last executing test programs:

23m43.637148783s ago: executing program 1 (id=128):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x80, 0x1405, 0x800, 0x70bd26, 0x25dfdbfd, "", [{{0x8, 0x1, 0x1}, {0x8, 0x3, 0x4}}, {{0x8, 0x1, 0x2}, {0x8}}, {{0x8}, {0x8, 0x3, 0x2}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x4}}, {{0x8}, {0x8}}, {{0x8}, {0x8}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x4}}]}, 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x0)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000180)=<r1=>0x0)
move_pages(r1, 0x4, &(0x7f00000001c0)=[&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil], 0x0, &(0x7f0000000200)=[0x0], 0xa)
flistxattr(r0, &(0x7f0000000240)=""/134, 0x86)
ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, &(0x7f0000000300))
r2 = accept4$x25(0xffffffffffffffff, &(0x7f0000000340)={0x9, @remote}, &(0x7f0000000380)=0x12, 0x80800)
ioctl$SIOCX25GCAUSEDIAG(r2, 0x89e6, &(0x7f00000003c0)={0x3, 0x2})
ioctl$sock_x25_SIOCDELRT(r2, 0x890c, &(0x7f0000000400)={@null, 0x9, 'macsec0\x00'})
syz_open_dev$vbi(&(0x7f0000000500), 0x3, 0x2)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x800)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000001540), 0x8000, 0x0)
ioctl$CEC_ADAP_G_CONNECTOR_INFO(r3, 0x8044610a, &(0x7f0000001580)={0x0, @raw})
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000001680)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000001740)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x4452}, 0xc, &(0x7f0000001700)={&(0x7f00000016c0)={0x24, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x8000)
setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r3, 0x110, 0x3)
clock_gettime(0x0, &(0x7f0000001780)={<r5=>0x0, <r6=>0x0})
timerfd_settime(r3, 0x4, &(0x7f00000017c0)={{0x77359400}, {r5, r6+10000000}}, &(0x7f0000001800))
recvmmsg(r3, &(0x7f000000b440)=[{{&(0x7f0000001840)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r7=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f0000004c80)=[{&(0x7f00000018c0)=""/133, 0x85}, {&(0x7f0000001980)=""/244, 0xf4}, {&(0x7f0000001a80)=""/114, 0x72}, {&(0x7f0000001b00)=""/4096, 0x1000}, {&(0x7f0000002b00)=""/13, 0xd}, {&(0x7f0000002b40)=""/4096, 0x1000}, {&(0x7f0000003b40)=""/71, 0x47}, {&(0x7f0000003bc0)}, {&(0x7f0000003c00)=""/117, 0x75}, {&(0x7f0000003c80)=""/4096, 0x1000}], 0xa, &(0x7f0000004d40)=""/206, 0xce}, 0x20}, {{&(0x7f0000004e40)=@hci, 0x80, &(0x7f0000007200)=[{&(0x7f0000004ec0)=""/39, 0x27}, {&(0x7f0000004f00)=""/4096, 0x1000}, {&(0x7f0000005f00)=""/135, 0x87}, {&(0x7f0000005fc0)=""/242, 0xf2}, {&(0x7f00000060c0)=""/134, 0x86}, {&(0x7f0000006180)=""/118, 0x76}, {&(0x7f0000006200)=""/4096, 0x1000}], 0x7, &(0x7f0000007280)=""/109, 0x6d}, 0x80800}, {{&(0x7f0000007300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x80, &(0x7f0000008680)=[{&(0x7f0000007380)=""/90, 0x5a}, {&(0x7f0000007400)=""/50, 0x32}, {&(0x7f0000007440)=""/10, 0xa}, {&(0x7f0000007480)=""/62, 0x3e}, {&(0x7f00000074c0)=""/180, 0xb4}, {&(0x7f0000007580)=""/4096, 0x1000}, {&(0x7f0000008580)=""/53, 0x35}, {&(0x7f00000085c0)=""/183, 0xb7}], 0x8, &(0x7f0000008700)=""/221, 0xdd}, 0xe4}, {{0x0, 0x0, &(0x7f0000008c40)=[{&(0x7f0000008bc0)=""/58, 0x3a}, {&(0x7f0000008c00)=""/11, 0xb}], 0x2, &(0x7f0000008c80)=""/122, 0x7a}, 0x1}, {{&(0x7f0000008d00)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000009e80)=[{&(0x7f0000008d80)=""/175, 0xaf}, {&(0x7f0000008e40)=""/51, 0x33}, {&(0x7f0000008e80)=""/4096, 0x1000}], 0x3}, 0x1}, {{&(0x7f0000009f80)=@isdn, 0x80, &(0x7f000000b2c0)=[{&(0x7f000000a000)=""/4096, 0x1000}, {&(0x7f000000b000)=""/54, 0x36}, {&(0x7f000000b040)=""/53, 0x35}, {&(0x7f000000b080)=""/31, 0x1f}, {&(0x7f000000b0c0)=""/239, 0xef}, {&(0x7f000000b200)=""/29, 0x1d}, {&(0x7f000000b240)=""/122, 0x7a}], 0x7, &(0x7f000000b340)=""/222, 0xde}, 0x800}], 0x6, 0x60, 0x0)
bind$802154_dgram(r7, &(0x7f000000b600)={0x24, @none={0x0, 0x3}}, 0x14)
syz_clone(0x8000000, &(0x7f000000b640)="543704c35dfca02b402341851134b42e4113f3a5b89636116c9ece178e25d474aa4a034512c768bef5513def39b7e9a2e0e2523a8aa5f7d64e182baf60ad563a19b5a63865c20ff0d7b1273238c6a040d47fde255fd2cb366e4c2e1be61f51788d2320635e1329cfb8421fda155b6f1ca9ad85ce4774c6cdcc1f6808b68cd211507b0040786e290ebdde38d3c89b210adc2b413d10039345f718a4fed0cdb45cce0660416a0dc449b1236b6d74be", 0xae, &(0x7f000000b700), &(0x7f000000b740), &(0x7f000000b780)="f699432465e8e7ab720e701e7ad65240e48d0b27b9b60771c88ebfd41a7ef4037c2569ddd72f3e8a2eaf7283fdb66bbb26e322beeb410f5004adae89517d80a4a856c49fa3e9e3ce047349eb8ac6f4a8375e70634db53160ba9f42dc9efa851b9032ccec0d166c11f23b7d0635d76424b9bd41632997a7081cd6f7ec3da1b7dd4673e8e5c9f1730e50f6de0f77b68b69c4347a39058333e08be3db0054b813c94fbda87e04543f23587fd5a6464d623a8ace471abdb5d35a7191804b466012fceedf956bf2993ab589c3c56dd2")
openat$dlm_control(0xffffffffffffff9c, &(0x7f000000b880), 0x100500, 0x0)
r8 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
getsockopt$llc_int(r8, 0x10c, 0x1, &(0x7f000000b8c0), &(0x7f000000b900)=0x4)
syz_genetlink_get_family_id$tipc(&(0x7f000000b940), 0xffffffffffffffff)

23m42.160103517s ago: executing program 1 (id=134):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$sndpcmp(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x4000}, 0x40)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x8080583a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r2 = socket(0x848000000015, 0x805, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x10000, @local, 0x3}, 0x1c)
ftruncate(0xffffffffffffffff, 0xf09)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000100)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x18, 0x0, "50e4d101a949f3f4d3479fb3110fbb83dc7a2414e74ef9c682c427e1a542df3531062020eb16da11d6707d82272beab27a1da6e527cceef0e7db687b56729c203d01b7693f6d4c81a64de132e818dea3"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000000)={@in, 0x0, 0x0, 0x0, 0x0, "d3d87bc1779df0260137ffea3b267abe0be604d99164ceede9ce200eb018abebbf99a8ae25b276a23593abc5bfbcd104244b1bcd3f8dcc8bb1afb8237f33ee41a904e61d65a7bacfec9dc935544d3f64"}, 0xd8)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r4, 0xffffffffffffffff, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[], 0x88}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x88, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x5c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x4}, @NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vcan0\x00'}, {0x14, 0x1, 'veth1_vlan\x00'}, {0x14, 0x1, 'pim6reg1\x00'}, {0x14, 0x1, 'ip6gre0\x00'}]}]}]}], {0x14, 0x10}}, 0x128}}, 0x0)

23m40.007945058s ago: executing program 1 (id=137):
r0 = syz_usb_connect$hid(0x6, 0x36, &(0x7f00000003c0)=ANY=[@ANYRES16, @ANYRESHEX, @ANYRES8, @ANYRESHEX, @ANYBLOB="f4657cba861953a9b8d7c50edb4f32ef1cd880d33f4c3c9e93b8881352480d8eba8177b4b980182d4e41ab15a5d05a4c8d713ad6ecdf7b4436af048766a699ac5a72a0bdd10ec47e995946eaf820a3f238356538ec2bcc68f1c5a4fb2eef188a175ca38c758e1cbb852ebd8da525ee9fadbaa6e7a33ab83033ca09b3090d32f465040e5f06408f"], 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x212000, 0x0)
mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x7992c3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x2, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x2, 0xed}, 0x2c)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), r3)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={0x0}, 0x1, 0x0, 0x0, 0x4005}, 0x20000005)
syz_io_uring_setup(0x2003, &(0x7f0000000580)={0x0, 0x3c65, 0x2, 0x3, 0xefffffff}, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300))
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0xe, 0x4, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x6d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x2d}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f00000006c0), &(0x7f0000000180)=r4}, 0x20)
socket(0x8, 0x6, 0x9)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
eventfd2(0x3, 0x1)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000200)={0x2c, &(0x7f0000000700)=ANY=[@ANYRESHEX=r1, @ANYRES64=0x0, @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0}, 0x0)

23m35.636460733s ago: executing program 1 (id=147):
r0 = socket(0x18, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="0100000000000000000012000000080007000000ffff08000800ffffff70180001801400020076657468305f746f5f62617461647600080009"], 0x44}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x80000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f00000006c0)='./file0/file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_DESTROY$ioas(r3, 0x3b80, &(0x7f0000000140)={0x8, r4})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x2, r5})
ioctl$IOMMU_IOAS_COPY$syz(r3, 0x3b83, &(0x7f0000000180)={0x28, 0x2, 0x0, r4, 0x32917d, 0x5, 0x4, 0x80283})
mount$bind(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x12f451, 0x0)
umount2(&(0x7f0000000480)='./file0\x00', 0x2)
r6 = io_uring_setup(0x168d, &(0x7f0000000400)={0x0, 0x6319, 0x2, 0x1, 0x2d9})
io_uring_register$IORING_REGISTER_BUFFERS2(r6, 0xf, &(0x7f0000002700)={0x1, 0x0, 0x2000000, &(0x7f0000000200)=[{0x0}], 0x0}, 0x20)
socket$unix(0x1, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000700)={'ip6_vti0\x00', &(0x7f0000000680)={'syztnl0\x00', 0x0, 0x4, 0x5, 0x63, 0x0, 0x8, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x40, 0x8000, 0x400, 0x2}})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
rmdir(&(0x7f00000000c0)='./file0/../file1\x00')
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/seq/clients\x00', 0x0, 0x0)
read$FUSE(r7, &(0x7f00000022c0)={0x2020}, 0x2020)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)

23m33.874364678s ago: executing program 1 (id=152):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000500)="af0ac9", 0x3}], 0x15}}], 0x1, 0x2400000c)
r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB='\x00'/20, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r2 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30ffff00000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff88a8430081"], 0x0)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x80}}, 0x0)
write$binfmt_misc(r3, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

23m33.007142482s ago: executing program 1 (id=156):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000300)=@newtaction={0x48, 0x30, 0x2, 0x0, 0x0, {}, [{0x34, 0x1, [@m_skbedit={0x30, 0x1, 0x0, 0x0, {{0xc}, {0x4}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0xf5, 0x2}}}}]}]}, 0x48}}, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f0000000680)=""/4096, &(0x7f0000000000)=0x1000)

23m30.162875485s ago: executing program 32 (id=156):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000300)=@newtaction={0x48, 0x30, 0x2, 0x0, 0x0, {}, [{0x34, 0x1, [@m_skbedit={0x30, 0x1, 0x0, 0x0, {{0xc}, {0x4}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0xf5, 0x2}}}}]}]}, 0x48}}, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x1f, &(0x7f0000000680)=""/4096, &(0x7f0000000000)=0x1000)

17m31.490590203s ago: executing program 0 (id=1134):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
pread64(r0, &(0x7f0000000240)=""/164, 0xa4, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b040000000000000000020000002400048020000180070001006374000014000280080002400000000f08000140000000140900010073797a30000000000900020073797a32"], 0x78}}, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x3, 0x4)
bind$inet6(r5, 0x0, 0x0)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x20)
r6 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r6, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
write(r2, &(0x7f00000004c0)="093f261ae2868afa217d407ad4b46ed706f56aaa9638952c3808d63ccfa94fd75ec5e88a2ca54b75062f053dae2276125816d702ff10de3f1a659db9b5d899ab96f9fbe46211ef7cde493690c0a718924338eccc6daba42380c05bf4c020afffade5d5a972303b61c9af2a802000dd4ff7a2", 0x72)
close_range(r0, 0xffffffffffffffff, 0x0)

17m29.702676335s ago: executing program 0 (id=1140):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0xffffffffffffff65)
socket$inet(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f0000000440)={'ip6gre0\x00', 0x0, 0x4, 0x0, 0x6, 0x9, 0x60, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7800, 0x50, 0x1, 0xffffffff}})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r4, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x1, 0x803, 0x0)
getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
fcntl$getownex(r5, 0x10, &(0x7f0000000340)={0x0, <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="01080001000000002a0800a7937a1a0f7136f3fd0500", @ANYRES32=r4, @ANYBLOB="08001300", @ANYRES32=r10, @ANYBLOB], 0x34}}, 0x0)
r11 = syz_open_dev$loop(&(0x7f0000000140), 0x8, 0x80)
ioctl$LOOP_SET_CAPACITY(r11, 0x4c07)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
ioprio_set$uid(0x3, 0x0, 0x0)
ioprio_get$uid(0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, &(0x7f0000000140)={@my=0x1})
socket$vsock_stream(0x28, 0x1, 0x0)

17m28.023748651s ago: executing program 0 (id=1146):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000240)='./file0\x00')
open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0)

17m26.237895751s ago: executing program 0 (id=1148):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd0}, 0x0)

17m25.745236265s ago: executing program 0 (id=1153):
mount$9p_fd(0x0, 0x0, &(0x7f0000000340), 0x20110e2, &(0x7f00000005c0)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@noxattr}, {@debug={'debug', 0x3d, 0x9}}, {@afid={'afid', 0x3d, 0x8000000000000001}}, {@version_u}, {@loose}, {@mmap}], [{@uid_eq}]}})
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="1400000016000b63d25a8064000000000124", 0x12}], 0x1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0xfc068000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x50)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x1000, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
io_setup(0x2e, &(0x7f0000000100)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f00000001c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000140)='^', 0x1}])
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)
sendmsg$nl_route(r6, 0x0, 0x0)

17m23.921004647s ago: executing program 0 (id=1160):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r1 = syz_open_pts(r0, 0x0)
dup3(r1, r0, 0x0)
ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000180)={0x38000, 0x8, 0x0, 0x2, 0x5, "aa32b73986bbee6bd231334cbfa0b758261a93"})
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
unshare(0x42000000)

17m8.826670329s ago: executing program 33 (id=1160):
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x7, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r1 = syz_open_pts(r0, 0x0)
dup3(r1, r0, 0x0)
ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0)
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000180)={0x38000, 0x8, 0x0, 0x2, 0x5, "aa32b73986bbee6bd231334cbfa0b758261a93"})
syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0)
unshare(0x42000000)

7m44.473051856s ago: executing program 3 (id=2688):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x80, 0x1405, 0x800, 0x70bd26, 0x25dfdbfd, "", [{{0x8, 0x1, 0x1}, {0x8, 0x3, 0x4}}, {{0x8, 0x1, 0x2}, {0x8}}, {{0x8}, {0x8, 0x3, 0x2}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x4}}, {{0x8}, {0x8}}, {{0x8}, {0x8}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x4}}]}, 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x0)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000180)=<r1=>0x0)
move_pages(r1, 0x4, &(0x7f00000001c0)=[&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil], 0x0, &(0x7f0000000200)=[0x0], 0xa)
flistxattr(r0, &(0x7f0000000240)=""/134, 0x86)
ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, &(0x7f0000000300))
r2 = accept4$x25(0xffffffffffffffff, &(0x7f0000000340)={0x9, @remote}, &(0x7f0000000380)=0x12, 0x80800)
ioctl$SIOCX25GCAUSEDIAG(r2, 0x89e6, &(0x7f00000003c0)={0x3, 0x2})
ioctl$sock_x25_SIOCDELRT(r2, 0x890c, &(0x7f0000000400)={@null, 0x9, 'macsec0\x00'})
syz_open_dev$vbi(&(0x7f0000000500), 0x3, 0x2)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x800)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000001540), 0x8000, 0x0)
ioctl$CEC_ADAP_G_CONNECTOR_INFO(r3, 0x8044610a, &(0x7f0000001580)={0x0, @raw})
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000001680)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000001740)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x4452}, 0xc, &(0x7f0000001700)={&(0x7f00000016c0)={0x24, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x8000)
setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r3, 0x110, 0x3)
clock_gettime(0x0, &(0x7f0000001780)={<r5=>0x0, <r6=>0x0})
timerfd_settime(r3, 0x4, &(0x7f00000017c0)={{0x77359400}, {r5, r6+10000000}}, &(0x7f0000001800))
recvmmsg(r3, &(0x7f000000b440)=[{{&(0x7f0000001840)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r7=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f0000004c80)=[{&(0x7f00000018c0)=""/133, 0x85}, {&(0x7f0000001980)=""/244, 0xf4}, {&(0x7f0000001b00)=""/4096, 0x1000}, {&(0x7f0000002b00)=""/13, 0xd}, {&(0x7f0000002b40)=""/4096, 0x1000}, {&(0x7f0000003b40)=""/71, 0x47}, {&(0x7f0000003bc0)}, {&(0x7f0000003c00)=""/117, 0x75}, {&(0x7f0000003c80)=""/4096, 0x1000}], 0x9, &(0x7f0000004d40)=""/206, 0xce}, 0x20}, {{0x0, 0x0, &(0x7f0000007200)=[{&(0x7f0000004ec0)=""/39, 0x27}, {&(0x7f0000004f00)=""/4096, 0x1000}, {&(0x7f0000005f00)=""/135, 0x87}, {&(0x7f0000005fc0)=""/242, 0xf2}, {&(0x7f00000060c0)=""/134, 0x86}, {0x0}], 0x6, &(0x7f0000007280)=""/109, 0x6d}, 0x80800}, {{&(0x7f0000007300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x80, &(0x7f0000008680)=[{&(0x7f0000007380)=""/90, 0x5a}, {&(0x7f0000007400)=""/50, 0x32}, {0x0}, {&(0x7f0000007480)=""/62, 0x3e}, {&(0x7f00000074c0)=""/180, 0xb4}, {&(0x7f0000007580)=""/4096, 0x1000}, {&(0x7f0000008580)=""/53, 0x35}, {&(0x7f00000085c0)=""/183, 0xb7}], 0x8, &(0x7f0000008700)=""/221, 0xdd}, 0xe4}, {{0x0, 0x0, &(0x7f0000008c40)=[{&(0x7f0000008bc0)=""/58, 0x3a}, {&(0x7f0000008c00)=""/11, 0xb}], 0x2, &(0x7f0000008c80)=""/122, 0x7a}, 0x1}, {{&(0x7f0000008d00)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000009e80)=[{&(0x7f0000008d80)=""/175, 0xaf}, {&(0x7f0000008e40)=""/51, 0x33}, {&(0x7f0000008e80)=""/4096, 0x1000}], 0x3}, 0x1}, {{&(0x7f0000009f80)=@isdn, 0x80, &(0x7f000000b2c0)=[{&(0x7f000000a000)=""/4096, 0x1000}, {&(0x7f000000b000)=""/54, 0x36}, {&(0x7f000000b040)=""/53, 0x35}, {&(0x7f000000b080)=""/31, 0x1f}, {&(0x7f000000b0c0)=""/239, 0xef}, {&(0x7f000000b200)=""/29, 0x1d}, {&(0x7f000000b240)=""/122, 0x7a}], 0x7, &(0x7f000000b340)=""/222, 0xde}, 0x800}], 0x6, 0x60, 0x0)
bind$802154_dgram(r7, &(0x7f000000b600)={0x24, @none={0x0, 0x3}}, 0x14)
syz_clone(0x8000000, &(0x7f000000b640)="543704c35dfca02b402341851134b42e4113f3a5b89636116c9ece178e25d474aa4a034512c768bef5513def39b7e9a2e0e2523a8aa5f7d64e182baf60ad563a19b5a63865c20ff0d7b1273238c6a040d47fde255fd2cb366e4c2e1be61f51788d2320635e1329cfb8421fda155b6f1ca9ad85ce4774c6cdcc1f6808b68cd211507b0040786e290ebdde38d3c89b210adc2b413d10039345f718a4fed0cdb45cce0660416a0dc449b1236b6d74be", 0xae, &(0x7f000000b700), &(0x7f000000b740), &(0x7f000000b780)="f699432465e8e7ab720e701e7ad65240e48d0b27b9b60771c88ebfd41a7ef4037c2569ddd72f3e8a2eaf7283fdb66bbb26e322beeb410f5004adae89517d80a4a856c49fa3e9e3ce047349eb8ac6f4a8375e70634db53160ba9f42dc9efa851b9032ccec0d166c11f23b7d0635d76424b9bd41632997a7081cd6f7ec3da1b7dd4673e8e5c9f1730e50f6de0f77b68b69c4347a39058333e08be3db0054b813c94fbda87e04543f23587fd5a6464d623a8ace471abdb5d35a7191804b466012fceedf956bf2993ab589c3c56dd2")
openat$dlm_control(0xffffffffffffff9c, &(0x7f000000b880), 0x100500, 0x0)
r8 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
getsockopt$llc_int(r8, 0x10c, 0x1, &(0x7f000000b8c0), &(0x7f000000b900)=0x4)
syz_genetlink_get_family_id$tipc(&(0x7f000000b940), 0xffffffffffffffff)

