737.133:103): pid=9622 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.972" name="bus" dev="tmpfs" ino=1113 res=0 errno=0
[  567.784352][ T9237] veth0_vlan: entered promiscuous mode
[  567.803637][ T9237] veth1_vlan: entered promiscuous mode
[  567.855569][ T9237] veth0_macvtap: entered promiscuous mode
[  567.869236][ T9237] veth1_macvtap: entered promiscuous mode
[  567.900041][ T9237] batman_adv: batadv0: Interface activated: batadv_slave_0
[  567.931343][ T9237] batman_adv: batadv0: Interface activated: batadv_slave_1
[  567.966259][ T1367] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  567.994111][ T1367] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  568.017849][ T1367] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  568.022223][ T1367] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  568.527312][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  568.527332][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  568.694725][   T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  568.694742][   T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  570.747285][   T37] audit: type=1800 audit(1772104740.233:104): pid=9659 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.983" name="bus" dev="tmpfs" ino=28 res=0 errno=0
[  572.320814][ T9701] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  573.166883][ T9720] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1007'.
[  573.464234][ T9720] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1007'.
[  574.190011][   T32] block nbd0: Possible stuck request ffff888026605080: control (read@0,4096B). Runtime 450 seconds
[  576.148810][ T9775] KVM: debugfs: duplicate directory 9775-6
[  577.796540][   T37] audit: type=1800 audit(1772104747.283:105): pid=9796 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.1036" name="bus" dev="tmpfs" ino=80 res=0 errno=0
[  581.148745][   T37] audit: type=1800 audit(1772104750.643:106): pid=9834 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.1050" name="bus" dev="tmpfs" ino=1204 res=0 errno=0
[  585.572064][   T37] audit: type=1800 audit(1772104755.033:107): pid=9874 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.5.1064" name="bus" dev="tmpfs" ino=961 res=0 errno=0
[  588.158217][ T5801] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  588.281254][ T9878] "syz.7.1066" (9878) uses obsolete ecb(arc4) skcipher
[  588.309489][ T5801] usb 3-1: config index 0 descriptor too short (expected 2304, got 36)
[  588.309519][ T5801] usb 3-1: config 254 has too many interfaces: 33, using maximum allowed: 32
[  588.309541][ T5801] usb 3-1: config 254 has an invalid descriptor of length 34, skipping remainder of the config
[  588.309562][ T5801] usb 3-1: config 254 has 0 interfaces, different from the descriptor's value: 33
[  588.309600][ T5801] usb 3-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[  588.309625][ T5801] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.464289][ T5801] usb 3-1: string descriptor 0 read error: -71
[  590.485527][ T5801] usb 3-1: USB disconnect, device number 14
[  590.758719][   T37] audit: type=1800 audit(1772104760.253:108): pid=9922 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1077" name="bus" dev="tmpfs" ino=1457 res=0 errno=0
[  597.553068][   T36] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  597.732725][   T36] usb 3-1: config index 0 descriptor too short (expected 2304, got 36)
[  597.732756][   T36] usb 3-1: config 254 has too many interfaces: 33, using maximum allowed: 32
[  597.732777][   T36] usb 3-1: config 254 has an invalid descriptor of length 34, skipping remainder of the config
[  597.732798][   T36] usb 3-1: config 254 has 0 interfaces, different from the descriptor's value: 33
[  597.732836][   T36] usb 3-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[  597.732860][   T36] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.046826][ T9961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.059057][ T9961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.880137][ T9961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.884174][ T9961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.947442][   T36] usb 3-1: string descriptor 0 read error: -71
[  599.017778][   T36] usb 3-1: USB disconnect, device number 15
[  601.580765][T10014] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1100'.
[  601.630445][T10014] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1100'.
[  602.827432][   T36] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  602.984478][   T36] usb 6-1: config index 0 descriptor too short (expected 2304, got 36)
[  602.984512][   T36] usb 6-1: config 254 has too many interfaces: 33, using maximum allowed: 32
[  602.984533][   T36] usb 6-1: config 254 has an invalid descriptor of length 34, skipping remainder of the config
[  602.984554][   T36] usb 6-1: config 254 has 0 interfaces, different from the descriptor's value: 33
[  602.984591][   T36] usb 6-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[  602.984615][   T36] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  604.011031][T10020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.013704][T10020] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  604.050362][   T36] usb 6-1: string descriptor 0 read error: -71
[  604.092422][   T36] usb 6-1: USB disconnect, device number 8
[  604.309129][   T32] block nbd0: Possible stuck request ffff888026605080: control (read@0,4096B). Runtime 480 seconds
[  609.726541][T10107] ubi: mtd0 is already attached to ubi31
[  609.912735][T10112] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1136'.
[  616.547352][T10171] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1158'.
[  617.907369][ T5803] Bluetooth: hci0: command 0x0405 tx timeout
[  619.553665][T10203] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1166'.
[  619.553685][T10203] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1166'.
[  624.679114][ T5904] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  624.716050][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  624.716125][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  624.827174][ T5904] usb 3-1: Using ep0 maxpacket: 32
[  624.829408][ T5904] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  624.829435][ T5904] usb 3-1: config 0 has no interfaces?
[  624.831900][ T5904] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  624.831931][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  624.831954][ T5904] usb 3-1: Product: syz
[  624.831968][ T5904] usb 3-1: Manufacturer: syz
[  624.831984][ T5904] usb 3-1: SerialNumber: syz
[  624.899199][ T5904] usb 3-1: config 0 descriptor??
[  626.083441][T10244] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1177'.
[  626.234188][T10250] netlink: 120 bytes leftover after parsing attributes in process `syz.5.1180'.
[  627.868214][   T36] usb 3-1: USB disconnect, device number 16
[  629.740636][   T38] INFO: task syz.0.772:8792 blocked for more than 145 seconds.
[  629.740666][   T38]       Tainted: G             L      syzkaller #0
[  629.740679][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  629.740690][   T38] task:syz.0.772       state:D stack:28096 pid:8792  tgid:8791  ppid:5796   task_flags:0x400040 flags:0x00080002
[  629.740757][   T38] Call Trace:
[  629.740766][   T38]  <TASK>
[  629.740781][   T38]  __schedule+0x14fb/0x52c0
[  629.740820][   T38]  ? __lock_acquire+0x6b5/0x2cf0
[  629.740865][   T38]  ? __pfx___schedule+0x10/0x10
[  629.740908][   T38]  rt_mutex_schedule+0x76/0xf0
[  629.740936][   T38]  rt_mutex_slowlock_block+0x508/0x680
[  629.740973][   T38]  ? rt_mutex_slowlock_block+0x2e9/0x680
[  629.741000][   T38]  rt_mutex_slowlock+0x2dc/0x7b0
[  629.741026][   T38]  ? rt_mutex_slowlock+0x1fd/0x7b0
[  629.741052][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  629.741096][   T38]  ? bdev_open+0xe0/0xcc0
[  629.741136][   T38]  ? bdev_open+0xe0/0xcc0
[  629.741174][   T38]  mutex_lock_nested+0x168/0x1d0
[  629.741201][   T38]  bdev_open+0xe0/0xcc0
[  629.741245][   T38]  blkdev_open+0x485/0x620
[  629.741272][   T38]  ? __pfx_blkdev_open+0x10/0x10
[  629.741293][   T38]  do_dentry_open+0x83d/0x13e0
[  629.741333][   T38]  vfs_open+0x3b/0x350
[  629.741356][   T38]  ? path_openat+0x2e2b/0x38a0
[  629.741389][   T38]  path_openat+0x2e43/0x38a0
[  629.741454][   T38]  ? __pfx_path_openat+0x10/0x10
[  629.741484][   T38]  ? __lock_acquire+0x6b5/0x2cf0
[  629.741508][   T38]  ? kmem_cache_alloc_noprof+0x33b/0x680
[  629.741549][   T38]  ? do_raw_spin_lock+0x12b/0x2f0
[  629.741590][   T38]  do_file_open+0x23e/0x4a0
[  629.741622][   T38]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  629.741655][   T38]  ? __pfx_do_file_open+0x10/0x10
[  629.741685][   T38]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  629.741734][   T38]  ? alloc_fd+0x64e/0x6c0
[  629.741771][   T38]  do_sys_openat2+0x113/0x200
[  629.741801][   T38]  ? __pfx_do_sys_openat2+0x10/0x10
[  629.741830][   T38]  ? exc_page_fault+0x6a/0xc0
[  629.741863][   T38]  ? do_user_addr_fault+0xc6f/0x1340
[  629.741899][   T38]  __x64_sys_openat+0x138/0x170
[  629.741932][   T38]  do_syscall_64+0x14d/0xf80
[  629.741961][   T38]  ? trace_irq_disable+0x3b/0x150
[  629.741987][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  629.742010][   T38]  ? clear_bhb_loop+0x40/0x90
[  629.742038][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  629.742062][   T38] RIP: 0033:0x7f025160cece
[  629.742083][   T38] RSP: 002b:00007f024f8a5b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  629.742106][   T38] RAX: ffffffffffffffda RBX: 00007f024f8a66c0 RCX: 00007f025160cece