7m43.716582946s ago: executing program 3 (id=2689):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x2)

7m43.408679799s ago: executing program 3 (id=2691):
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_GET_SPEED(r1, 0x551f)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0xfffffffffffffffc)
ioctl$FS_IOC_GETVERSION(r2, 0xc0105b08, &(0x7f0000000040))
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r5 = dup(r4)
write$FUSE_BMAP(r5, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r5, &(0x7f0000000480)={0x18}, 0x18)
write$FUSE_INIT(r5, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x772, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x40, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r7 = getpid()
recvfrom$l2tp(r5, &(0x7f00000004c0)=""/159, 0x9f, 0x40002001, 0x0, 0x0)
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)

7m39.866959211s ago: executing program 3 (id=2700):
r0 = socket(0x10, 0x3, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x401c2, 0x0)
ftruncate(r1, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
sendfile(r2, r1, 0x0, 0x578410eb)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000190c0)={&(0x7f0000019180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x5, [@enum64={0x1, 0x5, 0x0, 0x13, 0x0, 0x8, [{0xd, 0x7fff, 0x1df2cb2b}, {0xf, 0x3, 0x3}, {0x3}, {0x4, 0x4, 0x8}, {0x9, 0xffffffff, 0x6}]}]}, {0x0, [0x2e, 0x5f, 0xe]}}, 0x0, 0x65, 0x0, 0x1, 0x1}, 0x28)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000019080)={&(0x7f00000000c0)='sched_switch\x00', r4, 0x0, 0x3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000340)=ANY=[@ANYBLOB="0002020100000000ff02000000000000000000000000000137a5bc3bfda259f50cfdb6afe174f825df40b38cc208b36fd09b2e667ae7e61e9936ecace0a5210501892e159a4f8abd1745fb7c4b3005653f83f5359f126c15bdeec508c3c447b58fdfd1d0174fb9d273db11f4cc7b025d1dc6980c34053972ef700a8a01a4f1c3337c03b0ab6c85cc49ed5e"], 0x18)
r6 = syz_open_procfs(0x0, &(0x7f0000019140)='net/udp\x00')
socket$inet(0x2, 0x2, 0x0)
socket$inet(0x2, 0x2, 0x0)
pread64(r6, &(0x7f0000000080)=""/102356, 0x18fd4, 0x200)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r7=>r0, {0x1, 0xe684}}, './file0\x00'})
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000019200)=ANY=[@ANYBLOB="58008000100037042dbd7000fddbdf2500000000039a88811d854138c6b902b44f64336e1fed4b3a25af6266296a4ad3843be5d02866ff2ff6b623457c7558a0514a133f3a187c05be3b17cd0b", @ANYRES32=0x0, @ANYBLOB="8304040000000000380012800b0001006772657461700000280002800600030081000000040012000600020007000000050013000000000008000700ffffffff"], 0x58}, 0x1, 0x0, 0x0, 0x11}, 0x0)
syz_kvm_setup_syzos_vm$x86(r7, &(0x7f0000bff000/0x400000)=nil)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r9=>0x0})
r10 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000100)=0x1a)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x3c, 0x24, 0xf0b, 0xfffffffd, 0x0, {0x60, 0x0, 0x0, r9, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x0, 0xfff7}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}]}}]}, 0x3c}}, 0x0)

7m38.108405876s ago: executing program 3 (id=2705):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
writev(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1}], 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0)

7m34.938596026s ago: executing program 3 (id=2710):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"})
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})

7m19.797968994s ago: executing program 34 (id=2710):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x200000, 0x0)
close(r3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"})
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'})

4m22.827088266s ago: executing program 2 (id=3157):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000002480)='./binderfs/binder0\x00', 0x800, 0x0)
r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000380), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f000001b400)={0x11, 0x24, &(0x7f00000193c0)=ANY=[@ANYBLOB="1800000003000000000000000800000018110000dddda65e1d8c4417b1c1dbd234fb1ce5a1206759b3e72adfd8747a251142f74c7cbff595de090356504a26d7a46d72b7183e335c92e73c6191495fbce19908c632bcc6c6beac671cebb0e73143239314692d2633233dec19df9a9c0dc6c859d006094cfd52757f76defb92d53170697d76ccff466fd413da202b770ce4af95b309640637fd", @ANYBLOB="00b997054fc8122ae10e718cb037012499f28fb9d55fbdea43b39d82609d2877501f147810223f5a6f6299a510910f200125dc45f524b701a3caf8be526aef1e714af42f5bff979806b6973929968871862787a3e29a16f5967568c8cb5b322f89d7", @ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x1, 0x3a, &(0x7f0000000280)=""/58, 0x41100, 0x1d, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f000001b6c0)={0x7, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f00000003c0)=""/102392, 0x18ff8)
read$FUSE(0xffffffffffffffff, &(0x7f000001b700)={0x2020}, 0x2020)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000c40), r2)
sendmsg$NFC_CMD_LLC_SDREQ(r2, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000c80)={0x14, r3, 0x1, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x800)
read$FUSE(0xffffffffffffffff, &(0x7f0000000580)={0x2020}, 0x2020)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000080)={'ipvlan1\x00', 0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f00000001c0)={0x2, &(0x7f0000000040)=[{0x20, 0x2, 0x0, 0xfffff03c}, {0x6}]}, 0x10)
r6 = syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x0)
ioctl$I2C_SMBUS(r6, 0x720, &(0x7f0000000600)={0x0, 0x0, 0x1, &(0x7f0000019540)={0x20, "50e1c0340af66e0dffda611f117e9df8b20630faa67cf4f18bda15c85613a37043"}})
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

4m21.979147001s ago: executing program 2 (id=3162):
unshare(0x22020600)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid\x00')
r1 = syz_open_procfs$userns(0x0, &(0x7f0000000040)) (async)
r2 = ioctl$NS_GET_PARENT(r0, 0xb702, 0x0)
sendto$netrom(r1, &(0x7f0000000180)="7a1cc5fd26e2277ab169bdbbdbc1410cbfc7404c9d2063f6403956188dd2ebcb16ee51c513bfebc960c0ce6849f7d01702aa7e805bb90628b5b07d3365654aa3dabc690c7bdc697394ab4a71b25dc48b9240b6614a7ccc655c0f94d1ad4caba14e56ec68a40a15310db35e61f6ca01d6d821db0bdb56db7a7a1530534b3131cda2628173f7559539c6de592f9ffef3fdc3dbdfeb27445fc1e22f7feb25c16c3e4400bf8fb77aa88805521d29ca41147c5e8ac799b11af071d6b89c4fb1f274c22f7b49dc433f2d91d18d38e2b597d139d2223ea029146ab0", 0xd8, 0x48880, &(0x7f0000000080)={{0x3, @default, 0x6}, [@bcast, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x48) (async)
r3 = memfd_secret(0x0)
read$msr(r3, &(0x7f0000000280)=""/214, 0xd6)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x9}, 0x94) (async)
r5 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000070000000090a010400000000000000000100fffd08000a40000000000900020073797a31000000000900010073797a30000000000800054000000025340011800a0001006c696d6974000000240002800c00024000000000000000030c000140ffffffffffffffff080003"], 0xb8}, 0x1, 0x0, 0x0, 0x40c0}, 0xc4) (async)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) (async)
r7 = fsmount(r5, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000100)={r4, r7, 0x3, 0x0, @val=@iter={0x0}}, 0x20)
ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000100)={'veth1_to_hsr\x00'}) (async)
setns(r2, 0x80) (async)
r8 = socket$inet(0x2, 0x2, 0x1)
sendmsg$inet(r8, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x5000, @empty}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="08001efbb07d586e", 0x8}, {&(0x7f00000001c0)="877ba26b4957606fb1e825155fdfd219a2e8852392b2a954ba3ca6a6b5d0196756af9d11b41e44527c82e6b6c4fa06b841a84e241cf4bea99ae1acfa07f4c1cc4c06552c51f0603fd5292b74f8981d3816a65292c9dc797ce027eac497a4cb85d44b5d44de727e037b8f6c2634f69f06c242271b572ce5942312154aa74c63ae7fcfa1b518cba69f51b8177d56ef01c3515eb9d9f84afcefc435ec2cc0427a66af12dd9cde0b06821e10dcd511e8be474460c24b7e3d9c3543ae26e6a34782fa47d4923e4c60000000", 0xffe7}], 0x2, 0x0, 0x0, 0x60000000}, 0x4)
ioctl$FS_IOC_GETFSUUID(r6, 0x80111500, &(0x7f0000000380)) (async)
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', 0x0, 0x84000, 0x0)

4m21.256910039s ago: executing program 2 (id=3163):
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, 0x0, 0x0)
writev(r0, 0x0, 0x0)
r1 = socket$inet(0x2, 0x2, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}]}, 0x18}], 0x1}, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)

4m20.586810275s ago: executing program 2 (id=3166):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r0, 0x0, 0x4}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0xe8}, 0x1, 0x0, 0x0, 0x40040000}, 0x0)

4m19.671640084s ago: executing program 2 (id=3169):
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x2, 0x1)
syz_io_uring_setup(0x1e1e, 0x0, &(0x7f0000002000), 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000580)='net/fib_trie\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(0x0, 0x8000002000000, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
pread64(r0, &(0x7f0000019180)=""/102355, 0x18fd3, 0xc2a)

4m17.776013605s ago: executing program 2 (id=3173):
r0 = syz_io_uring_setup(0x1108, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x21e}, &(0x7f00000003c0)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_setup(0x648, &(0x7f00000000c0)={0x0, 0x7510, 0x1000, 0x3, 0x969})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, 0x0, 0x118)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r3, 0x0)
io_uring_enter(r3, 0x4201, 0xcb, 0xf, &(0x7f0000000000)={[0x40000000]}, 0x8)
io_uring_enter(r0, 0x471b, 0xfffffffe, 0x20, 0x0, 0xffffffffffffff68)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r6, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x20042, 0x1})
syz_usb_connect$cdc_ecm(0x2, 0x50, 0x0, &(0x7f0000000280)={0x0, 0x0, 0xb, &(0x7f00000002c0)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000004}, 0x24004800)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000006c0)=@mangle={'mangle\x00', 0x8, 0x6, 0x5f0, 0xd0, 0x0, 0x3c0, 0xd0, 0x220, 0x520, 0x520, 0x520, 0x520, 0x520, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@ipv6={@private1, @private2, [], [0x0, 0x0, 0x0, 0xff000000], 'pimreg0\x00', 'caif0\x00', {}, {}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x108, 0x150, 0x0, {0x5002}, [@common=@unspec=@connlabel={{0x28}, {0x0, 0x3}}, @common=@unspec=@connbytes={{0x38}, {[{0x1}, {0xfffffffffffffffa}], 0x1}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@private1, @ipv6=@loopback, 0x29, 0x37}}}, {{@ipv6={@local, @rand_addr=' \x01\x00', [0x0, 0xffffffff], [0xff], 'veth1_to_batadv\x00', 'wlan0\x00', {}, {}, 0x32, 0x0, 0x0, 0x2}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x0, 0x3}}}, {{@uncond, 0x0, 0x138, 0x160, 0x0, {}, [@common=@dst={{0x48}, {0x3, 0x6, 0x1, [0x0, 0x7, 0x1ff, 0x7f, 0x7f, 0x7, 0x1, 0x799c, 0xd, 0x7, 0x2, 0x100, 0x1, 0xf6ee, 0xffff, 0x7f], 0xa}}, @common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}]}, @HL={0x28, 'HL\x00', 0x0, {0x9, 0x80}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x650)

4m2.295443038s ago: executing program 35 (id=3173):
r0 = syz_io_uring_setup(0x1108, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x21e}, &(0x7f00000003c0)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_setup(0x648, &(0x7f00000000c0)={0x0, 0x7510, 0x1000, 0x3, 0x969})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, 0x0, 0x118)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r3, 0x0)
io_uring_enter(r3, 0x4201, 0xcb, 0xf, &(0x7f0000000000)={[0x40000000]}, 0x8)
io_uring_enter(r0, 0x471b, 0xfffffffe, 0x20, 0x0, 0xffffffffffffff68)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r6=>0xffffffffffffffff})
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r6, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x20042, 0x1})
syz_usb_connect$cdc_ecm(0x2, 0x50, 0x0, &(0x7f0000000280)={0x0, 0x0, 0xb, &(0x7f00000002c0)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000004}, 0x24004800)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000006c0)=@mangle={'mangle\x00', 0x8, 0x6, 0x5f0, 0xd0, 0x0, 0x3c0, 0xd0, 0x220, 0x520, 0x520, 0x520, 0x520, 0x520, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@ipv6={@private1, @private2, [], [0x0, 0x0, 0x0, 0xff000000], 'pimreg0\x00', 'caif0\x00', {}, {}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x108, 0x150, 0x0, {0x5002}, [@common=@unspec=@connlabel={{0x28}, {0x0, 0x3}}, @common=@unspec=@connbytes={{0x38}, {[{0x1}, {0xfffffffffffffffa}], 0x1}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@private1, @ipv6=@loopback, 0x29, 0x37}}}, {{@ipv6={@local, @rand_addr=' \x01\x00', [0x0, 0xffffffff], [0xff], 'veth1_to_batadv\x00', 'wlan0\x00', {}, {}, 0x32, 0x0, 0x0, 0x2}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x0, 0x3}}}, {{@uncond, 0x0, 0x138, 0x160, 0x0, {}, [@common=@dst={{0x48}, {0x3, 0x6, 0x1, [0x0, 0x7, 0x1ff, 0x7f, 0x7f, 0x7, 0x1, 0x799c, 0xd, 0x7, 0x2, 0x100, 0x1, 0xf6ee, 0xffff, 0x7f], 0xa}}, @common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}]}, @HL={0x28, 'HL\x00', 0x0, {0x9, 0x80}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x650)

2m35.297834335s ago: executing program 6 (id=3439):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x1ac)
ioctl$BLKTRACESTOP(r0, 0x1275, 0x0)

2m35.083563103s ago: executing program 6 (id=3441):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0xc0010002, 0x0, 0xffffffffffffffff}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0x1ac)
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0xd2, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd602a1c99009c880000000000000000000000000000000000ff02000000000000000000000000000100000000009c9078"], 0x0)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
write$P9_RWALK(r3, &(0x7f0000000040)={0x30, 0x6f, 0x1, {0x3, [{0x20, 0x1, 0x8}, {0x20, 0x4, 0x2}, {0x1, 0x3, 0x6}]}}, 0x30)

2m33.670310765s ago: executing program 6 (id=3446):
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
open(0x0, 0x143c62, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
timer_delete(0x0)

2m31.423182405s ago: executing program 6 (id=3451):
socket$inet(0x2, 0x3, 0x7)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0xfef2)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x9, &(0x7f0000000040)=0x440, 0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @remote}, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) (fail_nth: 3)
close(0x4)

2m30.309564285s ago: executing program 6 (id=3458):
syz_open_procfs(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xa20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_submit(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='nfsd\x00', 0x10, 0x0)

2m27.229260675s ago: executing program 6 (id=3466):
mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = signalfd4(r0, &(0x7f00000000c0)={[0x9]}, 0x8, 0xe6a57a635a4e753e)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000100), &(0x7f0000000180)=0x4)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4)
r2 = socket$xdp(0x2c, 0x3, 0x0)
recvmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000200)=@nl=@proc, 0x80, &(0x7f0000001600)=[{&(0x7f0000000280)=""/133, 0x85}, {&(0x7f0000000340)=""/138, 0x8a}, {&(0x7f0000000400)=""/78, 0x4e}, {&(0x7f0000000480)=""/224, 0xe0}, {&(0x7f0000000580)=""/88, 0x58}, {&(0x7f0000000600)=""/4096, 0x1000}], 0x6, &(0x7f0000001680)=""/163, 0xa3}, 0x40002120)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', <r4=>0x0})
bind$xdp(r2, &(0x7f00000001c0)={0x2c, 0x8, r4}, 0x10)
syz_usb_connect(0x3, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e395292024042c011e710102030109022d000100001000090485000342e6440209050b02000486b20609050f021002"], 0x0)

2m12.031928839s ago: executing program 36 (id=3466):
mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = signalfd4(r0, &(0x7f00000000c0)={[0x9]}, 0x8, 0xe6a57a635a4e753e)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000100), &(0x7f0000000180)=0x4)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4)
r2 = socket$xdp(0x2c, 0x3, 0x0)
recvmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000200)=@nl=@proc, 0x80, &(0x7f0000001600)=[{&(0x7f0000000280)=""/133, 0x85}, {&(0x7f0000000340)=""/138, 0x8a}, {&(0x7f0000000400)=""/78, 0x4e}, {&(0x7f0000000480)=""/224, 0xe0}, {&(0x7f0000000580)=""/88, 0x58}, {&(0x7f0000000600)=""/4096, 0x1000}], 0x6, &(0x7f0000001680)=""/163, 0xa3}, 0x40002120)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', <r4=>0x0})
bind$xdp(r2, &(0x7f00000001c0)={0x2c, 0x8, r4}, 0x10)
syz_usb_connect(0x3, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e395292024042c011e710102030109022d000100001000090485000342e6440209050b02000486b20609050f021002"], 0x0)

15.279485616s ago: executing program 7 (id=3816):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x11ff, @broadcast, 'bond_slave_1\x00'}}, 0x1e)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x40880)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, 0x0, 0x0, 0x2, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r7, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x7}, '\x00', "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", '\x00\x00=*', "1202000000040030"}, 0x58)
setsockopt$inet6_tcp_int(r7, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
setsockopt$inet6_tcp_TCP_MD5SIG(r7, 0x6, 0xe, 0x0, 0x0)
connect$inet6(r7, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
recvmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000021840)=[{&(0x7f00000207c0)=""/39, 0x27}], 0x1}, 0x10041)
connect$pppoe(r0, &(0x7f00000016c0)={0x18, 0x0, {0x3, @random="3c38448f3736", 'macvlan1\x00'}}, 0x1e)

14.080989759s ago: executing program 7 (id=3818):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000, 0x2, &(0x7f0000ffc000/0x3000)=nil)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000206030000000000000000000000000005000100070000000900020073797a320000000014000780080013400000000008001240000020000500050002000000050004000000000015000300686173683a6970", @ANYRES8=0x0], 0x64}}, 0x840)
add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
fsopen(0x0, 0x1)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000000000)={0x7, {"a2e3ad21ed0d52f91b5d330987f70e06d038e7ff7fc6e5539b0d47078b089b3907306d090890e0878f0e1ac6e7049b334a959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07670936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70fe98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf1a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e470dea05918b41243513f000800000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3e3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14d9fdb8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a19000000000000006f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69b15c9f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d44400009a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc01008cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c16c02ed4b5d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaab1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106d26658b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6b14effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c110000a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b51028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6815d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3f3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51090840517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4e004a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6ce1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c817e9177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d543902113c4c859465c3c115c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc248850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafcc009fc074bb6b68a1f0c4649820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948998cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2fd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5dc4ff8f0104000000000000df72279fdb0d2b9e936e5a983c12fded79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d3700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa6e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9f07b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e3ebb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3fec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4cddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r5}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$nl_route(0x10, 0x3, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f0000001040)={{0x0, 0x0, 0x0, 0x4, 'syz0\x00', 0xfffffff8}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r6, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0xa, 'syz0\x00', 0x10000}, 0x1, [0x327cf3e4, 0xfffffffffffffffc, 0x0, 0x0, 0x1819, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000001, 0x0, 0x0, 0xc19, 0x0, 0x2, 0x0, 0x0, 0x5, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0x9, 0x4, 0x8, 0x0, 0x0, 0x2001, 0x9f6, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x3, 0x0, 0x0, 0x1c00000, 0x0, 0x6, 0x200000000, 0x0, 0x5, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x7ff, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x4000, 0x0, 0x7fffffffffffffff, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x1, 0xffffffff, 0x8, 0x0, 0x0, 0x2, 0xb, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000000]})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)

12.300181326s ago: executing program 8 (id=3822):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x34, 0x10, 0x403, 0xfffffffc, 0x3f, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syz_emit_ethernet(0x1ce, &(0x7f0000000680)={@local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x6, 0x6, "bdc0e1", 0x198, 0x11, 0x0, @local, @local, {[@fragment={0x0, 0x0, 0x9c, 0x1, 0x0, 0x5, 0x64}, @hopopts={0x88, 0xa, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @jumbo={0xc2, 0x4, 0x9}, @padn={0x1, 0x1, [0x0]}, @enc_lim={0x4, 0x1, 0x5f}, @calipso={0x7, 0x28, {0x0, 0x8, 0x4, 0x3, [0x3, 0x4, 0x7, 0x91a4]}}, @padn={0x1, 0x2, [0x0, 0x0]}, @jumbo={0xc2, 0x4, 0xfffffff4}]}, @dstopts={0x84, 0x5, '\x00', [@pad1, @hao={0xc9, 0x10, @rand_addr=' \x01\x00'}, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @padn={0x1, 0x1, [0x0]}, @enc_lim]}, @dstopts={0x87, 0x11, '\x00', [@ra={0x5, 0x2, 0x7ff}, @hao={0xc9, 0x10, @private2}, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @enc_lim={0x4, 0x1, 0x5}, @jumbo={0xc2, 0x4, 0x8}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x28, {0x2, 0x8, 0xff, 0x8, [0x9, 0x9, 0x4, 0x6]}}, @jumbo={0xc2, 0x4, 0x10}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @jumbo={0xc2, 0x4, 0xfffffffe}]}, @srh={0x73, 0x6, 0x4, 0x3, 0xfe, 0x4c, 0x4, [@private0, @remote, @private2]}], {0x4e23, 0x4e23, 0x28, 0x0, @gue={{0x1, 0x0, 0x1, 0x5, 0x100, @void}, "819982567ccd3792f6ea1f2a2a876331084d25bef0875a6e3fb6a143"}}}}}}}, &(0x7f0000000540)={0x1, 0x4, [0x51b, 0xfdd, 0x883, 0x13e]})

11.551430851s ago: executing program 8 (id=3824):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
r0 = syz_open_procfs(0x0, 0x0)
lseek(r0, 0x100000000, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x7e00, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000340)={'syztnl2\x00', &(0x7f00000003c0)={'syztnl2\x00', <r1=>0x0, 0x2f, 0xe, 0xf, 0x8, 0x55, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @local}, 0x7858, 0x8000, 0x6, 0x7ff}})
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @sk_skb=0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x5}, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001240)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$netlink(0x10, 0x3, 0x12)
r2 = getpid()
prlimit64(r2, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010062726964676500001400028005002b000300000005002a0000000000a275a4f5cdb89fa04b38e8d481fb8caa74550be2569d4331e55e41eb96bee12449aed76436e7cba1f031594fe22369f3e71c03bed7a52492526fae71abe5e88f6148"], 0x44}, 0x1, 0xffffffea, 0x0, 0x4004}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r4)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r4, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100230100003402000100", @ANYRES32=0x0, @ANYBLOB="08000400000000000800030001000000"], 0x2c}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TIOCGISO7816(r0, 0x80285442, &(0x7f0000000200))
preadv2(0xffffffffffffffff, &(0x7f0000000280)=[{0x0}], 0x1, 0x0, 0x0, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000706010800000000000010000a00000405000100070000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)
socket$nl_route(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000020000000000000080000000950000000000000018180000", @ANYRES32, @ANYBLOB="00000000000000000000000010ffffff00b15b8400000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b703000000000000850000000c000000"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x29, &(0x7f00000000c0)=""/41, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0xa, 0x6, 0x9}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000180)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1], &(0x7f00000001c0)=[{0x3, 0x1, 0x6, 0x3}, {0x2, 0x6, 0x5, 0x5}], 0x10, 0xffff}, 0x94)
fsopen(&(0x7f00000001c0)='jffs2\x00', 0x0)

11.352443235s ago: executing program 7 (id=3826):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000002ac0)=@newlink={0x20, 0x10, 0x1, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2180}}, 0x20}}, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
ioctl$KVM_RUN(r3, 0xae80, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000a1800000000000000000000b7080000000000007baa00fe000000"], 0x0, 0x3}, 0x94)
r4 = accept$unix(0xffffffffffffffff, &(0x7f00000000c0), 0x0)
connect$unix(r4, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
gettid()
r7 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r7, 0xc0d05605, 0x0)

9.822067099s ago: executing program 7 (id=3828):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000040))
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0xa0201, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000780)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYRESHEX=r2], &(0x7f0000000080)='GPL\x00'}, 0x94)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r6}, 0x10)
syz_open_dev$I2C(0x0, 0x80, 0x14000)
mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x2014800, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x590, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x4c0, 0xffffffff, 0xffffffff, 0x4c0, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x300, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x1, 0x1, 0x0, 'syz1\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5f0)
sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)={0x70, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x2}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x6}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x2}, @NL80211_ATTR_NOACK_MAP={0x6}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x5}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x5}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x96e}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xfff0}, @NL80211_ATTR_NOACK_MAP={0xfffffffffffffec1, 0x95, 0x3}]}, 0x70}, 0x1, 0x0, 0x0, 0x4040044}, 0x4000000)

9.675489944s ago: executing program 8 (id=3830):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x55)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
preadv2(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r6, &(0x7f0000000380)=ANY=[@ANYBLOB="0e0001000200"], 0x8)
sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000c80)=ANY=[@ANYBLOB="9403000078000106000000000000000007000000470000007a"], 0x394}, {&(0x7f0000002280)={0x1380, 0x28, 0x2, 0x70bd2a, 0x25dfdbfc, "", [@nested={0xc9, 0x3a, 0x0, 0x1, [@generic="0a716fb419c90096e9ca0dd75d93086066f4dd2637430f9acb5e755b996c7b5edd7adfa7b67dda6e1e6413765f2e941e86a4534584eb5a9dcaf54245b616d93d32174309e36a0e5cb4e3dbf588ef72cb43eb5e3229540bf020345d7c4fd3cc03c72872a21683cf587f92f068148a749fcdf39dff03bd4e4809ccf5078ed3f4ec98a4f8985eb20ef8780602330d2876ec9ca09fac8a553402b4", @nested={0x4, 0x74}, @typed={0xc, 0xf2, 0x0, 0x0, @u64=0x8}, @typed={0x8, 0x41, 0x0, 0x0, @pid=r1}, @typed={0x8, 0x10c, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x1f}}, @nested={0x4, 0x19}, @typed={0x8, 0x59, 0x0, 0x0, @str=')$,\x00'}]}, @typed={0x4, 0x119}, @nested={0x10bb, 0x147, 0x0, 0x1, [@typed={0x37, 0xf7, 0x0, 0x0, @binary="1bad996ca61e0f472444d43854624ab5f38e279a4d849d7eeb49a84314f3e4acc05b447c04bc2db3eefcc6de0729f0f96e995f"}, @typed={0x5, 0x43, 0x0, 0x0, @str='\x00'}, @generic="5bdf9055252910a6fc12823f14030e403182dbfa19ab9a15f1787a3343927cdeeeb72ad11e60cff8ff1ccfcf0fa30737cba32924fef3a446a0c9dc7ca3fb8bf900192716a88a635ceaf4d55752f3016fcd12945edd37e2bc72c81d0244e80ba29e0295433ec63adfbc205549cc6e7de153dd959a4d754f3c54e1e7d7f6ea06518b5007569169daac9dcd074cc037294a74bb205f9b6ffe18a8c95b02", @typed={0x8, 0xc4, 0x0, 0x0, @uid=0xffffffffffffffff}, @nested={0x4, 0xe6}, @generic="1b03863a7dd51d8ef97156aee8b1a8410db235cd719e33455df9516eae1d3ed8e8b2d97d7ceb163d278444b7b96920062c7f5d6de97a2191971de281227ed978b2b3046f23765df0719444c8fcff58019cf1ffc92dc79c1673cf10cdb1e23dd450e3e37a941668a8174db34bb043f28f2626b8cd15d2011f2e886445d0f3c7c7cebb00728e068f60aff5d77f027a1d33f2636d05a943be93e0b1416b5e28f7d253cb51518a8ebaccc4c6de5211f4d0956a536d6e9331c536486ed7efbc120391cdb6b009ea546ccf5365eb4224567bd7f0f69cd738e7abb1d7d8ea96dac6c334a926a2d3612aa4278ee1304de0006cb0fad34f62966538514494a36c1de1819c70d3bad595b4aab415c94aa786b7f7f541123508ecbcf9724e3ca1930666a21c74a8312314c8054ef2f665f88dbe64631dbceb2ee0c7a00acc4e1e913c56e80c4fd4c37161cd27e2ecdc9ae63e5031c87479910b981370cb89d135eda347057c63757605577a8b37b4d385b5068796e285587233f0329162979a05685a30f138fbc9f0e876f084125c0ae26d56c378b42bd45cb955d18b98da4f7172c95b2edfaf8fbe4c96ff69e8a486ad53ed9e3dfae094fcd42c85a86667d9b757cd443862124842259865502606406ef4be8c21a698048254320f535f739906b51ea0fa7662e9f7b5ff4f90361434c3de6b3219b63618f3b467c007dc094a54f96ae24455bc9c7252f8d9a4fe8c2450c3c166adef195227986a2f011f04521d2b8f5dade2fc939d8610424d624cfad96f9a5327d945bf1ded447464754c0a9e2e538fa9a2105103f0c62e708827af81a9fff551e3476c4a0a4d7c2476b9caf06f6a8d6e4cccfbb30fe1b5a2693de0801d9f4c89122f9943e7a38abfe930064234d2455f7e945fd5ef1f076fb8e7db52bed27a361eb85836d96297811c303e8c04eb303b2b672f438030b3c2fd2d1f176d72225ccbd1ae58ec143215dcb7b5535f362b728dddc40f90eb942dc0b41a25689abfd45f89ca1657f79a847eae6a863fe78554f0629877105ac17002554b1908303cd3ecd9d0efa0f9bde270e856a0210663056c81876a7e43228ccba2e79c65ee3b78aea92a0a0684bd10ec6d63130dd6c5f77aa6ca5b12ecd7fe5485f09441810a359ed8986bd56dbcf3253b3691b4355d87d000e8927e17e99bf2577d577f2ebf40a47660b49956ff7fb41cca1c9f8a8092c2b70241dfbff7313a40037277276283b05f01049fcbda28f0a5df7386844168fdba60bd58b0a9d9b2df96fecff237a87c3a808eb6b6bf113c07066d8e15ba8686f37bca97a789796ef9cb25ca551df8b0a4f93adc93a07f4bce620cbbb5779ec04047b3b0669f6acaaf3d6a5ae6cc0df8e550f800c37cf7c55ab9837f988bf7d02879b28c487bade18990d7dd025f3a7fc5bf52cde2e65a4b51c7bee3645f1c827b981d859f62a587f696a98ec0445de6017e5c9604eb89f3a45a3e6aaa269e8af7eb4fa36bd4e3162ddb58d29af86c907f291f8e22403772ee8ca6b3e17b819787cf4e6a24fdf3085afe14fde74e14bee8f49dfa3f1fc5a43cab76c2627214fd40e8b2ac73fafd0bd86d8ede053770ac14de9aac0ec017368c5d2f02d5d5447f43fc8714e2193d74eb7f4e0dd9ab1baebcd74e02cc141e26bd7ec4515f9cdab9ce3e7054e5264839eb89af6d83679ecef33d851714cc003239e93b9057c36ac5ac57081c92360abc2c4f80ab073e8acd5a832e573a26889ad0f1713d9f454aa257bb3f17073235dea1ad7855f9cfaaaf285f531523ca97dd201595c30d3e8aa2ae093f8280a4e3886a69353105c02aed31d48431b8b53e5d3c4af5dfb932d23bab100f472b31ab3d0ecac2d8297e8627540d43463df0539280b41a4058eee8ce29f73a794f93428cbe0794d7efb5685b6877704728076ddc5efa201b60ecbb96455372e01dccea688cd91064feda21bd274bef376a84e76b6fec7b64a3fdb2177770f187830d159d27219fb00c0a731c18aed2f5d1d63f78aa7d33836b617c1c964f5666eb670675a315fdf311a040501a83d8c75464db640408283aee162955d0351c450f46074036ac6162f2db74c9c6b0f6d4f6ba27af9b9fd504ed6f3c452e17dbdf0014d86830cec1647548c28523e572f6d7196e3de40e3b8e1080559d2bf2f7fa9f9d3890a846e0ebe106ef2e9be9e5d323fff0b2ea7724eaa8a3816b34e484ebd12280ee9aa7a4dbacc62bb88ba310d2c322f606f792495a64214eaea007998bc2ead1dc2358911d9f936dae8d7bc41d60aade94547ceaf9360b38e4f385fd10a9ce8f64720889e05fbed2bc14a2e976cca6bf8fc2cb43bb8b9c6418a977ee5a0b4e9a1547c8bf155c0f8d314196fe13c7ba7f0329cdd4812c8da2fbec6619f6f2c4de9a77bf7a1ad17f1f6410334a9685b10c42211ad86066259d8138cc304cc15270b4d293e62d725ec23e336be12b05277d939e65ae3637365bb7c54ec5d9ee332e122fe9adafb0091df91d7d19a8f31f3a96e7f52021014f0190c4943a571d1f525ac6947cbff5ae4f49dab10a0cc79fcf717ae3d638af4ccb9b86a40578092dbb1c016a232b293371dbee633cbf125abd51e00be44421f6698374cbba1805f90098b46fe8432a0ed0770df31cbd565ac8f2f2b81c9f5c2a351cb7cdfe44c2433249fd89adefba61f969b878b7b5c6e82bccae68e8421332f97dcd24e915a878e4ce5985a36d3a11c3b926ecbe2c4a5ee01bca6108180445deb6287b104ea60a473d0bbea4c43695e80b725dad41fe60a03c9597dadb078d1565b8831467626f19981c317fd63a87e3c5cc28049ad0a9bde0a14ef7892b247639af25f365381ac5a4b53d16ba41aa537366974396af2eacd990626c18102c25b34974e3050ff995ddabe5e831c1429f1b149c5b8fbcf8845762eece6ad61f03207ef7f61a53cee0061ddb46c8132315924c7c79fb3230dd57bcd76f109b6678a0f3ca433dd3ebc2ee1fa170598ce37c8c69e6c291317436e4a6effef8c37facfb6a05eebc5a8eeb7138d3a3fea54c59d0059da02143b2f51dc1227356933bcc2e4e3d6488d846d6c573534494093eea8521def7ad389f7edb61a2e0088e89c063c0bf7880171c3b03735c7fa8ab71f46c32ed9870f9859e9bbaf5b7dbcf6e79dc906f6d570f8dc413451e783a99d94a2a07a1fae00e22ffdc635fed0b729fa08d3cbb820fe86abe04a960635499b856b7d0ad38bb20b81eef7289be4348e3a640d9808e365b8dc823990b7d3e97309136e7930a69b61c3cb6f884454f575fc3d8e844e91ce12dac57ea491c41c9985d378b5f22fb42d0627f6ccb127eff6edbdbe01155672f61430c4069861f1ab860951d0d72365c0d81aae340c271a98e744020a33ddfb184cffc7823aff3a712c986ac7411b55c2a0065550e0b524a70e7df750a15aa4effcff788e44e9d890517ba928afc76e29697b7d15897658b72c15e51dbf6fca63837334b49e50a175f00ce57dd7dcedadf0e2ebc90fbdcd3e08dab3930315bb32bcf9c2468e5713cc9d831544825343f3b5a727b2d608b6d9357184ef0b7a258f2f1586207cc271d3658c679fae8cc6ec9858966b179679a786f7f33e0fcdfc568f629ad164df5d831ee189d87c18d96fbca5dbb74e685ccad9549b9fcfb6cd9d0b459e8775a7fd63b249000ecdfb9c69e0d4da5e2d347663fd20d5c7fc55b16077517bc8286542953e2417324a80595dc3bd46fad81974b406ca90901138230f1eb2d8fcc7184b348aa88dd7b32f9d735db31eb478d8513aa33477ea38f64833c301e419bd61f756002335cee0647da2b568bcef7f5e90402a50b85d5c7d061a584b75841b2244907fe2a45136d2871dd1dde224942a98ac35b6ad34599d75cc55146015f8ea0282cb19348da51750da94990bf98be78ad08f7266eb8d1fe7a1601cdc6bfc16ac9571878f6459eef42d7cd52fb42105ab0dd9a1886f27bffe9a9ccf9e5e65a24d98ee4a16ccc50f5656404b11f65f11d64510d7f880bded11b5a0e0f7b33ae805f16d79debb4dc098ed8ad18b8d582cd1e76c8614c82fcc82385a3b7ae08376c00bcf7a2bb953ae51435f6e7a07bc5cf38cf94bcc1025b03925effd4dfecec19c8dd76543d136aca9e6ca7e4b1d41bc8e3762193cdc6981426848cc67b0788561e71e2bea7a19ed134e6bc9dea5419d68e503ce345b25536a91e3797f455170fa16497c319f80b24dee24f68f71bb25bb2be481fce82f21ead40da9601d23de9bc534a08dfe5fbf5025d2ba6550cb2d911100c279d5e84a074dda0d1750d36487dc5c389b06b2eb49412cdd3265e254cdc8bb66a54ed4244287a0a199be14c27bab1acf1f503c055dff7d78989e0c22d05673a1dd29e2704213401291904d72de63c8362c8ad3f1e0d75cd8a3cdcbf1c14b62e268ea25635fb7f310f2085fc9f04773c425c344f6a91a90e09692770d2e4703c2a83b774004e0a5ea4fdee719e0027e73143838ff1fe5dbbbb48c572b8c65e2630503880449a53c58f5b0c54f20307072180ac7f5eb234d232a84e4fee96f07e3f3e6cfdb5d9aafd781f70a8422a7092b008edb7eb12e4f2a64576ed63500e0da1c52c7a3b16ca10de35699f66a45d47269a017cca548972c5de8f585094ef9ac8ab6f497f32337b6d422c2c283913436915a4a65fcbcb686ec96bf63a4a23d0485e783b905919ca2614d8826f54dbb6fb7dc116b32246582d63de8bd7ea151c7f368fdb1d1b303ed8e91880eb5ab7fa83f7231335ae6ac5c0c2d77d8436de62f21a99acba340e43934afe4788742d2f256b2c92990dc9d22c5230e0ad7d9e8fc334d73439135ea2f3efc34c4a61c912a9f6d4add96452bc7d0aef0bd5ef0ea6703d2255aa4c0d6d37eff746d1cf9dfb11e42d420f1c486c7e65ded97269cc6953a47c75a3e455ec803be0bb4fab8e9339d4785211ebd0919ef4e540e011be2d54b263f04a4912b8d193318fb540c6624bb530f618a8bdaec1b3513283ddc5f015ed3315a34ee14fedcd67e676c176ae426a4a417e65eed065c15b02ba7976f7891b6bda4f7d03625dc4e07b989fe2e6e9416a9c1973a982c241c733352e9dfa847e6fe0c3f3fcdc5a00a0c7472a351dfc653184dd7a47d793e59bf291fb67de97e17cc387124f3b3bcdf820fa4af967135d494d40cc02e169f1704b24142a978412ae71ba1318e36d0e9e589a5e298f85c6f42d1330ebe72cd3b2f151b19be6e4471dd9cf0e657bd582e11df21272706f1e7c4062201998aa14ae135a88fdc389b43b633e8e4d578c04617eddeaa60ec588f4e7064df25f55a8abb2a0c0e8b816f14978a01c49748f8c66844007f9ef70d84255efa805cd019705ea551366f7b3843574916c6e4d0acd0743368ae4e770c16c91c8d72013f83b1c567c673fb5ecae67ff1a286267f0d66a9e2c2b0c26ff76d356ec336faaa7d3b143cba6ad84ab16bba6b2e38388b72be12ed79275c39586fa39354c65c1bbe958f15b36c5fdc86bafb0b711f6b419bf11c42ca53fd0f33c87db8f537bbd05a6c4336a1d1a42c68b98daa75a9628f64174e09fffca261446296193006b46464c997642af7aa9c615a21248446fc4d045549d4c08ab1ede085a538739d3263dadff6653d075648b08ca37757163ade3a85b378787b7232fb546d47108607aa9bde40efc7b7a69429cbc2dfb65f0e54e18f4f51369d291"]}, @nested={0xf6, 0x11f, 0x0, 0x1, [@nested={0x4, 0x145}, @typed={0xc, 0xe3, 0x0, 0x0, @u64=0x9}, @generic="849209f839db0cd44f7091443b095d640b9d838ab0c89b9d88179c528e22cfceb3d2e5076812ac2e15a5e15b7575c2cc3ea29cc8ec5e17d65892b5d882e5215cd24d0404833128b24d50dc586abe75a90e3dfa4ea48426ec558fddc646e713e0a078cc770e", @generic="8f1b02aa6c37e698b4e743005acbe265d6750ef436cdf9b04d3888c2d4560b037753cd9f53f47f4bb21f3b36de2700e889ebce8948157e6d260b003037c9d05ee64d1db9000a46a6ae50b6d8cdc36d31436ead4a60", @nested={0x4, 0x9c}, @typed={0x15, 0xa, 0x0, 0x0, @binary="f44c1d5a6375a82b948eab784c35f387d1"}, @typed={0x8, 0x3a, 0x0, 0x0, @fd=r0}, @nested={0x4, 0x125}]}, @nested={0xe5, 0xfd, 0x0, 0x1, [@typed={0x6, 0x9c, 0x0, 0x0, @binary='qi'}, @generic="17dae74e73ecb50d3459da22d6236401debc52567daed0a34e4ecb313ef09e00fe7b72fc08f6ba956efcdec825fecea50114075c68095953dbe389e7b71a7cac8964659e43b4e17618ab7085b9bdfa96e32810e2832ed08139497a6d85177a57306c1136b748fcb2117969a8482ac4d950aba2fea5dd5502f7097a36109aae7f0d780b8b2613264c2815159de2aff8e9bf0eb159703c4673d50edfbb7e6d8c41fd6ddea68fecbef773deb9a984886f06289f7139965e8eeeebba1660d6153c861b", @nested={0x4, 0x10c}, @typed={0x11, 0x26, 0x0, 0x0, @str='\'$_:\\)*}+&\x14(\x00'}, @generic]}, @nested={0x4, 0xc3, 0x0, 0x1, [@generic]}]}, 0x1380}], 0x2}, 0x0)