[  629.742123][   T38] RDX: 0000000000000001 RSI: 00007f024f8a5c00 RDI: ffffffffffffff9c
[  629.742138][   T38] RBP: 00007f024f8a5c00 R08: 0000000000000000 R09: 0000000000000000
[  629.742160][   T38] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  629.742175][   T38] R13: 00007f02518c6038 R14: 00007f02518c5fa0 R15: 00007ffd4d734e68
[  629.742211][   T38]  </TASK>
[  629.742253][   T38] 
[  629.742253][   T38] Showing all locks held in the system:
[  629.742265][   T38] 2 locks held by irq_work/0/23:
[  629.742278][   T38]  #0: ffff8880b883bc20 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0xb6/0x150
[  629.742344][   T38]  #1: ffff8880b8824688 (psi_seq){-...}-{0:0}, at: psi_task_switch+0x53/0x880
[  629.742401][   T38] 3 locks held by kworker/1:1/36:
[  629.742413][   T38] 1 lock held by khungtaskd/38:
[  629.742425][   T38]  #0: ffffffff8ddcd780 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  629.742478][   T38] 2 locks held by kworker/u8:2/43:
[  629.742490][   T38]  #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830
[  629.742549][   T38]  #1: ffffc90000b47c40 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830
[  629.742608][   T38] 2 locks held by kworker/u8:4/68:
[  629.742620][   T38]  #0: ffff88801e7a3138 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830
[  629.742681][   T38]  #1: ffffc9000153fc40 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830
[  629.742745][   T38] 6 locks held by kworker/0:2/899:
[  629.742775][   T38] 1 lock held by udevd/5165:
[  629.742788][   T38] 2 locks held by getty/5555:
[  629.742799][   T38]  #0: ffff8880375bf0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  629.742848][   T38]  #1: ffffc90003e7e2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13c0
[  629.742909][   T38] 2 locks held by kworker/1:4/5801:
[  629.742922][   T38] 1 lock held by udevd/5802:
[  629.742934][   T38]  #0: ffff8880265744c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0
[  629.743000][   T38] 1 lock held by udevd/6003:
[  629.743013][   T38] 2 locks held by syz-executor/6847:
[  629.743029][   T38] 1 lock held by syz.0.772/8792:
[  629.743041][   T38]  #0: ffff8880265744c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0
[  629.743104][   T38] 1 lock held by syz.4.1177/10243:
[  629.743116][   T38]  #0: ffff888038a89d30 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x237/0x4f0
[  629.743184][   T38] 7 locks held by syz.4.1177/10244:
[  629.743197][   T38] 2 locks held by syz.6.1174/10256:
[  629.743210][   T38] 
[  629.743215][   T38] =============================================
[  629.743215][   T38] 
[  629.743233][   T38] NMI backtrace for cpu 1
[  629.743251][   T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  629.743279][   T38] Tainted: [L]=SOFTLOCKUP
[  629.743286][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  629.743298][   T38] Call Trace:
[  629.743307][   T38]  <TASK>
[  629.743316][   T38]  dump_stack_lvl+0xe8/0x150
[  629.743350][   T38]  nmi_cpu_backtrace+0x274/0x2d0
[  629.743373][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  629.743405][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  629.743431][   T38]  sys_info+0x135/0x170
[  629.743463][   T38]  watchdog+0xfd9/0x1030
[  629.743496][   T38]  ? watchdog+0x21a/0x1030
[  629.743531][   T38]  kthread+0x388/0x470
[  629.743555][   T38]  ? __pfx_watchdog+0x10/0x10
[  629.743580][   T38]  ? __pfx_kthread+0x10/0x10
[  629.743604][   T38]  ret_from_fork+0x51e/0xb90
[  629.743638][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  629.743668][   T38]  ? __switch_to+0xc7d/0x1450
[  629.743698][   T38]  ? __pfx_kthread+0x10/0x10
[  629.743723][   T38]  ret_from_fork_asm+0x1a/0x30
[  629.743761][   T38]  </TASK>
[  629.743769][   T38] Sending NMI from CPU 1 to CPUs 0:
[  629.743801][    C0] NMI backtrace for cpu 0
[  629.743818][    C0] CPU: 0 UID: 0 PID: 899 Comm: kworker/0:2 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  629.743844][    C0] Tainted: [L]=SOFTLOCKUP