9.566522539s ago: executing program 4 (id=3832):
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001080)={0x14, 0x38, 0x301, 0x270bd26, 0x25dfdbfa, {0x9}}, 0x14}}, 0x20004814)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r1)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x28, r2, 0x10, 0x70bd26, 0x25dfdbfc, {{}, {}, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0xb65f85adce9a321}, 0x10)
r3 = signalfd(0xffffffffffffffff, &(0x7f0000000040)={[0xff]}, 0x8)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000040)=@sack_info={r6, 0x5, 0xb220}, 0xc)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000180)={r6, 0xd0, &(0x7f0000000080)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3e}}, @in={0x2, 0x4e24, @remote}, @in={0x2, 0x4e20, @remote}, @in={0x2, 0x4e23, @empty}, @in6={0xa, 0x4e21, 0x9, @private1, 0x3a4}, @in6={0xa, 0x4e21, 0x3026, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4ca}, @in={0x2, 0x4e21, @loopback}, @in6={0xa, 0x4e23, 0x8001, @mcast1, 0x1}, @in={0x2, 0x4e21, @remote}, @in6={0xa, 0x4e24, 0x7, @empty, 0x8}]}, &(0x7f00000001c0)=0x10)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

8.554833468s ago: executing program 4 (id=3834):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x34, 0x10, 0x403, 0xfffffffc, 0x3f, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syz_emit_ethernet(0x1ce, &(0x7f0000000680)={@local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x6, 0x6, "bdc0e1", 0x198, 0x11, 0x0, @local, @local, {[@fragment={0x0, 0x0, 0x9c, 0x1, 0x0, 0x5, 0x64}, @hopopts={0x88, 0xa, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @jumbo={0xc2, 0x4, 0x9}, @padn={0x1, 0x1, [0x0]}, @enc_lim={0x4, 0x1, 0x5f}, @calipso={0x7, 0x28, {0x0, 0x8, 0x4, 0x3, [0x3, 0x4, 0x7, 0x91a4]}}, @padn={0x1, 0x2, [0x0, 0x0]}, @jumbo={0xc2, 0x4, 0xfffffff4}]}, @dstopts={0x84, 0x5, '\x00', [@pad1, @hao={0xc9, 0x10, @rand_addr=' \x01\x00'}, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @padn={0x1, 0x1, [0x0]}, @enc_lim]}, @dstopts={0x87, 0x11, '\x00', [@ra={0x5, 0x2, 0x7ff}, @hao={0xc9, 0x10, @private2}, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @enc_lim={0x4, 0x1, 0x5}, @jumbo={0xc2, 0x4, 0x8}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x28, {0x2, 0x8, 0xff, 0x8, [0x9, 0x9, 0x4, 0x6]}}, @jumbo={0xc2, 0x4, 0x10}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @jumbo={0xc2, 0x4, 0xfffffffe}]}, @srh={0x73, 0x6, 0x4, 0x3, 0xfe, 0x4c, 0x4, [@private0, @remote, @private2]}], {0x4e23, 0x4e23, 0x28, 0x0, @gue={{0x1, 0x0, 0x1, 0x5, 0x100, @void}, "819982567ccd3792f6ea1f2a2a876331084d25bef0875a6e3fb6a143"}}}}}}}, &(0x7f0000000540)={0x1, 0x4, [0x51b, 0xfdd, 0x883, 0x13e]})

8.484722528s ago: executing program 4 (id=3835):
timer_create(0x3, 0x0, &(0x7f0000bbdffc))
syz_usb_connect(0x5, 0x35, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000545e0d209904b76b2f680102030109022300010000c0050904970001ff70790008241101210126ff0905850308"], 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00')
preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000200)=""/122, 0x7a}], 0x1, 0x45, 0x0)
syz_open_dev$sndpcmp(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_PORT_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x14, r1, 0x1, 0x0, 0x0, {0x35}}, 0x14}}, 0x800)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x4000}, 0x40)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x8080583a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000100)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x18, 0x0, "50e4d101a949f3f4d3479fb3110fbb83dc7a2414e74ef9c682c427e1a542df3531062020eb16da11d6707d82272beab27a1da6e527cceef0e7db687b56729c203d01b7693f6d4c81a64de132e818dea3"}, 0xd8)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r5, 0xffffffffffffffff, 0x0)

8.390812073s ago: executing program 8 (id=3837):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000400)=<r2=>0x0)
sched_setscheduler(r2, 0x1, &(0x7f0000000440)=0xd81e)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="200000001a140100000000000000000008000300000000000800", @ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x4000015}, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r7=>0x0})
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x1c, r5, 0x48212b8952c3affd, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0)
r8 = dup(r3)
r9 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$NFT_MSG_GETOBJ_RESET(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)={0x14, 0x15, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x4000050}, 0x8044)
sendfile(r9, r8, 0x0, 0x8a000)
r10 = socket$inet6(0xa, 0x3, 0x2)
connect$inet6(r10, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @empty, 0x3}, 0x1c)
sendmmsg(r10, &(0x7f00000092c0), 0x4ff, 0x0)
setsockopt$inet6_int(r10, 0x29, 0x38, &(0x7f0000000040)=0x1, 0x4)

7.075195397s ago: executing program 9 (id=3840):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
semctl$SETALL(0x0, 0x0, 0x11, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
fadvise64(r0, 0x18, 0x0, 0x4)

6.949152844s ago: executing program 5 (id=3841):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f0000000480)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c7766646e6f3d29d77fff06bdfab59bd8c914ed2a04c5100fe52a9d1df4fbe5ddcf2389d9d441ecb3e6aa06b9de04d6a51aebf139bf3cc579ec80186f98b565d5ddd0e96ac73ef2338e0733618bfff5644a9b6438bace187ee07097434c9a4766e553da4df37438bbade5370f58cd418c0da112df37880d2e1f0f4ef1f0c140bfc6a2dbc40650e1c46b2e90e1d08e899eecb95c2dc1e5de7f74", @ANYRESHEX, @ANYBLOB=',\x00'])
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x4)
open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r1, &(0x7f00000026c0)={0x2020}, 0x2020)
syz_open_dev$MSR(0x0, 0x0, 0x0)

6.67244182s ago: executing program 7 (id=3842):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f0000000480)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c7766646e6f3d29d77fff06bdfab59bd8c914ed2a04c5100fe52a9d1df4fbe5ddcf2389d9d441ecb3e6aa06b9de04d6a51aebf139bf3cc579ec80186f98b565d5ddd0e96ac73ef2338e0733618bfff5644a9b6438bace187ee07097434c9a4766e553da4df37438bbade5370f58cd418c0da112df37880d2e1f0f4ef1f0c140bfc6a2dbc40650e1c46b2e90e1d08e899eecb95c2dc1e5de7f74", @ANYRESHEX, @ANYBLOB=',\x00'])
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x4)
open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r1, &(0x7f00000026c0)={0x2020}, 0x2020)
syz_open_dev$MSR(0x0, 0x0, 0x0)

6.663214782s ago: executing program 9 (id=3843):
r0 = socket$kcm(0x2, 0x5, 0x106)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x30004001)
setsockopt$sock_attach_bpf(r0, 0x6, 0xd, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000580)={&(0x7f0000000100)=@pppoe={0x18, 0x0, {0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 'veth1_to_bond\x00'}}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)="5e0a632735315563343dae6cd78fc0e81fb98d3b82ea0acca71f2c94bb947ab1bcd18855ecb58157cbb5e46d0c3a013e995220a6bd0a69fdff47300e7825c2ff276dbf8c8b1ee3d8d7fdc43f0a8df24ef13e55855e04900344ed70ea21eb807f7af9597d45fd83a0e8e968bb3efb9bce5e4d1356ec4290fbadeba9d6bb4b0de3ee16fd16d71ff7d7346c6ee98b1c0956e250cd035842485a31d03e285657392daf25e65de8d27bb2", 0xa8}, {&(0x7f0000000040)}], 0x2, &(0x7f0000000280)=[{0xf8, 0x84, 0x9, "8417503bdf5e34e76a8ecb74553bc930a7c104fd04e2786bcf2f73371aeab4ea8b9155b3f515eceec447fff3aaa0886df504320466b504aa1cb33bc61a3e72fadbc1ba08aa2121f17de2f796a159573ff6bf4821909874c66e10ca5880f8353851368fc140b0018618072fe598f59bf0206c97d8d98bd8d3addb270b458586337b9b948e10f1bb792da7397fbd64ef000a1ab37256fe7e50ceafa2d77e07be5597664e5db5575897a1f27056cc32cd6f9060610f6b06277b7a97f712b09272585b9f8fdcbd7cf004e2104f490947add7dbfb1694df68178dfa32d1d7968b858a65bdfb22328e13de"}, {0x20, 0x10c, 0x9, "e431f0d6afeba4025e92d16c"}, {0xd0, 0x113, 0x8000, "3976bfc67b32e177a2c9164022c465277fa6ac593c1fa278477b687a7e3001eff097dd3987e6b1fa130801a3ce3bb138be4da83083037dc90ad19efccde66799f78e7b5093821bf096a44ef3da6fade048652c35026b060f7441a8214feb2277649d8ef0f1dce4c16466f423512e88ba8363d13a6324d8da3ef6b40a7ad38c65df740f13c33c810c5e6506c4f56387897db3734482c2e61bbec1a314a6dc5a31d7d809d36bf29246d225ec764078512e2df241d7ff748fbdf51ca3e5b8"}, {0x28, 0x6, 0xb, "beba8a5602b70c547245ad1f0c0a8eb9a2673ffababf5c"}, {0x38, 0x104, 0x4, "dd041d608de056969b47b29ff7061c71562ae5fe80a490550c4c9418476e76f23704204716"}, {0x10, 0x117, 0x1}], 0x258}, 0x44441)
r1 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x2000)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006380)={0x2020, 0x0, <r3=>0x0}, 0x2020)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000580)=@filter={'filter\x00', 0x2, 0x4, 0x3a0, 0xffffffff, 0xd0, 0x0, 0xd0, 0xfeffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [], 'macsec0\x00', 'bond_slave_0\x00', {}, {}, 0x6, 0x0, 0x7, 0x45}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@uncond, 0x0, 0x108, 0x130, 0x0, {}, [@common=@srh={{0x30}}, @common=@unspec=@mark={{0x30}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffb}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x11}, 0x40)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r7=>0x0})
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00', <r9=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r6, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000980)={0x24, 0x0, 0x331, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r9}]}, 0x24}}, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
write$FUSE_INIT(r2, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x1a066042, 0x0, 0x0, 0x3}}, 0x50)

5.566849063s ago: executing program 8 (id=3844):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = msgget$private(0x0, 0x1ba)
msgsnd(r1, &(0x7f00000007c0)=ANY=[@ANYBLOB="02"], 0xff, 0x800)
r2 = open(&(0x7f00000001c0)='./file0\x00', 0x9cab835cfdc52675, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12011001e1e9cb20123632d0e456010203010902240001000010000904a040020803010009050602080001000009050402"], 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0xa011, r2, 0x0)
msgrcv(r1, &(0x7f0000000080)={0x0, ""/146}, 0x9a, 0x0, 0x1000)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x21, 0x3, 0x580, 0x248, 0xffffffff, 0xffffffff, 0x248, 0xffffffff, 0x4b0, 0xffffffff, 0xffffffff, 0x4b0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private2, @private2, [], [], 'netdevsim0\x00', 'syzkaller1\x00', {0xff}}, 0x0, 0x220, 0x248, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'sit0\x00', {0x0, 0x9, 0x0, 0x0, 0x0, 0x8, 0x5}}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@ipv6={@empty, @mcast1, [], [], 'veth1_to_hsr\x00', 'veth1\x00', {}, {}, 0x0, 0x0, 0x2}, 0x0, 0x200, 0x268, 0x0, {}, [@common=@inet=@policy={{0x158}, {[{@ipv6=@private1, [], @ipv4=@remote, [], 0x0, 0xfffffffe}, {@ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, [], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {@ipv4=@multicast2, [], @ipv6=@loopback}, {@ipv6=@rand_addr=' \x01\x00', [], @ipv4=@local}]}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz0\x00', {0x100000000000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5e0)
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'macsec0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, 0x1184, 0x4}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ES={0x5, 0xa, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r8 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000002c0), 0xa2000, 0x0)
ioctl$IOCTL_GET_NUM_DEVICES(r8, 0x40046104, &(0x7f0000000340))
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r9}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000980)={{0x1, 0x1, 0x18, <r10=>r2}, './file0\x00'})
syz_usb_connect$hid(0x4, 0x3f, &(0x7f00000009c0)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0xff, 0x25b5, 0x2, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x8, 0x98, 0x3, [{{0x9, 0x4, 0x0, 0x5, 0x1, 0x3, 0x1, 0x2, 0xa, {0x9, 0x21, 0x9, 0x8, 0x1, {0x22, 0xdd9}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x1, 0x8, 0xfd}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0x8, 0xe, 0x2}}]}}}]}}]}}, &(0x7f0000000c00)={0xa, &(0x7f0000000a00)={0xa, 0x6, 0x300, 0x0, 0x8, 0x40, 0x40, 0x10}, 0x86, &(0x7f0000000a40)={0x5, 0xf, 0x86, 0x4, [@ssp_cap={0x20, 0x10, 0xa, 0xff, 0x5, 0x9, 0xff0f, 0x4, [0x3f00, 0xffc0c0, 0xffc000, 0xc000, 0xff0000]}, @wireless={0xb, 0x10, 0x1, 0xc, 0x1, 0x4, 0x3, 0xa, 0x2}, @generic={0x4b, 0x10, 0xa, "2ada9f730745ca5600749bfd90bbf01b20482411d1850b2aa1cc79b141aedaf6d9dab9de22f6d66f9f00c97f144dc9f42db34e91387cfe54a54b5b5d2dc55c4567a3d6950a22f3cb"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x24, 0x19, 0x7, 0xd, 0xfd}]}, 0x2, [{0xa8, &(0x7f0000000b00)=@string={0xa8, 0x3, "babded7fcaaf527dd85e8cc36e5b56ce51826a7b8894f1d2ad2d425a3ccc55e26f52171b4bff37bafb4c15f458e66de1e339b2cb0ef344d6fdd768ed7a16f0d31c7506a5babff91869d7984c65fda74fe9d0670b3d7ed5565e4d0f8c9a90147e4f33e09a1cc4caffb3891bb0e1aac615cb0746d3aabb2a71f90294d6acec08ed7691e8c718aa9e9e7bd60d1938ca29264b6bcc008aec4220d3e12d9a503571de14abbd0f27a9"}}, {0x4, &(0x7f0000000bc0)=@lang_id={0x4, 0x3, 0x807}}]})
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x8c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x48, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}, {0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @dynset={{0xb}, @void}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x120}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd4}}, 0x20050800)

5.540926571s ago: executing program 5 (id=3845):
r0 = fanotify_init(0x8, 0x8000)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r0, 0x455, 0x8000001, r1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)={'#! ', './file0'}, 0xb)
preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000500)=""/180, 0xb4}], 0x1, 0x3, 0x1)

4.286682255s ago: executing program 9 (id=3846):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x34, 0x10, 0x403, 0xfffffffc, 0x3f, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syz_emit_ethernet(0x1ce, &(0x7f0000000680)={@local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x6, 0x6, "bdc0e1", 0x198, 0x11, 0x0, @local, @local, {[@fragment={0x0, 0x0, 0x9c, 0x1, 0x0, 0x5, 0x64}, @hopopts={0x88, 0xa, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @jumbo={0xc2, 0x4, 0x9}, @padn={0x1, 0x1, [0x0]}, @enc_lim={0x4, 0x1, 0x5f}, @calipso={0x7, 0x28, {0x0, 0x8, 0x4, 0x3, [0x3, 0x4, 0x7, 0x91a4]}}, @padn={0x1, 0x2, [0x0, 0x0]}, @jumbo={0xc2, 0x4, 0xfffffff4}]}, @dstopts={0x84, 0x5, '\x00', [@pad1, @hao={0xc9, 0x10, @rand_addr=' \x01\x00'}, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @padn={0x1, 0x1, [0x0]}, @enc_lim]}, @dstopts={0x87, 0x11, '\x00', [@ra={0x5, 0x2, 0x7ff}, @hao={0xc9, 0x10, @private2}, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @enc_lim={0x4, 0x1, 0x5}, @jumbo={0xc2, 0x4, 0x8}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @calipso={0x7, 0x28, {0x2, 0x8, 0xff, 0x8, [0x9, 0x9, 0x4, 0x6]}}, @jumbo={0xc2, 0x4, 0x10}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @jumbo={0xc2, 0x4, 0xfffffffe}]}, @srh={0x73, 0x6, 0x4, 0x3, 0xfe, 0x4c, 0x4, [@private0, @remote, @private2]}], {0x4e23, 0x4e23, 0x28, 0x0, @gue={{0x1, 0x0, 0x1, 0x5, 0x100, @void}, "819982567ccd3792f6ea1f2a2a876331084d25bef0875a6e3fb6a143"}}}}}}}, &(0x7f0000000540)={0x1, 0x4, [0x51b, 0xfdd, 0x883, 0x13e]})

4.165605158s ago: executing program 5 (id=3847):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0)
ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f0000000040))

4.147427595s ago: executing program 7 (id=3848):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000, 0x2, &(0x7f0000ffc000/0x3000)=nil)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000206030000000000000000000000000005000100070000000900020073797a320000000014000780080013400000000008001240000020000500050002000000050004000000000015000300686173683a6970", @ANYRES8=0x0], 0x64}}, 0x840)
add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
fsopen(0x0, 0x1)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000000000)={0x7, {"a2e3ad21ed0d52f91b5d330987f70e06d038e7ff7fc6e5539b0d47078b089b3907306d090890e0878f0e1ac6e7049b334a959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07670936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70fe98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf1a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e470dea05918b41243513f000800000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3e3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14d9fdb8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a19000000000000006f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69b15c9f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d44400009a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc01008cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c16c02ed4b5d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaab1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106d26658b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6b14effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c110000a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b51028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6815d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3f3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51090840517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4e004a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6ce1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c817e9177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d543902113c4c859465c3c115c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc248850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafcc009fc074bb6b68a1f0c4649820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948998cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2fd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5dc4ff8f0104000000000000df72279fdb0d2b9e936e5a983c12fded79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d3700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa6e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9f07b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e3ebb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3fec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4cddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r5}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$nl_route(0x10, 0x3, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f0000001040)={{0x0, 0x0, 0x0, 0x4, 'syz0\x00', 0xfffffff8}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r6, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0xa, 'syz0\x00', 0x10000}, 0x1, [0x327cf3e4, 0xfffffffffffffffc, 0x0, 0x0, 0x1819, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000001, 0x0, 0x0, 0xc19, 0x0, 0x2, 0x0, 0x0, 0x5, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0x9, 0x4, 0x8, 0x0, 0x0, 0x2001, 0x9f6, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x3, 0x0, 0x0, 0x1c00000, 0x0, 0x6, 0x200000000, 0x0, 0x5, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x7ff, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x4000, 0x0, 0x7fffffffffffffff, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x1, 0xffffffff, 0x8, 0x0, 0x0, 0x2, 0xb, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000000]})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)

4.118110654s ago: executing program 9 (id=3849):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3000, 0x2, &(0x7f0000ffc000/0x3000)=nil)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000206030000000000000000000000000005000100070000000900020073797a320000000014000780080013400000000008001240000020000500050002000000050004000000000015000300686173683a6970", @ANYRES8=0x0], 0x64}}, 0x840)
add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
fsopen(0x0, 0x1)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000000000)={0x7, {"a2e3ad21ed0d52f91b5d330987f70e06d038e7ff7fc6e5539b0d47078b089b3907306d090890e0878f0e1ac6e7049b334a959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07670936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70fe98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf1a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e470dea05918b41243513f000800000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3e3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14d9fdb8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a19000000000000006f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69b15c9f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d44400009a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc01008cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c16c02ed4b5d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaab1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106d26658b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6b14effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c110000a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b51028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6815d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3f3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51090840517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4e004a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6ce1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c817e9177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d543902113c4c859465c3c115c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc248850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafcc009fc074bb6b68a1f0c4649820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948998cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2fd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5dc4ff8f0104000000000000df72279fdb0d2b9e936e5a983c12fded79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d3700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa6e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9f07b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e3ebb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3fec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4cddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r5}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$nl_route(0x10, 0x3, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f0000001040)={{0x0, 0x0, 0x0, 0x4, 'syz0\x00', 0xfffffff8}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r6, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0xa, 'syz0\x00', 0x10000}, 0x1, [0x327cf3e4, 0xfffffffffffffffc, 0x0, 0x0, 0x1819, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000001, 0x0, 0x0, 0xc19, 0x0, 0x2, 0x0, 0x0, 0x5, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0x9, 0x4, 0x8, 0x0, 0x0, 0x2001, 0x9f6, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x3, 0x0, 0x0, 0x1c00000, 0x0, 0x6, 0x200000000, 0x0, 0x5, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x7ff, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x4000, 0x0, 0x7fffffffffffffff, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x1, 0xffffffff, 0x8, 0x0, 0x0, 0x2, 0xb, 0x0, 0x0, 0x7, 0x0, 0x0, 0x10000000]})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

3.81310135s ago: executing program 5 (id=3850):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmmsg(r2, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001a80)=[{0x10, 0x117, 0x26}], 0x10}}], 0x1, 0x24000001)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000300)={0x0, r0}, 0x8)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e23, 0x9, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_128={{0x304}, "2954d85866ffa7df", "4936ab074cb72d5e3ac22b437cd8096e", '\x00', "dfaee5116991f6a2"}, 0x28)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x11a, 0x4, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0e00000004000000040000060000000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r5, &(0x7f0000000080), &(0x7f00000000c0)=""/102}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
setresuid(0xee01, 0x0, 0x0)
prlimit64(0x0, 0x6, &(0x7f0000000040)={0x2, 0x2}, 0x0)
setresuid(0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e00000001300000000000000000000007374726565626f673531322d67656e6572696300"/172], 0xe0}}, 0x0)
sendmsg$nl_crypto(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYRES32=r3, @ANYRES8=r8, @ANYRES64, @ANYRESHEX=r3], 0xf0}}, 0x0)

3.067125094s ago: executing program 5 (id=3851):
r0 = creat(&(0x7f00000005c0)='./file0\x00', 0x0)
close(r0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r2=>0x0})
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00')
preadv(r4, &(0x7f0000000580)=[{&(0x7f0000000200)=""/122, 0x7a}], 0x1, 0x45, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x13, 0x1, &(0x7f0000000200)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}], &(0x7f0000000240)='GPL\x00', 0x6, 0x97, &(0x7f00000002c0)=""/151, 0x41000, 0x0, '\x00', r2, @fallback=0x32, r0, 0x8, &(0x7f0000000380)={0x7, 0x4}, 0x8, 0x10, &(0x7f00000003c0)={0x0, 0xd, 0x8001, 0x8}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000000400)=[r0, r4, r0], &(0x7f0000000440)=[{0x2, 0x1, 0x5, 0x4}]}, 0x94)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', <r6=>0x0})
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000780)={<r8=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000580)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @local}, {0xa, 0x4e23, 0x8, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4}, r8}}, 0x48)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000180)=0x10, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r6}, 0x10)
bind$xdp(r1, &(0x7f00000001c0)={0x2c, 0x1, r2, 0x19, r3}, 0x10)

3.063811999s ago: executing program 4 (id=3852):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB="2c7766646e6f3d29d77fff06bdfab59bd8c914ed2a04c5100fe52a9d1df4fbe5ddcf2389d9d441ecb3e6aa06b9de04d6a51aebf139bf3cc579ec80186f98b565d5ddd0e96ac73ef2338e0733618bfff5644a9b6438bace187ee07097434c9a4766e553da4df37438bbade5370f58cd418c0da112df37880d2e1f0f4ef1f0c140bfc6a2dbc40650e1c46b2e90e1d08e899eecb95c2dc1e5de7f74", @ANYRESHEX=r2, @ANYBLOB=',\x00'])
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r4, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r5}, './file0\x00'})
r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r6, &(0x7f00000026c0)={0x2020}, 0x2020)
syz_open_dev$MSR(0x0, 0x0, 0x0)

1.734853579s ago: executing program 8 (id=3853):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f0000000040))
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0xa0201, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000780)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYRESHEX=r2], &(0x7f0000000080)='GPL\x00'}, 0x94)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r6}, 0x10)
syz_open_dev$I2C(0x0, 0x80, 0x14000)
mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x2014800, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x590, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x4c0, 0xffffffff, 0xffffffff, 0x4c0, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x300, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x1, 0x1, 0x0, 'syz1\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5f0)
sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)={0x70, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x2}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x6}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x2}, @NL80211_ATTR_NOACK_MAP={0x6}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x5}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x5}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x96e}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xfff0}, @NL80211_ATTR_NOACK_MAP={0xfffffffffffffec1, 0x95, 0x3}]}, 0x70}, 0x1, 0x0, 0x0, 0x4040044}, 0x4000000)

1.678955175s ago: executing program 9 (id=3854):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x40)
close(r1)
r2 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'syz_tun\x00', <r3=>0x0})
bind$packet(r0, &(0x7f0000000080)={0x11, 0x808, r3, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x14)
socket(0x200000000000011, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="0200000004000000060000000500000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0)
r8 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000040)={{{@in=@multicast1, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4e23, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8}, {0x52ceffae, 0x1, 0xffffffffffffffff, 0x0, 0x5, 0xfffffffffffffffa}, {0x3, 0x0, 0x0, 0x2}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in=@empty, 0x0, 0x33}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @local}, 0x3507, 0x4, 0x1, 0x0, 0x0, 0x7c, 0xfffffffc}}, 0xe8)
connect$inet6(r8, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendmsg$MPTCP_PM_CMD_REMOVE(r4, 0x0, 0x40040)
sendmsg$MPTCP_PM_CMD_REMOVE(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000000)

1.649929221s ago: executing program 4 (id=3855):
openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000880)={0x2020}, 0x2020)
clock_gettime(0x0, &(0x7f0000000100)={<r2=>0x0, <r3=>0x0})
utimensat(r1, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)={{0x0, 0x2710}, {r2, r3/1000+10000}}, 0x100)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x16, 0x17, &(0x7f0000000180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1ffffc, 0x0, 0x0, 0x0, 0x20}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x4, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x5, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x88}}}, &(0x7f0000000140)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.534881018s ago: executing program 5 (id=3856):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000400)=<r2=>0x0)
sched_setscheduler(r2, 0x1, &(0x7f0000000440)=0xd81e)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="200000001a140100000000000000000008000300000000000800", @ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x4000015}, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r7=>0x0})
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r8}, 0x18)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x1c, r5, 0x48212b8952c3affd, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0)
r9 = dup(r3)
r10 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$NFT_MSG_GETOBJ_RESET(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)={0x14, 0x15, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x4000050}, 0x8044)
sendfile(r10, r9, 0x0, 0x8a000)
r11 = socket$inet6(0xa, 0x3, 0x2)
connect$inet6(r11, &(0x7f0000000200)={0xa, 0x4e24, 0x0, @empty, 0x3}, 0x1c)
sendmmsg(r11, &(0x7f00000092c0), 0x4ff, 0x0)
setsockopt$inet6_int(r11, 0x29, 0x38, &(0x7f0000000040)=0x1, 0x4)

325.925835ms ago: executing program 4 (id=3857):
socket$kcm(0x10, 0x2, 0x10)
r0 = memfd_create(&(0x7f00000005c0)=' \xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00r\xbb\xdd\xe8\x87\x05=\xfb\x8b}\xfc\x1d\x03\xe1\xfcm\x9b\xf7fo\"i\xa1hk\x1f\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94T\x81@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\x00\x00\x00\x00\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x9d\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8U\x1e\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xcf+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18l\xc1\x81\x8e8L\xcb*S_\xd0:\xa4V\xbd\xf1\xa4\x955\xa9\x9d\xe0\x9b\xd3\x95\xc88n:\x89>?2\xc8\xe7kovd\xa4\x1bl+\x14\x17\x14\x17C2! U\x04:\xd93F\xb9\xfc\x1b\xfd}\x05\xf9\x11\xf3)>q\x10\xd3\xf0\xaf>\xf8t(bX\xe3g\x05\xfe\b\xbcy\x95*\xca\a\xaf\xbb\xf9\xc3Y\xa2\x91\x90.\xc8\xbe\xb0\xa6\xbd\xbd\xfd\xfaf*\xb2&\x82\xa0\x17\xe7)\xf5\xa2\xccv\n\x1b\xd4\xf4\x11*\xc9\xc6*\xa4.\x94[$\xb8\xb3Q\xde\xd8A\xa4~c,`\x02\xb8\x01r\x89\x82\x13\xd0}C7\xfb\xf2\tM\x1e\xe9\xa5\v\xc5\xba(\x89\xb0l\x92H\x1cR\x1f>\xc4ie\xe0B\xf0[\xe2\xe1\x12\x1d\x8fR&\xd1\xa6#\xda.\x0f\xd7\xd7\xa4\x90\x14\x92I\xf82&\x16<\xf2RR\xc2\x02.Q\xef\x85\xef\xf9\xe5\x00\xe9\xca\xb1\x8c\x11\x11l\x9f\xc8\b\xf7A\xa6\x81\xad\xdc\x95\xc8\xef\x102\xa8\x87\x01\x00\\\xfee \n0F\xbc\x85\xc5C\xd0\x99\xe4\t\xab`\'t\xc2\xe9\x13\xcag\xea\xb3\xb5\x92\x00J\xc6y\x05\xcc\xde\xa0\xf6\xb9 \xe5\xdd\f\x18\xfc\xe0\xc3(\xd8\xeb\x1a6\xe6\xfa\x93\xc07R\x0f-\x9e\xf3\x87E\xa3\xd5o\x1bA\x88L/\xe7>45Q?\be\x7f\xa9\x9a\xcae\xd8Y\xdf]\x1bS\x825\xcb\x00\xa4}\x97\x84T\xad\x9b\x1e!\x8a\xbc\x02+#Q\xa9 \xe9\x05r\xe1\xec\x0f\xa7\xe6Of\x95\x02{', 0x4)
openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
gettid()
timer_create(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0)
syz_usb_connect(0x0, 0x3c, &(0x7f0000000200)=ANY=[@ANYBLOB="12015002c9cb8e102d1510030a3b0102030109022a0001010400030904ce00010e0100040724010f0c04000905030c4000014007080b71adb0bf34847e"], &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x400000bde)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VIDIOC_S_CROP(r1, 0xc0405626, &(0x7f0000000240)={0xc, {0x100, 0x5, 0x5, 0x2}})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x4)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000001000000000000000220000018000000", @ANYRES32=r2, @ANYBLOB="0000000000000000bf02000014002000b7030000000000e184000000d4000000bf0900000000000045090100000003709500000000000000bf91000000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0xa, 0xffc, &(0x7f0000001e40)=""/4092, 0x40f00, 0x0, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000fd}, 0x94)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=@known='user.incfs.size\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000011c0)={&(0x7f00000005c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x6, [@restrict={0x0, 0x0, 0x0, 0xb, 0x3}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x4}]}, @func={0x4, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x4a, 0x0, 0x1}, 0x28)
ftruncate(r0, 0x400000)
finit_module(r0, 0x0, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffffff0000000000000800450000b000000000fe019078ac1e0001ac1414aa0301907803240000450000000001000000290005ac1414aa640101028677fffeffff000ce256b28c59881681fb520009020007651442eb000e7434954373561de584b703c80009e706d30bd224f80207cfa11cab1a00108475be675de6a70a05a0dc91e5c6000a6580a5e97612fe86001273bc23f9ffffffa30900a301c84600000012c8f46976e79ea788f03d9d3205927e3d8606ff"], 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="380100001a0001000000000000000000fe80000000000000000000000000001eac1414bb00"/62, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe880000000000000000000000000001000000006c0000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a"], 0x138}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x70bd2b, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x4, {@ip4=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)

0s ago: executing program 9 (id=3858):
r0 = socket$inet6(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x951a, 0x3010, 0x1}, &(0x7f0000000040)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)=ANY=[], 0xe8}, 0x0, 0x20048096})
r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
read$FUSE(r6, &(0x7f00000040c0)={0x2020}, 0x2020)
getsockopt$CAN_RAW_FILTER(r6, 0x65, 0x1, &(0x7f0000001040)=[{}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000001080)=0x40)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = dup(r7)
write$UHID_INPUT(r8, &(0x7f0000000000)={0x7, {"a2e3ad21ed0d52f91b5d520987f70e06d038e7ff7fc6e5539b0d47078b089b3907376d090890e0878f0e1ac6e7049b334a959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07670936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70fe98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf1a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e470dea05918b41243513f000800000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3e3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14d9fdb8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a19000000000000006f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69b15c9f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d44400009a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc01008cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c16c02ed4b5d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaab1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106d26658b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6b14effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c110000a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b51028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6815d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3f3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51090840517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4e004a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6ce1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c817e9177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d543902113c4c859465c3c115c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc248850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafcc009fc074bb6b68a1f0c4649820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948998cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2fd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5dc4ff8f0104000000000000df72279fdb0d2b9e936e5a983c12fded79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d3700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa6e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9f07b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e3ebb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3fec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4cddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r9 = syz_open_procfs(0x0, &(0x7f0000000180)='net/arp\x00')
preadv(r9, &(0x7f00000001c0)=[{&(0x7f0000000280)=""/24, 0x18}], 0x1, 0x4f, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r11, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