[  629.743850][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  629.743863][    C0] Workqueue: mm_percpu_wq vmstat_update
[  629.743884][    C0] RIP: 0010:lockdep_hardirqs_on_prepare+0x13c/0x260
[  629.743921][    C0] Code: 75 bc eb 79 48 c7 c7 30 aa c9 8d 4c 89 fe e8 fb b3 39 03 eb c2 85 c0 7e 64 83 bb 58 0b 00 00 00 74 5b 45 31 ff eb 13 49 ff c7 <48> 63 83 70 0b 00 00 49 83 c6 28 49 39 c7 7d 43 49 83 ff 31 73 2c
[  629.743938][    C0] RSP: 0018:ffffc90004927748 EFLAGS: 00000002
[  629.743953][    C0] RAX: 0000000000000001 RBX: ffff88802567dac0 RCX: ffffffff92f87530
[  629.743967][    C0] RDX: 0000000000000006 RSI: ffff88802567e638 RDI: ffff88802567dac0
[  629.743980][    C0] RBP: ffff88813fffbfe0 R08: ffffffff8f6a28b7 R09: 1ffffffff1ed4516
[  629.743994][    C0] R10: dffffc0000000000 R11: fffffbfff1ed4517 R12: ffff88802567e728
[  629.744008][    C0] R13: 0000000000000000 R14: ffff88802567e638 R15: 0000000000000001
[  629.744021][    C0] FS:  0000000000000000(0000) GS:ffff888126343000(0000) knlGS:0000000000000000
[  629.744035][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  629.744048][    C0] CR2: 000055555bba5a28 CR3: 000000000dbba000 CR4: 00000000003526f0
[  629.744065][    C0] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[  629.744077][    C0] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  629.744090][    C0] Call Trace:
[  629.744096][    C0]  <TASK>
[  629.744104][    C0]  ? bad_range+0xa0/0x330
[  629.744126][    C0]  trace_hardirqs_on+0x28/0x40
[  629.744146][    C0]  seqcount_lockdep_reader_access+0x89/0xc0
[  629.744173][    C0]  bad_range+0xa0/0x330
[  629.744199][    C0]  __free_one_page+0xed/0xbc0
[  629.744229][    C0]  free_pcppages_bulk+0x2cd/0x4f0
[  629.744262][    C0]  decay_pcp_high+0x12d/0x2a0
[  629.744289][    C0]  refresh_cpu_vm_stats+0x1ec/0x450
[  629.744321][    C0]  ? process_scheduled_works+0xa25/0x1830
[  629.744347][    C0]  vmstat_update+0x15/0xb0
[  629.744364][    C0]  ? process_scheduled_works+0xa25/0x1830
[  629.744389][    C0]  process_scheduled_works+0xb02/0x1830
[  629.744426][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  629.744453][    C0]  ? assign_work+0x3d5/0x5e0
[  629.744479][    C0]  worker_thread+0xa50/0xfc0
[  629.744517][    C0]  kthread+0x388/0x470
[  629.744534][    C0]  ? __pfx_worker_thread+0x10/0x10
[  629.744558][    C0]  ? __pfx_kthread+0x10/0x10
[  629.744576][    C0]  ret_from_fork+0x51e/0xb90
[  629.744603][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  629.744627][    C0]  ? __switch_to+0xc7d/0x1450
[  629.744649][    C0]  ? __pfx_kthread+0x10/0x10
[  629.744667][    C0]  ret_from_fork_asm+0x1a/0x30
[  629.744714][    C0]  </TASK>
[  629.744813][   T38] Kernel panic - not syncing: hung_task: blocked tasks
[  629.744832][   T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  629.744862][   T38] Tainted: [L]=SOFTLOCKUP
[  629.744871][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  629.744884][   T38] Call Trace:
[  629.744892][   T38]  <TASK>
[  629.744901][   T38]  vpanic+0x56c/0xa60
[  629.744940][   T38]  ? __pfx_vpanic+0x10/0x10
[  629.744984][   T38]  panic+0xc5/0xd0
[  629.745016][   T38]  ? __pfx_panic+0x10/0x10
[  629.745047][   T38]  ? printk_trigger_flush+0x117/0x180
[  629.745080][   T38]  ? lockdep_hardirqs_on+0x7a/0x110
[  629.745116][   T38]  ? nmi_trigger_cpumask_backtrace+0x234/0x300
[  629.745143][   T38]  watchdog+0x1023/0x1030
[  629.745184][   T38]  ? watchdog+0x21a/0x1030
[  629.745218][   T38]  kthread+0x388/0x470
[  629.745241][   T38]  ? __pfx_watchdog+0x10/0x10
[  629.745265][   T38]  ? __pfx_kthread+0x10/0x10
[  629.745290][   T38]  ret_from_fork+0x51e/0xb90
[  629.745324][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  629.745353][   T38]  ? __switch_to+0xc7d/0x1450
[  629.745385][   T38]  ? __pfx_kthread+0x10/0x10
[  629.745410][   T38]  ret_from_fork_asm+0x1a/0x30
[  629.745447][   T38]  </TASK>
[  629.746045][   T38] Kernel Offset: disabled