5.666439][T17035] usb 7-1: Product: syz
[ 1335.681299][T17035] usb 7-1: Manufacturer: syz
[ 1335.685972][T17035] usb 7-1: SerialNumber: syz
[ 1335.786544][T17035] usb 7-1: config 0 descriptor??
[ 1335.810214][T17745] 9pnet_fd: Insufficient options for proto=fd
[ 1335.815084][T17729] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1335.900617][T17746] No control pipe specified
[ 1336.181752][T17035] iuu_phoenix 7-1:0.0: iuu_phoenix converter detected
[ 1336.350644][T17035] usb 7-1: iuu_phoenix converter now attached to ttyUSB0
[ 1336.417253][T17035] usb 7-1: USB disconnect, device number 27
[ 1336.579934][T17035] iuu_phoenix ttyUSB0: iuu_phoenix converter now disconnected from ttyUSB0
[ 1336.595656][T17035] iuu_phoenix 7-1:0.0: device disconnected
[ 1337.958601][   T30] kauditd_printk_skb: 18 callbacks suppressed
[ 1337.958622][   T30] audit: type=1326 audit(1338.282:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17762 comm="syz.6.3214" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe76cb8e929 code=0x0
[ 1338.071890][T17767] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3215'.
[ 1338.297485][ T5910] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[ 1338.479117][ T5910] usb 5-1: Using ep0 maxpacket: 8
[ 1338.491159][ T5910] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[ 1338.514631][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1338.535606][ T5910] usb 5-1: Product: syz
[ 1338.554313][ T5910] usb 5-1: Manufacturer: syz
[ 1338.581103][ T5910] usb 5-1: SerialNumber: syz
[ 1338.649689][ T5910] usb 5-1: config 0 descriptor??
[ 1338.766329][T12241] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1338.781549][T12241] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1338.790572][T12241] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1338.802043][T12241] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1338.802784][T17773] tipc: Started in network mode
[ 1338.817079][T12241] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1338.825428][T17773] tipc: Node identity eada79cc8b3a, cluster identity 4711
[ 1338.959669][T17773] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1338.985734][T17775] syzkaller0: entered promiscuous mode
[ 1338.998144][T17775] syzkaller0: entered allmulticast mode
[ 1339.087153][T17778] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3213'.
[ 1339.263453][ T5910] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1339.266351][T17775] tipc: Resetting bearer <eth:syzkaller0>
[ 1339.499364][T17771] tipc: Resetting bearer <eth:syzkaller0>
[ 1339.559817][T17771] tipc: Disabling bearer <eth:syzkaller0>
[ 1340.383375][T17772] chnl_net:caif_netlink_parms(): no params data found
[ 1340.568727][ T5910] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 1340.755804][T17772] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1340.766663][T17772] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1340.780063][T17772] bridge_slave_0: entered allmulticast mode
[ 1340.800003][T17772] bridge_slave_0: entered promiscuous mode
[ 1340.844924][T17772] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1340.871940][ T5957] usb 5-1: USB disconnect, device number 29
[ 1340.908762][T12241] Bluetooth: hci1: command tx timeout
[ 1340.927770][T17772] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1340.935195][T17772] bridge_slave_1: entered allmulticast mode
[ 1341.669651][T17772] bridge_slave_1: entered promiscuous mode
[ 1341.835446][T17772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1341.855169][T17772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1342.000654][T17772] team0: Port device team_slave_0 added
[ 1342.010401][T17772] team0: Port device team_slave_1 added
[ 1342.971007][T12241] Bluetooth: hci1: command tx timeout
[ 1342.994815][T17809] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[ 1343.015109][T17809] qnx6: wrong signature (magic) in superblock #1.
[ 1343.021818][T17809] qnx6: unable to read the first superblock
[ 1343.646243][T17812] netlink: 'syz.4.3225': attribute type 1 has an invalid length.
[ 1343.647198][T17772] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1343.662675][T17772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1343.689172][T17772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1343.691810][T17772] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1343.707010][T17772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1343.743920][T17772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1343.794252][T17812] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1343.913256][T17818] 9pnet_fd: Insufficient options for proto=fd
[ 1344.386395][T17772] hsr_slave_0: entered promiscuous mode
[ 1344.398519][T17772] hsr_slave_1: entered promiscuous mode
[ 1344.410218][T17772] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1344.468787][T17772] Cannot create hsr debugfs directory
[ 1345.060150][T12241] Bluetooth: hci1: command tx timeout
[ 1345.733155][T17841] fuse: Bad value for 'fd'
[ 1345.870729][T17834] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1345.894844][T17834] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1345.907858][T17834] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1345.926761][T17834] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1345.969621][T17834] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1345.985457][T17834] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1345.999767][T17834] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1346.045932][T17834] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1346.311145][T17772] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1346.336101][T17772] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1346.359517][T17772] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1346.401850][   T30] audit: type=1326 audit(1346.732:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17842 comm="syz.7.3233" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3cf518e929 code=0x0
[ 1346.463147][T17772] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1348.181941][T12241] Bluetooth: hci4: command 0x041b tx timeout
[ 1348.191157][T12241] Bluetooth: hci3: command 0x0419 tx timeout
[ 1348.197579][T12241] Bluetooth: hci2: command 0x041b tx timeout
[ 1348.203776][T12241] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1348.213120][T12241] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1348.219608][T12241] Bluetooth: hci0: command 0x040f tx timeout
[ 1349.263812][T17876] FAULT_INJECTION: forcing a failure.
[ 1349.263812][T17876] name failslab, interval 1, probability 0, space 0, times 0
[ 1349.277071][T17876] CPU: 1 UID: 0 PID: 17876 Comm: syz.7.3239 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1349.277104][T17876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1349.277118][T17876] Call Trace:
[ 1349.277127][T17876]  <TASK>
[ 1349.277136][T17876]  dump_stack_lvl+0x189/0x250
[ 1349.277174][T17876]  ? __pfx____ratelimit+0x10/0x10
[ 1349.277205][T17876]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1349.277236][T17876]  ? __pfx__printk+0x10/0x10
[ 1349.277261][T17876]  ? __pfx___might_resched+0x10/0x10
[ 1349.277301][T17876]  ? fs_reclaim_acquire+0x7d/0x100
[ 1349.277335][T17876]  should_fail_ex+0x414/0x560
[ 1349.277365][T17876]  should_failslab+0xa8/0x100
[ 1349.277393][T17876]  __kmalloc_noprof+0xcb/0x4f0
[ 1349.277418][T17876]  ? alloc_pipe_info+0x1fd/0x4d0
[ 1349.277448][T17876]  alloc_pipe_info+0x1fd/0x4d0
[ 1349.277476][T17876]  splice_direct_to_actor+0xa5d/0xcc0
[ 1349.277507][T17876]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1349.277547][T17876]  ? __lock_acquire+0xab9/0xd20
[ 1349.277574][T17876]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1349.277601][T17876]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1349.277639][T17876]  do_splice_direct+0x181/0x270
[ 1349.277669][T17876]  ? __pfx_do_splice_direct+0x10/0x10
[ 1349.277696][T17876]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1349.277733][T17876]  ? rw_verify_area+0x258/0x650
[ 1349.277760][T17876]  do_sendfile+0x4da/0x7e0
[ 1349.277810][T17876]  ? __pfx_do_sendfile+0x10/0x10
[ 1349.277856][T17876]  __se_sys_sendfile64+0xd9/0x190
[ 1349.277888][T17876]  ? __pfx___se_sys_sendfile64+0x10/0x10
[ 1349.277914][T17876]  ? rcu_is_watching+0x15/0xb0
[ 1349.277950][T17876]  ? do_syscall_64+0xbe/0x3b0
[ 1349.277996][T17876]  do_syscall_64+0xfa/0x3b0
[ 1349.278028][T17876]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1349.278048][T17876]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1349.278070][T17876]  ? clear_bhb_loop+0x60/0xb0
[ 1349.278096][T17876]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1349.278117][T17876] RIP: 0033:0x7f3cf518e929
[ 1349.278137][T17876] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1349.278156][T17876] RSP: 002b:00007f3cf5f5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1349.278180][T17876] RAX: ffffffffffffffda RBX: 00007f3cf53b6080 RCX: 00007f3cf518e929
[ 1349.278196][T17876] RDX: 0000200000000080 RSI: 0000000000000005 RDI: 0000000000000005
[ 1349.278210][T17876] RBP: 00007f3cf5f5d090 R08: 0000000000000000 R09: 0000000000000000
[ 1349.278224][T17876] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000001
[ 1349.278237][T17876] R13: 0000000000000000 R14: 00007f3cf53b6080 R15: 00007fff668c1ab8
[ 1349.278271][T17876]  </TASK>
[ 1349.700451][T17878] 9pnet_fd: Insufficient options for proto=fd
[ 1350.257712][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1350.493665][T17772] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1350.517609][T17772] 8021q: adding VLAN 0 to HW filter on device team0
[ 1350.564031][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1350.571272][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1350.639563][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1350.646831][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1351.791763][T17772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1352.337589][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1354.223963][T17914] 9pnet_fd: Insufficient options for proto=fd
[ 1354.577629][ T5886] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[ 1355.052772][ T5886] usb 6-1: Using ep0 maxpacket: 32
[ 1355.089929][ T5886] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 127, using maximum allowed: 30
[ 1355.101572][T17919] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3248'.
[ 1355.137888][ T5886] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1355.205439][ T5886] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1355.216033][ T5886] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[ 1355.271067][ T5886] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 127
[ 1355.356380][ T5886] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1355.372693][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1355.382516][ T5886] usb 6-1: SerialNumber: syz
[ 1355.391718][T17913] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1355.399632][T17919] hsr_slave_1 (unregistering): left promiscuous mode
[ 1355.416764][ T5886] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[ 1355.428682][ T5886] cdc_acm 6-1:1.0: This needs exactly 3 endpoints
[ 1355.437898][ T5886] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -22
[ 1355.678373][T17772] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1357.728200][T17945] batman_adv: batadv0: Adding interface: dummy0
[ 1357.734722][T17945] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1357.760960][T17945] batman_adv: batadv0: Interface activated: dummy0
[ 1358.379924][ T8820] usb 6-1: USB disconnect, device number 23
[ 1359.199212][T17961] FAULT_INJECTION: forcing a failure.
[ 1359.199212][T17961] name failslab, interval 1, probability 0, space 0, times 0
[ 1359.218990][T17961] CPU: 0 UID: 0 PID: 17961 Comm: syz.4.3261 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1359.219023][T17961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1359.219036][T17961] Call Trace:
[ 1359.219045][T17961]  <TASK>
[ 1359.219055][T17961]  dump_stack_lvl+0x189/0x250
[ 1359.219091][T17961]  ? __pfx____ratelimit+0x10/0x10
[ 1359.219120][T17961]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1359.219161][T17961]  ? __pfx__printk+0x10/0x10
[ 1359.219190][T17961]  ? __pfx___might_resched+0x10/0x10
[ 1359.219218][T17961]  ? fs_reclaim_acquire+0x7d/0x100
[ 1359.219252][T17961]  should_fail_ex+0x414/0x560
[ 1359.219280][T17961]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1359.219309][T17961]  should_failslab+0xa8/0x100
[ 1359.219338][T17961]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1359.219364][T17961]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[ 1359.219390][T17961]  ? sock_alloc_inode+0x28/0xc0
[ 1359.219422][T17961]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1359.219449][T17961]  sock_alloc_inode+0x28/0xc0
[ 1359.219477][T17961]  alloc_inode+0x67/0x1b0
[ 1359.219505][T17961]  __sock_create+0x12d/0x9f0
[ 1359.219546][T17961]  __sys_socket+0xd7/0x1b0
[ 1359.219582][T17961]  __x64_sys_socket+0x7a/0x90
[ 1359.219613][T17961]  do_syscall_64+0xfa/0x3b0
[ 1359.219642][T17961]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1359.219670][T17961]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1359.219692][T17961]  ? clear_bhb_loop+0x60/0xb0
[ 1359.219717][T17961]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1359.219738][T17961] RIP: 0033:0x7faf08f90847
[ 1359.219757][T17961] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1359.219775][T17961] RSP: 002b:00007faf09ecafa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
[ 1359.219797][T17961] RAX: ffffffffffffffda RBX: 00007faf091b5fa0 RCX: 00007faf08f90847
[ 1359.219813][T17961] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[ 1359.219826][T17961] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[ 1359.219839][T17961] R10: 0000200000000080 R11: 0000000000000286 R12: 0000000000000001
[ 1359.219853][T17961] R13: 0000000000000000 R14: 00007faf091b5fa0 R15: 00007fff4646a478
[ 1359.219905][T17961]  </TASK>
[ 1359.220406][T17961] socket: no more sockets
[ 1360.510416][T17971] 9pnet_fd: Insufficient options for proto=fd
[ 1360.618813][T17972] No control pipe specified
[ 1361.004752][T17772] veth0_vlan: entered promiscuous mode
[ 1361.080854][T17772] veth1_vlan: entered promiscuous mode
[ 1361.295797][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.785587][T17772] veth0_macvtap: entered promiscuous mode
[ 1361.945722][T17772] veth1_macvtap: entered promiscuous mode
[ 1362.086999][T17772] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1362.149493][T17772] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1362.175866][T17772] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1362.210270][T17772] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1362.220295][T17772] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1362.385485][T17772] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1363.160917][T17989] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3269'.
[ 1363.786677][T17993] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3269'.
[ 1363.822619][ T6239] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1363.847112][T13287] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1363.867056][ T6239] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1363.874661][T13287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1366.537324][T18021] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3275'.
[ 1367.054747][T18026] 9pnet_fd: Insufficient options for proto=fd
[ 1367.331221][T18030] No control pipe specified
[ 1367.822176][T18036] 9pnet_fd: Insufficient options for proto=fd
[ 1370.108299][T18062] tipc: Started in network mode
[ 1370.127439][T18062] tipc: Node identity 4e33dbbe2806, cluster identity 4711
[ 1370.318456][T18062] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1370.527459][T18064] syzkaller0: entered promiscuous mode
[ 1370.533010][T18064] syzkaller0: entered allmulticast mode
[ 1370.538914][T18071] ip6t_REJECT: TCP_RESET illegal for non-tcp
[ 1371.394665][  T980] tipc: Node number set to 1714805694
[ 1372.088956][T18073] tipc: Resetting bearer <eth:syzkaller0>
[ 1372.294118][T18061] tipc: Resetting bearer <eth:syzkaller0>
[ 1372.532175][T18061] tipc: Disabling bearer <eth:syzkaller0>
[ 1372.881524][T18085] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3289'.
[ 1373.339691][T18087] 9pnet_fd: Insufficient options for proto=fd
[ 1373.458572][T18088] No control pipe specified
[ 1373.528776][T12241] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1374.012055][T18093] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3292'.
[ 1374.022285][T18095] 9pnet_fd: Insufficient options for proto=fd
[ 1376.712298][T18104] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1376.731523][T18104] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1376.818505][T18104] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1376.845041][T18104] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1376.907680][T18104] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1376.914247][T18104] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1377.386222][ T5957] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1377.817663][ T5957] usb 7-1: Using ep0 maxpacket: 32
[ 1378.168362][ T5824] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1378.194433][ T5957] usb 7-1: device descriptor read/all, error -71
[ 1378.615892][T18142] dummy0: entered promiscuous mode
[ 1378.623159][T18142] bond0: entered promiscuous mode
[ 1378.628596][T18142] bond_slave_0: entered promiscuous mode
[ 1378.634506][T18142] bond_slave_1: entered promiscuous mode
[ 1378.642881][T18142] hsr1: entered allmulticast mode
[ 1378.648103][T18142] dummy0: entered allmulticast mode
[ 1378.653352][T18142] bond0: entered allmulticast mode
[ 1378.658594][T18142] bond_slave_0: entered allmulticast mode
[ 1378.664393][T18142] bond_slave_1: entered allmulticast mode
[ 1379.257578][T12241] Bluetooth: hci2: command 0x041b tx timeout
[ 1379.263687][T12241] Bluetooth: hci4: command 0x041b tx timeout
[ 1379.270050][ T5824] Bluetooth: hci3: command 0x0419 tx timeout
[ 1379.276109][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1379.282247][T15686] Bluetooth: hci0: command 0x040f tx timeout
[ 1379.612334][T18147] 9pnet_fd: Insufficient options for proto=fd
[ 1379.850200][T18154] No control pipe specified
[ 1380.263934][T18149] 9pnet_fd: Insufficient options for proto=fd
[ 1382.266633][T12256] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1382.567699][T18152] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 1382.605546][T18152] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1382.634031][T18152] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1382.647678][T18152] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1382.653826][T18152] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1382.678139][T18152] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1382.756573][T15237] libceph: connect (1)[c::]:6789 error -101
[ 1382.762986][T15237] libceph: mon0 (1)[c::]:6789 connect error
[ 1383.029467][T15237] libceph: connect (1)[c::]:6789 error -101
[ 1383.068418][T15237] libceph: mon0 (1)[c::]:6789 connect error
[ 1383.639723][T15237] libceph: connect (1)[c::]:6789 error -101
[ 1383.645805][T15237] libceph: mon0 (1)[c::]:6789 connect error
[ 1383.656132][T18170] ceph: No mds server is up or the cluster is laggy
[ 1383.674048][T18181] 9pnet_fd: Insufficient options for proto=fd
[ 1384.273681][T18185] bridge9: entered promiscuous mode
[ 1384.663458][T12241] Bluetooth: hci2: command 0x041b tx timeout
[ 1384.672301][T12256] Bluetooth: hci3: command 0x0419 tx timeout
[ 1384.777543][T12256] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1384.778197][T12241] Bluetooth: hci0: command 0x040f tx timeout
[ 1384.783788][T12256] Bluetooth: hci4: command 0x041b tx timeout
[ 1384.921684][T18190] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3319'.
[ 1384.984993][T18190] netlink: 'syz.7.3319': attribute type 1 has an invalid length.
[ 1385.006562][T18190] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3319'.
[ 1385.226752][T18196] pvfs2: Unknown parameter 'ÿÿ'
[ 1385.274048][T18198] 9pnet_fd: Insufficient options for proto=fd
[ 1386.127589][T18209] 9pnet_fd: Insufficient options for proto=fd
[ 1388.535548][T18221] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3328'.
[ 1389.259354][T18231] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3329'.
[ 1392.846312][T18260] netdevsim netdevsim8 netdevsim0: entered promiscuous mode
[ 1392.975588][T18262] 9pnet_fd: Insufficient options for proto=fd
[ 1392.985647][T17991] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[ 1393.484418][T17991] usb 6-1: config 0 has an invalid interface number: 214 but max is 0
[ 1393.527440][T17991] usb 6-1: config 0 has no interface number 0
[ 1393.547649][T17991] usb 6-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 1393.617537][T17991] usb 6-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1393.674128][T17991] usb 6-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[ 1393.685337][T17991] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1393.712102][T17991] usb 6-1: Product: syz
[ 1393.797531][T17991] usb 6-1: Manufacturer: syz
[ 1393.813210][T17991] usb 6-1: SerialNumber: syz
[ 1393.854173][T17991] usb 6-1: config 0 descriptor??
[ 1395.960640][T17991] usbtouchscreen 6-1:0.214: Failed to read FW rev: -71
[ 1396.049270][T17991] usbtouchscreen 6-1:0.214: probe with driver usbtouchscreen failed with error -71
[ 1396.226695][T17991] usb 6-1: USB disconnect, device number 24
[ 1396.272329][T18291] 9pnet_fd: Insufficient options for proto=fd
[ 1397.312930][T18291] No control pipe specified
[ 1397.895094][T18306] 9pnet_fd: Insufficient options for proto=fd
[ 1398.795759][T18314] FAULT_INJECTION: forcing a failure.
[ 1398.795759][T18314] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1398.871097][T18314] CPU: 1 UID: 0 PID: 18314 Comm: syz.7.3357 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1398.871129][T18314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1398.871143][T18314] Call Trace:
[ 1398.871153][T18314]  <TASK>
[ 1398.871162][T18314]  dump_stack_lvl+0x189/0x250
[ 1398.871199][T18314]  ? __pfx____ratelimit+0x10/0x10
[ 1398.871230][T18314]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1398.871260][T18314]  ? __pfx__printk+0x10/0x10
[ 1398.871281][T18314]  ? __might_fault+0xb0/0x130
[ 1398.871319][T18314]  should_fail_ex+0x414/0x560
[ 1398.871349][T18314]  _copy_from_user+0x2d/0xb0
[ 1398.871382][T18314]  get_sg_io_hdr+0xe2/0x820
[ 1398.871405][T18314]  ? _raw_write_unlock_irqrestore+0x85/0x110
[ 1398.871435][T18314]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1398.871468][T18314]  ? __pfx_get_sg_io_hdr+0x10/0x10
[ 1398.871501][T18314]  ? sg_add_request+0x62e/0x690
[ 1398.871535][T18314]  sg_new_write+0x139/0x7b0
[ 1398.871568][T18314]  ? __pfx___might_resched+0x10/0x10
[ 1398.871599][T18314]  ? __pfx_sg_new_write+0x10/0x10
[ 1398.871662][T18314]  ? __lock_acquire+0xab9/0xd20
[ 1398.871692][T18314]  sg_ioctl+0x11af/0x2230
[ 1398.871732][T18314]  ? __pfx_sg_ioctl+0x10/0x10
[ 1398.871767][T18314]  ? __fget_files+0x2a/0x420
[ 1398.871794][T18314]  ? __fget_files+0x3a0/0x420
[ 1398.871820][T18314]  ? __fget_files+0x2a/0x420
[ 1398.871852][T18314]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1398.871880][T18314]  ? __pfx_sg_ioctl+0x10/0x10
[ 1398.871908][T18314]  __se_sys_ioctl+0xfc/0x170
[ 1398.871941][T18314]  do_syscall_64+0xfa/0x3b0
[ 1398.871969][T18314]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1398.871997][T18314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1398.872018][T18314]  ? clear_bhb_loop+0x60/0xb0
[ 1398.872044][T18314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1398.872065][T18314] RIP: 0033:0x7f3cf518e929
[ 1398.872083][T18314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1398.872102][T18314] RSP: 002b:00007f3cf5f7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1398.872125][T18314] RAX: ffffffffffffffda RBX: 00007f3cf53b5fa0 RCX: 00007f3cf518e929
[ 1398.872141][T18314] RDX: 0000200000000040 RSI: 0000000000002285 RDI: 0000000000000003
[ 1398.872156][T18314] RBP: 00007f3cf5f7e090 R08: 0000000000000000 R09: 0000000000000000
[ 1398.872169][T18314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1398.872182][T18314] R13: 0000000000000000 R14: 00007f3cf53b5fa0 R15: 00007fff668c1ab8
[ 1398.872215][T18314]  </TASK>
[ 1399.123979][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1399.130282][  T980] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[ 1400.126502][  T980] usb 7-1: Using ep0 maxpacket: 32
[ 1400.249935][  T980] usb 7-1: too many endpoints for config 1 interface 0 altsetting 0: 127, using maximum allowed: 30
[ 1400.359553][  T980] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1400.480511][  T980] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1400.532565][T18335] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3363'.
[ 1400.543985][  T980] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[ 1400.596031][  T980] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 127
[ 1401.531183][  T980] usb 7-1: string descriptor 0 read error: -71
[ 1401.540728][  T980] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1401.552562][  T980] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1401.595445][  T980] usb 7-1: can't set config #1, error -71
[ 1401.757672][  T980] usb 7-1: USB disconnect, device number 30
[ 1403.725926][T18359] 9pnet_fd: Insufficient options for proto=fd
[ 1405.103815][T18364] binder: 18362:18364 ioctl c0306201 200000001a80 returned -14
[ 1405.253327][T18361] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1405.271441][T18361] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1405.281005][T18361] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1405.299780][T18361] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1405.310388][T18361] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1405.316891][T18361] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1405.679509][T14047] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[ 1406.498220][T12256] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1406.587515][T14047] usb 9-1: device descriptor read/64, error -71
[ 1406.861402][T14047] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[ 1407.196592][ T5876] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[ 1407.288084][T12256] Bluetooth: hci4: command 0x041b tx timeout
[ 1407.288292][T12241] Bluetooth: hci3: command 0x0419 tx timeout
[ 1407.294174][T12256] Bluetooth: hci2: command 0x041b tx timeout
[ 1407.378878][T12241] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1407.385048][ T5824] Bluetooth: hci0: command 0x040f tx timeout
[ 1407.407525][T14047] usb 9-1: device descriptor read/64, error -71
[ 1407.427440][ T5876] usb 7-1: Using ep0 maxpacket: 32
[ 1407.439056][ T5876] usb 7-1: too many endpoints for config 1 interface 0 altsetting 0: 127, using maximum allowed: 30
[ 1407.450419][ T5876] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1407.469481][ T5876] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1407.479529][ T5876] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[ 1407.489698][ T5876] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 127
[ 1407.504727][ T5876] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1407.522552][T14047] usb usb9-port1: attempt power cycle
[ 1407.537471][ T5876] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1407.545656][ T5876] usb 7-1: SerialNumber: syz
[ 1407.575563][T18389] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1407.671712][T18408] 9pnet_fd: Insufficient options for proto=fd
[ 1407.790600][T18406] netlink: 'syz.8.3381': attribute type 1 has an invalid length.
[ 1407.798424][T18406] netlink: 224 bytes leftover after parsing attributes in process `syz.8.3381'.
[ 1407.812767][ T5876] cdc_acm 7-1:1.0: Control and data interfaces are not separated!
[ 1407.821629][ T5876] cdc_acm 7-1:1.0: This needs exactly 3 endpoints
[ 1407.829448][ T5876] cdc_acm 7-1:1.0: probe with driver cdc_acm failed with error -22
[ 1407.872960][T18409] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1408.244415][ T5876] usb 7-1: USB disconnect, device number 31
[ 1409.826537][T18422] random: crng reseeded on system resumption
[ 1409.855864][T18421] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3386'.
[ 1411.937741][T18445] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3393'.
[ 1412.115007][T18451] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3394'.
[ 1412.550849][T18453] 9pnet_fd: Insufficient options for proto=fd
[ 1413.377761][T18459] 9pnet_fd: Insufficient options for proto=fd
[ 1413.650584][T18460] No control pipe specified
[ 1414.865062][ T5876] libceph: connect (1)[c::]:6789 error -101
[ 1414.886401][ T5876] libceph: mon0 (1)[c::]:6789 connect error
[ 1414.966137][  T980] libceph: connect (1)[c::]:6789 error -101
[ 1414.972799][  T980] libceph: mon0 (1)[c::]:6789 connect error
[ 1415.322906][T15237] libceph: connect (1)[c::]:6789 error -101
[ 1415.343627][T15237] libceph: mon0 (1)[c::]:6789 connect error
[ 1415.370090][ T5876] libceph: connect (1)[c::]:6789 error -101
[ 1415.404930][ T5876] libceph: mon0 (1)[c::]:6789 connect error
[ 1415.664006][T18479] ceph: No mds server is up or the cluster is laggy
[ 1415.704900][T18477] ceph: No mds server is up or the cluster is laggy
[ 1417.445987][T18525] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[ 1419.250746][T18542] FAULT_INJECTION: forcing a failure.
[ 1419.250746][T18542] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1419.298673][T18539] ptm ptm4: ldisc open failed (-12), clearing slot 4
[ 1419.330401][T18542] CPU: 0 UID: 0 PID: 18542 Comm: syz.6.3418 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1419.330434][T18542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1419.330465][T18542] Call Trace:
[ 1419.330474][T18542]  <TASK>
[ 1419.330485][T18542]  dump_stack_lvl+0x189/0x250
[ 1419.330521][T18542]  ? __pfx____ratelimit+0x10/0x10
[ 1419.330552][T18542]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1419.330583][T18542]  ? __pfx__printk+0x10/0x10
[ 1419.330605][T18542]  ? __might_fault+0xb0/0x130
[ 1419.330643][T18542]  should_fail_ex+0x414/0x560
[ 1419.330674][T18542]  _copy_from_user+0x2d/0xb0
[ 1419.330708][T18542]  map_lookup_elem+0x3a9/0x620
[ 1419.330743][T18542]  __sys_bpf+0x46b/0x860
[ 1419.330771][T18542]  ? __pfx___sys_bpf+0x10/0x10
[ 1419.330811][T18542]  ? ksys_write+0x22a/0x250
[ 1419.330837][T18542]  ? __pfx_ksys_write+0x10/0x10
[ 1419.330858][T18542]  ? rcu_is_watching+0x15/0xb0
[ 1419.330897][T18542]  __x64_sys_bpf+0x7c/0x90
[ 1419.330923][T18542]  do_syscall_64+0xfa/0x3b0
[ 1419.330952][T18542]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1419.330981][T18542]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1419.331002][T18542]  ? clear_bhb_loop+0x60/0xb0
[ 1419.331028][T18542]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1419.331048][T18542] RIP: 0033:0x7fe76cb8e929
[ 1419.331067][T18542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1419.331086][T18542] RSP: 002b:00007fe76d97a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1419.331109][T18542] RAX: ffffffffffffffda RBX: 00007fe76cdb5fa0 RCX: 00007fe76cb8e929
[ 1419.331125][T18542] RDX: 0000000000000020 RSI: 0000200000001100 RDI: 0000000000000001
[ 1419.331139][T18542] RBP: 00007fe76d97a090 R08: 0000000000000000 R09: 0000000000000000
[ 1419.331153][T18542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1419.331166][T18542] R13: 0000000000000000 R14: 00007fe76cdb5fa0 R15: 00007ffcbf8ca518
[ 1419.331207][T18542]  </TASK>
[ 1422.733723][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1424.154017][T18607] FAULT_INJECTION: forcing a failure.
[ 1424.154017][T18607] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1424.182376][T18607] CPU: 1 UID: 0 PID: 18607 Comm: syz.6.3438 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1424.182409][T18607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1424.182423][T18607] Call Trace:
[ 1424.182432][T18607]  <TASK>
[ 1424.182442][T18607]  dump_stack_lvl+0x189/0x250
[ 1424.182480][T18607]  ? __pfx____ratelimit+0x10/0x10
[ 1424.182511][T18607]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1424.182542][T18607]  ? __pfx__printk+0x10/0x10
[ 1424.182564][T18607]  ? __might_fault+0xb0/0x130
[ 1424.182603][T18607]  should_fail_ex+0x414/0x560
[ 1424.182634][T18607]  _copy_from_user+0x2d/0xb0
[ 1424.182668][T18607]  dma_buf_ioctl+0x163/0x880
[ 1424.182696][T18607]  ? __pfx_dma_buf_ioctl+0x10/0x10
[ 1424.182731][T18607]  ? __fget_files+0x2a/0x420
[ 1424.182757][T18607]  ? __fget_files+0x3a0/0x420
[ 1424.182790][T18607]  ? __fget_files+0x2a/0x420
[ 1424.182822][T18607]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1424.182851][T18607]  ? __pfx_dma_buf_ioctl+0x10/0x10
[ 1424.182875][T18607]  __se_sys_ioctl+0xfc/0x170
[ 1424.182901][T18607]  do_syscall_64+0xfa/0x3b0
[ 1424.182930][T18607]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1424.182960][T18607]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1424.182981][T18607]  ? clear_bhb_loop+0x60/0xb0
[ 1424.183008][T18607]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1424.183028][T18607] RIP: 0033:0x7fe76cb8e929
[ 1424.183047][T18607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1424.183066][T18607] RSP: 002b:00007fe76d97a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1424.183089][T18607] RAX: ffffffffffffffda RBX: 00007fe76cdb5fa0 RCX: 00007fe76cb8e929
[ 1424.183105][T18607] RDX: 0000200000000080 RSI: 0000000040086200 RDI: 0000000000000006
[ 1424.183120][T18607] RBP: 00007fe76d97a090 R08: 0000000000000000 R09: 0000000000000000
[ 1424.183134][T18607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1424.183147][T18607] R13: 0000000000000000 R14: 00007fe76cdb5fa0 R15: 00007ffcbf8ca518
[ 1424.183180][T18607]  </TASK>
[ 1425.022519][   T30] audit: type=1800 audit(1425.352:214): pid=18619 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.3442" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1425.070139][T18617] kvm: kvm [18614]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0xffffffffffffffff
[ 1427.259453][  T980] libceph: connect (1)[c::]:6789 error -101
[ 1427.504894][T18628] ceph: No mds server is up or the cluster is laggy
[ 1427.514699][  T980] libceph: mon0 (1)[c::]:6789 connect error
[ 1428.693630][T18651] overlay: Unknown parameter 'subj_role'
[ 1428.724080][T18645] FAULT_INJECTION: forcing a failure.
[ 1428.724080][T18645] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1429.032621][T18645] CPU: 0 UID: 0 PID: 18645 Comm: syz.6.3451 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1429.032656][T18645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1429.032670][T18645] Call Trace:
[ 1429.032681][T18645]  <TASK>
[ 1429.032691][T18645]  dump_stack_lvl+0x189/0x250
[ 1429.032727][T18645]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1429.032759][T18645]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1429.032791][T18645]  ? __pfx__printk+0x10/0x10
[ 1429.032815][T18645]  ? __might_fault+0xb0/0x130
[ 1429.032845][T18645]  ? kasan_check_range+0x7/0x2c0
[ 1429.032877][T18645]  should_fail_ex+0x414/0x560
[ 1429.032908][T18645]  core_sys_select+0x724/0xa20
[ 1429.032948][T18645]  ? __pfx_core_sys_select+0x10/0x10
[ 1429.033001][T18645]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1429.033044][T18645]  __se_sys_pselect6+0x27a/0x300
[ 1429.033078][T18645]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 1429.033161][T18645]  ? __pfx_ksys_write+0x10/0x10
[ 1429.033187][T18645]  ? rcu_is_watching+0x15/0xb0
[ 1429.033224][T18645]  ? __x64_sys_pselect6+0x21/0xf0
[ 1429.033254][T18645]  do_syscall_64+0xfa/0x3b0
[ 1429.033284][T18645]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1429.033313][T18645]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1429.033334][T18645]  ? clear_bhb_loop+0x60/0xb0
[ 1429.033361][T18645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1429.033382][T18645] RIP: 0033:0x7fe76cb8e929
[ 1429.033401][T18645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1429.033420][T18645] RSP: 002b:00007fe76d97a038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1429.033444][T18645] RAX: ffffffffffffffda RBX: 00007fe76cdb5fa0 RCX: 00007fe76cb8e929
[ 1429.033461][T18645] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[ 1429.033474][T18645] RBP: 00007fe76d97a090 R08: 0000000000000000 R09: 0000000000000000
[ 1429.033488][T18645] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[ 1429.033502][T18645] R13: 0000000000000000 R14: 00007fe76cdb5fa0 R15: 00007ffcbf8ca518
[ 1429.033536][T18645]  </TASK>
[ 1429.242116][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1432.589892][T18702] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3464'.
[ 1433.097609][ T5876] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[ 1433.257612][ T5876] usb 9-1: Using ep0 maxpacket: 16
[ 1433.266268][ T5876] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1433.277873][ T5876] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1433.289989][ T5876] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1433.302963][ T5876] usb 9-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[ 1433.332540][ T5876] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1433.357992][ T5876] usb 9-1: config 0 descriptor??
[ 1434.608522][T18724] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1434.615742][T18724] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1434.623598][T18724] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1434.630962][T18724] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1434.638142][T18724] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1434.645505][T18724] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1435.001631][ T5876] hid-multitouch 0003:0457:07DA.0006: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.8-1/input0
[ 1435.074337][ T5957] usb 9-1: USB disconnect, device number 5
[ 1435.212453][T18736] fido_id[18736]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[ 1435.687462][ T5824] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1436.647551][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1436.647654][T12241] Bluetooth: hci0: command 0x040f tx timeout
[ 1436.656687][T12256] Bluetooth: hci4: command 0x041b tx timeout
[ 1436.660001][T15686] Bluetooth: hci3: command 0x0419 tx timeout
[ 1436.665936][T12256] Bluetooth: hci2: command 0x041b tx timeout
[ 1440.067368][T14047] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[ 1440.259554][T14047] usb 9-1: Using ep0 maxpacket: 16
[ 1440.281686][T14047] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1440.307730][T14047] usb 9-1: config 1 has an invalid interface number: 206 but max is 0
[ 1440.326644][T14047] usb 9-1: config 1 has no interface number 0
[ 1440.347551][T14047] usb 9-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[ 1440.571866][T14047] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1440.580095][T14047] usb 9-1: Product: syz
[ 1440.584418][T14047] usb 9-1: Manufacturer: syz
[ 1440.589233][T14047] usb 9-1: SerialNumber: syz
[ 1441.644607][T18777] Invalid ELF header magic: != ELF
[ 1441.993226][T18768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1442.002037][T18768] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1442.060038][T14047] usb 9-1: USB disconnect, device number 6
[ 1442.247469][ T5950] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[ 1443.195873][ T5950] usb 5-1: Using ep0 maxpacket: 32
[ 1443.222670][ T5950] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 127, using maximum allowed: 30
[ 1443.236094][ T5950] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1443.251306][ T5950] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1443.355109][T18792] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3492'.
[ 1443.732006][ T5950] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[ 1443.744035][ T5950] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 127
[ 1443.769662][ T5950] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1443.779584][ T5950] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1443.787919][ T5950] usb 5-1: SerialNumber: syz
[ 1443.813584][T18779] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 1443.826022][ T5950] cdc_acm 5-1:1.0: Control and data interfaces are not separated!
[ 1443.852513][ T5950] cdc_acm 5-1:1.0: This needs exactly 3 endpoints
[ 1443.859898][ T5950] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22
[ 1443.952377][T18796] FAULT_INJECTION: forcing a failure.
[ 1443.952377][T18796] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1443.965921][T18796] CPU: 0 UID: 0 PID: 18796 Comm: syz.5.3493 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1443.965951][T18796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1443.965964][T18796] Call Trace:
[ 1443.965973][T18796]  <TASK>
[ 1443.965982][T18796]  dump_stack_lvl+0x189/0x250
[ 1443.966016][T18796]  ? __pfx____ratelimit+0x10/0x10
[ 1443.966046][T18796]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1443.966075][T18796]  ? __pfx__printk+0x10/0x10
[ 1443.966111][T18796]  should_fail_ex+0x414/0x560
[ 1443.966140][T18796]  _copy_from_user+0x2d/0xb0
[ 1443.966172][T18796]  copy_from_sockptr+0x48/0x70
[ 1443.966202][T18796]  raw_setsockopt+0x596/0x1160
[ 1443.966234][T18796]  ? __pfx_raw_setsockopt+0x10/0x10
[ 1443.966269][T18796]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1443.966294][T18796]  ? __pfx_raw_setsockopt+0x10/0x10
[ 1443.966321][T18796]  do_sock_setsockopt+0x257/0x3e0
[ 1443.966348][T18796]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1443.966377][T18796]  ? __fget_files+0x2a/0x420
[ 1443.966413][T18796]  __x64_sys_setsockopt+0x18b/0x220
[ 1443.966444][T18796]  do_syscall_64+0xfa/0x3b0
[ 1443.966472][T18796]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1443.966499][T18796]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1443.966519][T18796]  ? clear_bhb_loop+0x60/0xb0
[ 1443.966544][T18796]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1443.966563][T18796] RIP: 0033:0x7f0dfbd8e929
[ 1443.966581][T18796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1443.966600][T18796] RSP: 002b:00007f0dfcbd4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1443.966623][T18796] RAX: ffffffffffffffda RBX: 00007f0dfbfb6080 RCX: 00007f0dfbd8e929
[ 1443.966639][T18796] RDX: 0000000000000001 RSI: 0000000000000065 RDI: 0000000000000005
[ 1443.966652][T18796] RBP: 00007f0dfcbd4090 R08: 0000000000000008 R09: 0000000000000000
[ 1443.966666][T18796] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[ 1443.966679][T18796] R13: 0000000000000000 R14: 00007f0dfbfb6080 R15: 00007ffd5b50ea28
[ 1443.966712][T18796]  </TASK>
[ 1447.465722][T14047] usb 5-1: USB disconnect, device number 30
[ 1448.197348][  T980] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1448.367335][  T980] usb 6-1: Using ep0 maxpacket: 32
[ 1448.374820][  T980] usb 6-1: config 0 has an invalid interface number: 151 but max is 0
[ 1448.387323][  T980] usb 6-1: config 0 has no interface number 0
[ 1448.396777][  T980] usb 6-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1448.440800][  T980] usb 6-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[ 1448.451885][  T980] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1448.481150][  T980] usb 6-1: Product: syz
[ 1448.485389][  T980] usb 6-1: Manufacturer: syz
[ 1448.507360][  T980] usb 6-1: SerialNumber: syz
[ 1448.528385][  T980] usb 6-1: config 0 descriptor??
[ 1449.348819][  T980] usb 6-1: USB disconnect, device number 25
[ 1449.434978][ T9537] udevd[9537]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1449.520291][ T8720] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1449.535773][ T8720] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1449.548513][ T8720] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1449.561550][ T8720] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1449.578619][ T8720] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1452.287438][ T8720] Bluetooth: hci6: command tx timeout
[ 1452.631228][T18834] chnl_net:caif_netlink_parms(): no params data found
[ 1452.682155][T14047] libceph: connect (1)[c::]:6789 error -101
[ 1452.698763][T14047] libceph: mon0 (1)[c::]:6789 connect error
[ 1452.721208][T18859] ceph: No mds server is up or the cluster is laggy
[ 1452.968723][T14047] libceph: connect (1)[c::]:6789 error -101
[ 1452.974937][T14047] libceph: mon0 (1)[c::]:6789 connect error
[ 1453.087430][T18873] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1453.095588][T18873] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[ 1453.105317][T18873] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1453.113424][T18873] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[ 1454.333269][ T8720] Bluetooth: hci6: command tx timeout
[ 1454.408654][T18883] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3515'.
[ 1454.876466][T18834] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1454.885487][T18834] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1454.893588][T18834] bridge_slave_0: entered allmulticast mode
[ 1454.903671][T18834] bridge_slave_0: entered promiscuous mode
[ 1455.600803][T18891] omfs: Invalid superblock (0)
[ 1455.931564][T18834] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1455.955600][T18834] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1455.969455][T18834] bridge_slave_1: entered allmulticast mode
[ 1456.064336][T18834] bridge_slave_1: entered promiscuous mode
[ 1456.290488][T18834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1456.324299][T18834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1456.437316][ T8720] Bluetooth: hci6: command tx timeout
[ 1456.458282][T18905] FAULT_INJECTION: forcing a failure.
[ 1456.458282][T18905] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1456.492090][T18905] CPU: 0 UID: 0 PID: 18905 Comm: syz.5.3523 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1456.492128][T18905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1456.492143][T18905] Call Trace:
[ 1456.492154][T18905]  <TASK>
[ 1456.492165][T18905]  dump_stack_lvl+0x189/0x250
[ 1456.492208][T18905]  ? __pfx____ratelimit+0x10/0x10
[ 1456.492253][T18905]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1456.492288][T18905]  ? __pfx__printk+0x10/0x10
[ 1456.492315][T18905]  ? fs_reclaim_acquire+0x7d/0x100
[ 1456.492359][T18905]  should_fail_ex+0x414/0x560
[ 1456.492394][T18905]  prepare_alloc_pages+0x213/0x610
[ 1456.492437][T18905]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1456.492478][T18905]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1456.492525][T18905]  ? policy_nodemask+0x27c/0x720
[ 1456.492552][T18905]  ? __lock_acquire+0xab9/0xd20
[ 1456.492590][T18905]  alloc_pages_mpol+0x232/0x4a0
[ 1456.492627][T18905]  vma_alloc_folio_noprof+0xe4/0x200
[ 1456.492662][T18905]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1456.492708][T18905]  folio_prealloc+0x30/0x180
[ 1456.492741][T18905]  __handle_mm_fault+0x2c88/0x5620
[ 1456.492793][T18905]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1456.492851][T18905]  ? follow_page_pte+0x8d6/0x14b0
[ 1456.492891][T18905]  handle_mm_fault+0x2d5/0x7f0
[ 1456.492918][T18905]  ? vma_is_secretmem+0xd/0x50
[ 1456.492959][T18905]  __get_user_pages+0x1af4/0x30b0
[ 1456.493028][T18905]  ? __pfx___get_user_pages+0x10/0x10
[ 1456.493053][T18905]  ? __gup_longterm_locked+0xbf7/0x15b0
[ 1456.493079][T18905]  ? down_read_killable+0x1d1/0x350
[ 1456.493101][T18905]  ? try_get_folio+0x633/0x660
[ 1456.493133][T18905]  __gup_longterm_locked+0xd66/0x15b0
[ 1456.493166][T18905]  ? try_grab_folio_fast+0x35b/0x4f0
[ 1456.493199][T18905]  ? sanity_check_pinned_pages+0x11c8/0x12c0
[ 1456.493235][T18905]  gup_fast_fallback+0x1cd4/0x2260
[ 1456.493306][T18905]  ? __pfx_gup_fast_fallback+0x10/0x10
[ 1456.493341][T18905]  ? rcu_is_watching+0x15/0xb0
[ 1456.493374][T18905]  ? is_valid_gup_args+0x11f/0x200
[ 1456.493403][T18905]  ? pin_user_pages_fast+0x4d/0xb0
[ 1456.493432][T18905]  rds_info_getsockopt+0x1fb/0x470
[ 1456.493477][T18905]  ? __pfx_rds_info_getsockopt+0x10/0x10
[ 1456.493516][T18905]  ? __might_fault+0xb0/0x130
[ 1456.493548][T18905]  ? rds_getsockopt+0x17b/0x500
[ 1456.493582][T18905]  do_sock_getsockopt+0x360/0x650
[ 1456.493614][T18905]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1456.493640][T18905]  ? do_syscall_64+0x40/0x3b0
[ 1456.493673][T18905]  ? __fget_files+0x3a0/0x420
[ 1456.493712][T18905]  ? __fget_files+0x2a/0x420
[ 1456.493753][T18905]  __x64_sys_getsockopt+0x1a5/0x250
[ 1456.493779][T18905]  ? do_syscall_64+0x40/0x3b0
[ 1456.493824][T18905]  ? do_syscall_64+0x40/0x3b0
[ 1456.493863][T18905]  do_syscall_64+0xfa/0x3b0
[ 1456.493895][T18905]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1456.493927][T18905]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1456.493950][T18905]  ? clear_bhb_loop+0x60/0xb0
[ 1456.493980][T18905]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1456.494003][T18905] RIP: 0033:0x7f0dfbd8e929
[ 1456.494025][T18905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1456.494045][T18905] RSP: 002b:00007f0dfcbf5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1456.494071][T18905] RAX: ffffffffffffffda RBX: 00007f0dfbfb5fa0 RCX: 00007f0dfbd8e929
[ 1456.494089][T18905] RDX: 000000000000271c RSI: 0000200000000114 RDI: 0000000000000006
[ 1456.494104][T18905] RBP: 00007f0dfcbf5090 R08: 0000200000000040 R09: 0000000000000000
[ 1456.494120][T18905] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001
[ 1456.494134][T18905] R13: 0000000000000000 R14: 00007f0dfbfb5fa0 R15: 00007ffd5b50ea28
[ 1456.494172][T18905]  </TASK>
[ 1456.916531][T18834] team0: Port device team_slave_0 added
[ 1457.396936][T18834] team0: Port device team_slave_1 added
[ 1458.264165][T18834] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1458.289498][T18834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1458.548015][T18834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1458.548479][ T8720] Bluetooth: hci6: command tx timeout
[ 1458.779759][T18834] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1458.786787][T18834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1458.910882][T18834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1460.385092][T18834] hsr_slave_0: entered promiscuous mode
[ 1460.428732][T18834] hsr_slave_1: entered promiscuous mode
[ 1460.455883][T18834] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1460.471314][T18834] Cannot create hsr debugfs directory
[ 1460.667061][T18949] 9pnet_fd: Insufficient options for proto=fd
[ 1461.158285][T18943] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1461.183252][T18943] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1461.193598][T18943] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1461.222901][T18943] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1461.686821][T18943] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1461.702015][T18943] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1461.709801][T18943] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1461.718827][T18943] Bluetooth: hci6: Opcode 0x0406 failed: -4
[ 1461.748432][T18943] Bluetooth: hci6: Opcode 0x0406 failed: -4
[ 1462.069449][T18834] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1462.088881][T18834] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1462.104191][T18834] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1462.152876][T18834] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1462.471652][T18975] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3545'.
[ 1462.809957][ T8720] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1463.225155][ T8720] Bluetooth: hci3: command 0x0419 tx timeout
[ 1463.235417][T18751] Bluetooth: hci2: command 0x041b tx timeout
[ 1463.287683][ T8720] Bluetooth: hci4: command 0x041b tx timeout
[ 1463.454329][T18985] 9pnet_fd: Insufficient options for proto=fd
[ 1463.768963][T12256] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1463.775527][T18751] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1463.782753][ T8720] Bluetooth: hci0: command 0x040f tx timeout
[ 1463.838684][T18834] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1463.879019][T18834] 8021q: adding VLAN 0 to HW filter on device team0
[ 1463.913151][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1463.920486][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1463.936178][T18977] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1463.956722][T18977] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1464.039629][T18977] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1464.047605][T18977] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1464.135904][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1464.143188][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1464.158094][T18977] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1464.182375][T18977] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1464.208437][T18977] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1465.047833][ T8720] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1465.935361][T18834] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1466.008782][ T8720] Bluetooth: hci2: command 0x041b tx timeout
[ 1466.078149][T19027] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3556'.
[ 1466.518954][T18751] Bluetooth: hci3: command 0x0419 tx timeout
[ 1466.525681][T12256] Bluetooth: hci0: command 0x040f tx timeout
[ 1466.526323][T15686] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1466.545610][T18751] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1466.554018][ T8720] Bluetooth: hci4: command 0x041b tx timeout
[ 1467.224129][T19032] 9pnet_fd: Insufficient options for proto=fd
[ 1468.488489][T18751] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1468.509100][T19016] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 1468.586227][T18751] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1468.763610][T19016] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1468.800480][T19016] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1468.823793][T19016] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1468.838675][T19016] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1468.848433][T19016] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1468.855792][T19016] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1469.685153][T19039] delete_channel: no stack
[ 1469.817350][T15237] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[ 1470.959157][T18751] Bluetooth: hci2: command 0x041b tx timeout
[ 1470.965488][T18751] Bluetooth: hci3: command 0x0419 tx timeout
[ 1470.965596][T12256] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1470.977692][T12256] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1470.983703][T12256] Bluetooth: hci0: command 0x040f tx timeout
[ 1470.987564][ T8720] Bluetooth: hci4: command 0x041b tx timeout
[ 1471.009364][T15237] usb 5-1: Using ep0 maxpacket: 32
[ 1471.050431][T15237] usb 5-1: config 0 has an invalid interface number: 151 but max is 0
[ 1471.059074][T15237] usb 5-1: config 0 has no interface number 0
[ 1471.065205][T15237] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1471.815093][T15237] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[ 1471.892769][T15237] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1472.056168][T15237] usb 5-1: Product: syz
[ 1472.239450][T15237] usb 5-1: Manufacturer: syz
[ 1472.264787][T15237] usb 5-1: SerialNumber: syz
[ 1472.398853][T15237] usb 5-1: config 0 descriptor??
[ 1472.605280][T18834] veth0_vlan: entered promiscuous mode
[ 1472.653805][T18834] veth1_vlan: entered promiscuous mode
[ 1472.793683][T15237] usb 5-1: USB disconnect, device number 31
[ 1472.846141][T18834] veth0_macvtap: entered promiscuous mode
[ 1472.881454][T18834] veth1_macvtap: entered promiscuous mode
[ 1472.902063][T19049] udevd[19049]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1472.917728][T18834] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1473.662099][T18834] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1473.785427][T18834] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1473.821893][T18834] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1473.834690][T18834] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1473.843493][T18834] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1473.965310][T19090] 9pnet_fd: Insufficient options for proto=fd
[ 1474.190578][ T5956] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1474.269007][ T5956] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1475.027787][T16062] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1475.034785][T19094] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1475.045100][T19094] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1475.063943][T16062] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1475.105294][T19094] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1475.115452][T19094] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1475.132712][T19094] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1475.161417][T19094] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1475.173181][T19094] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1475.423189][ T5910] libceph: connect (1)[c::]:6789 error -101
[ 1475.431705][ T5910] libceph: mon0 (1)[c::]:6789 connect error
[ 1475.587709][T14047] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1475.657464][T17035] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[ 1475.719995][T15237] libceph: connect (1)[c::]:6789 error -101
[ 1475.726382][T15237] libceph: mon0 (1)[c::]:6789 connect error
[ 1475.757542][T14047] usb 6-1: Using ep0 maxpacket: 32
[ 1475.764575][T14047] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 127, using maximum allowed: 30
[ 1475.776550][T14047] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1475.786784][T14047] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1475.796685][T14047] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[ 1475.807769][T14047] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 127
[ 1475.824358][T14047] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1475.833951][T17035] usb 5-1: Using ep0 maxpacket: 16
[ 1475.839383][T14047] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1475.855287][T17035] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1475.869860][T14047] usb 6-1: SerialNumber: syz
[ 1475.877514][T17035] usb 5-1: config 1 has an invalid interface number: 206 but max is 0
[ 1475.885724][T17035] usb 5-1: config 1 has no interface number 0
[ 1475.895981][T19101] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1475.908250][T14047] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[ 1475.916131][T14047] cdc_acm 6-1:1.0: This needs exactly 3 endpoints
[ 1475.924966][T14047] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -22
[ 1475.936851][T17035] usb 5-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[ 1475.946320][T17035] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1475.957544][T17035] usb 5-1: Product: syz
[ 1475.962710][T17035] usb 5-1: Manufacturer: syz
[ 1475.970489][T17035] usb 5-1: SerialNumber: syz
[ 1476.124693][T19105] ceph: No mds server is up or the cluster is laggy
[ 1477.110531][T18751] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1477.129435][ T8720] Bluetooth: hci3: command 0x0419 tx timeout
[ 1477.135820][T12256] Bluetooth: hci2: command 0x041b tx timeout
[ 1477.136005][T18751] Bluetooth: hci4: command 0x041b tx timeout
[ 1477.207348][T18751] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1477.207436][T12256] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1477.213509][ T8720] Bluetooth: hci0: command 0x040f tx timeout
[ 1478.316989][T14047] usb 6-1: USB disconnect, device number 26
[ 1478.396480][T17035] usb 5-1: USB disconnect, device number 32
[ 1479.219167][T19133] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1480.815535][T19150] 9pnet_fd: Insufficient options for proto=fd
[ 1481.513031][T19156] input: syz1 as /devices/virtual/input/input9
[ 1481.723417][T19163] MPI: mpi too large (124808 bits)
[ 1482.077634][T19165] FAULT_INJECTION: forcing a failure.
[ 1482.077634][T19165] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1482.620831][T19165] CPU: 0 UID: 0 PID: 19165 Comm: syz.4.3593 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1482.620856][T19165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1482.620865][T19165] Call Trace:
[ 1482.620872][T19165]  <TASK>
[ 1482.620880][T19165]  dump_stack_lvl+0x189/0x250
[ 1482.620907][T19165]  ? __pfx____ratelimit+0x10/0x10
[ 1482.620929][T19165]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1482.620951][T19165]  ? __pfx__printk+0x10/0x10
[ 1482.620984][T19165]  should_fail_ex+0x414/0x560
[ 1482.621006][T19165]  _copy_from_user+0x2d/0xb0
[ 1482.621030][T19165]  bpf_test_init+0xf8/0x170
[ 1482.621049][T19165]  bpf_prog_test_run_skb+0x1e9/0x1560
[ 1482.621065][T19165]  ? __rcu_read_unlock+0x84/0xe0
[ 1482.621084][T19165]  ? __fget_files+0x2a/0x420
[ 1482.621111][T19165]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1482.621128][T19165]  bpf_prog_test_run+0x2c7/0x340
[ 1482.621151][T19165]  __sys_bpf+0x4a4/0x860
[ 1482.621171][T19165]  ? __pfx___sys_bpf+0x10/0x10
[ 1482.621187][T19165]  ? preempt_schedule_irq+0xde/0x150
[ 1482.621230][T19165]  __x64_sys_bpf+0x7c/0x90
[ 1482.621247][T19165]  do_syscall_64+0xfa/0x3b0
[ 1482.621269][T19165]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1482.621283][T19165]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1482.621297][T19165]  ? clear_bhb_loop+0x60/0xb0
[ 1482.621316][T19165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1482.621330][T19165] RIP: 0033:0x7faf08f8e929
[ 1482.621344][T19165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1482.621357][T19165] RSP: 002b:00007faf09ecc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1482.621374][T19165] RAX: ffffffffffffffda RBX: 00007faf091b5fa0 RCX: 00007faf08f8e929
[ 1482.621385][T19165] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a
[ 1482.621395][T19165] RBP: 00007faf09ecc090 R08: 0000000000000000 R09: 0000000000000000
[ 1482.621405][T19165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1482.621414][T19165] R13: 0000000000000000 R14: 00007faf091b5fa0 R15: 00007fff4646a478
[ 1482.621436][T19165]  </TASK>
[ 1483.393263][T19179] Bluetooth: MGMT ver 1.23
[ 1484.180988][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.338723][T19188] 9pnet_fd: Insufficient options for proto=fd
[ 1484.527462][T19189] No control pipe specified
[ 1485.300034][T19201] FAULT_INJECTION: forcing a failure.
[ 1485.300034][T19201] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1485.331021][T19201] CPU: 0 UID: 0 PID: 19201 Comm: syz.4.3603 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1485.331044][T19201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1485.331054][T19201] Call Trace:
[ 1485.331060][T19201]  <TASK>
[ 1485.331068][T19201]  dump_stack_lvl+0x189/0x250
[ 1485.331094][T19201]  ? __pfx____ratelimit+0x10/0x10
[ 1485.331116][T19201]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1485.331138][T19201]  ? __pfx__printk+0x10/0x10
[ 1485.331163][T19201]  should_fail_ex+0x414/0x560
[ 1485.331189][T19201]  _copy_to_user+0x31/0xb0
[ 1485.331215][T19201]  simple_read_from_buffer+0xe1/0x170
[ 1485.331238][T19201]  proc_fail_nth_read+0x1df/0x250
[ 1485.331262][T19201]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1485.331286][T19201]  ? rw_verify_area+0x258/0x650
[ 1485.331302][T19201]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1485.331325][T19201]  vfs_read+0x1fd/0x980
[ 1485.331346][T19201]  ? __pfx___mutex_lock+0x10/0x10
[ 1485.331369][T19201]  ? __pfx_vfs_read+0x10/0x10
[ 1485.331387][T19201]  ? __fget_files+0x2a/0x420
[ 1485.331410][T19201]  ? __fget_files+0x3a0/0x420
[ 1485.331440][T19201]  ? __fget_files+0x2a/0x420
[ 1485.331467][T19201]  ksys_read+0x145/0x250
[ 1485.331482][T19201]  ? __fget_files+0x2a/0x420
[ 1485.331503][T19201]  ? __pfx_ksys_read+0x10/0x10
[ 1485.331524][T19201]  ? do_syscall_64+0xbe/0x3b0
[ 1485.331549][T19201]  do_syscall_64+0xfa/0x3b0
[ 1485.331570][T19201]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1485.331590][T19201]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1485.331605][T19201]  ? clear_bhb_loop+0x60/0xb0
[ 1485.331624][T19201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1485.331638][T19201] RIP: 0033:0x7faf08f8d33c
[ 1485.331656][T19201] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1485.331669][T19201] RSP: 002b:00007faf09ecc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1485.331686][T19201] RAX: ffffffffffffffda RBX: 00007faf091b5fa0 RCX: 00007faf08f8d33c
[ 1485.331697][T19201] RDX: 000000000000000f RSI: 00007faf09ecc0a0 RDI: 0000000000000005
[ 1485.331707][T19201] RBP: 00007faf09ecc090 R08: 0000000000000000 R09: 0000000000000000
[ 1485.331717][T19201] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[ 1485.331727][T19201] R13: 0000000000000000 R14: 00007faf091b5fa0 R15: 00007fff4646a478
[ 1485.331751][T19201]  </TASK>
[ 1485.332272][T19203] 9pnet_fd: Insufficient options for proto=fd
[ 1485.598096][T19196] ip6t_REJECT: TCP_RESET illegal for non-tcp
[ 1486.935374][T19206] ptrace attach of "./syz-executor exec"[17154] was attempted by ""[19206]
[ 1487.199103][T19213] netlink: 48 bytes leftover after parsing attributes in process `syz.9.3607'.
[ 1490.214952][T19231] No control pipe specified
[ 1491.487632][T19240] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1491.492837][T19240] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1491.495324][T19240] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1491.497324][T19240] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1491.504511][T19240] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1491.507381][T19240] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1491.639092][T19240] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1492.724365][T19259] ALSA: seq fatal error: cannot create timer (-22)
[ 1492.821878][T19264] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3621'.
[ 1492.891193][T19264] ipvlan2: entered promiscuous mode
[ 1493.047473][ T5876] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1493.227456][ T5876] usb 5-1: Using ep0 maxpacket: 32
[ 1493.258344][ T5876] usb 5-1: config 0 has an invalid interface number: 151 but max is 0
[ 1493.269256][ T5876] usb 5-1: config 0 has no interface number 0
[ 1493.277381][ T5876] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1493.290868][T18751] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1493.306714][ T5876] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[ 1493.317323][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1493.325969][ T5876] usb 5-1: Product: syz
[ 1493.381674][ T5876] usb 5-1: Manufacturer: syz
[ 1493.451828][T19276] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3623'.
[ 1493.497673][ T5876] usb 5-1: SerialNumber: syz
[ 1493.645365][T18751] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1493.656894][T18751] Bluetooth: hci0: command 0x040f tx timeout
[ 1493.669012][T18751] Bluetooth: hci4: command 0x041b tx timeout
[ 1493.682582][T18751] Bluetooth: hci3: command 0x0419 tx timeout
[ 1493.693620][T18751] Bluetooth: hci2: command 0x041b tx timeout
[ 1493.709833][T18751] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1493.837652][ T5876] usb 5-1: config 0 descriptor??
[ 1494.490961][T19283] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3625'.
[ 1495.355515][ T5876] usb 5-1: USB disconnect, device number 33
[ 1495.755185][T19298] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3629'.
[ 1496.345192][T19049] udevd[19049]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1496.472285][T19306] FAULT_INJECTION: forcing a failure.
[ 1496.472285][T19306] name failslab, interval 1, probability 0, space 0, times 0
[ 1496.495642][T19306] CPU: 0 UID: 0 PID: 19306 Comm: syz.9.3633 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1496.495674][T19306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1496.495686][T19306] Call Trace:
[ 1496.495694][T19306]  <TASK>
[ 1496.495703][T19306]  dump_stack_lvl+0x189/0x250
[ 1496.495739][T19306]  ? __pfx____ratelimit+0x10/0x10
[ 1496.495777][T19306]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1496.495807][T19306]  ? __pfx__printk+0x10/0x10
[ 1496.495835][T19306]  ? __pfx___might_resched+0x10/0x10
[ 1496.495862][T19306]  ? fs_reclaim_acquire+0x7d/0x100
[ 1496.495894][T19306]  should_fail_ex+0x414/0x560
[ 1496.495922][T19306]  should_failslab+0xa8/0x100
[ 1496.495950][T19306]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1496.495973][T19306]  ? input_allocate_device+0x4e/0x2a0
[ 1496.496008][T19306]  input_allocate_device+0x4e/0x2a0
[ 1496.496039][T19306]  uinput_ioctl_handler+0x142/0x1570
[ 1496.496068][T19306]  ? __pfx_uinput_ioctl_handler+0x10/0x10
[ 1496.496104][T19306]  ? ksys_write+0x1e1/0x250
[ 1496.496134][T19306]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1496.496163][T19306]  ? __pfx_uinput_ioctl+0x10/0x10
[ 1496.496188][T19306]  __se_sys_ioctl+0xfc/0x170
[ 1496.496213][T19306]  do_syscall_64+0xfa/0x3b0
[ 1496.496241][T19306]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1496.496270][T19306]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1496.496289][T19306]  ? clear_bhb_loop+0x60/0xb0
[ 1496.496313][T19306]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1496.496334][T19306] RIP: 0033:0x7f5af7f8e929
[ 1496.496353][T19306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1496.496372][T19306] RSP: 002b:00007f5af8ead038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1496.496394][T19306] RAX: ffffffffffffffda RBX: 00007f5af81b5fa0 RCX: 00007f5af7f8e929
[ 1496.496410][T19306] RDX: 0000000000000003 RSI: 000000004004556d RDI: 0000000000000003
[ 1496.496424][T19306] RBP: 00007f5af8ead090 R08: 0000000000000000 R09: 0000000000000000
[ 1496.496438][T19306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1496.496450][T19306] R13: 0000000000000000 R14: 00007f5af81b5fa0 R15: 00007fff06f389b8
[ 1496.496482][T19306]  </TASK>
[ 1496.502940][T19303] bridge_slave_0: left allmulticast mode
[ 1496.800271][T19303] bridge_slave_0: left promiscuous mode
[ 1496.845106][T19303] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1496.895927][T19303] bridge_slave_1: left allmulticast mode
[ 1496.913179][T19303] bridge_slave_1: left promiscuous mode
[ 1496.921694][T19303] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1496.942284][ T5957] libceph: connect (1)[c::]:6789 error -101
[ 1496.953204][ T5957] libceph: mon0 (1)[c::]:6789 connect error
[ 1496.975574][T19303] bond0: (slave bond_slave_0): Releasing backup interface
[ 1496.995427][T19303] bond0: (slave bond_slave_1): Releasing backup interface
[ 1497.033553][T19303] team0: Failed to send options change via netlink (err -105)
[ 1497.045189][T19303] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[ 1497.066624][T19303] team0: Port device team_slave_0 removed
[ 1497.077528][ T5876] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 1497.112061][T19303] team0: Failed to send options change via netlink (err -105)
[ 1497.125655][T19303] team0: Failed to send port change of device team_slave_1 via netlink (err -105)
[ 1497.143672][T19303] team0: Port device team_slave_1 removed
[ 1497.152776][T19303] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1497.171099][T19303] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1497.184534][T19303] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1497.206246][T19303] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1497.222996][ T5957] libceph: connect (1)[c::]:6789 error -101
[ 1497.230937][ T5957] libceph: mon0 (1)[c::]:6789 connect error
[ 1497.257624][ T5876] usb 5-1: Using ep0 maxpacket: 16
[ 1497.278410][ T5876] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1497.292292][ T5876] usb 5-1: config 1 has an invalid interface number: 206 but max is 0
[ 1497.318853][ T5876] usb 5-1: config 1 has no interface number 0
[ 1497.327148][T19309] team0: Failed to send options change via netlink (err -105)
[ 1497.340226][ T5876] usb 5-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[ 1497.352045][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1497.361747][T19309] team0: Mode changed to "loadbalance"
[ 1497.392428][ T5876] usb 5-1: Product: syz
[ 1497.399539][ T5876] usb 5-1: Manufacturer: syz
[ 1497.410195][ T5876] usb 5-1: SerialNumber: syz
[ 1497.722832][T19318] ceph: No mds server is up or the cluster is laggy
[ 1497.755705][ T5910] libceph: connect (1)[c::]:6789 error -101
[ 1497.766270][ T5910] libceph: mon0 (1)[c::]:6789 connect error
[ 1498.567850][ T8820] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[ 1498.727687][ T8820] usb 9-1: Using ep0 maxpacket: 16
[ 1498.760484][ T8820] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1498.871003][ T8820] usb 9-1: config 1 has an invalid interface number: 206 but max is 0
[ 1498.943501][ T8820] usb 9-1: config 1 has no interface number 0
[ 1499.059721][T19330] Invalid ELF header magic: != ELF
[ 1499.217125][T19332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1499.233192][T19332] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1499.434821][ T8820] usb 9-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[ 1499.476927][ T8820] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1499.488111][ T8820] usb 9-1: Product: syz
[ 1499.492369][ T8820] usb 9-1: Manufacturer: syz
[ 1499.497020][ T8820] usb 9-1: SerialNumber: syz
[ 1499.707067][T19338] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3639'.
[ 1500.169424][T19337] FAULT_INJECTION: forcing a failure.
[ 1500.169424][T19337] name failslab, interval 1, probability 0, space 0, times 0
[ 1500.399896][T19337] CPU: 0 UID: 0 PID: 19337 Comm: syz.5.3640 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1500.399932][T19337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1500.399947][T19337] Call Trace:
[ 1500.399956][T19337]  <TASK>
[ 1500.399966][T19337]  dump_stack_lvl+0x189/0x250
[ 1500.400003][T19337]  ? __pfx____ratelimit+0x10/0x10
[ 1500.400040][T19337]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1500.400071][T19337]  ? __pfx__printk+0x10/0x10
[ 1500.400096][T19337]  ? __pfx___might_resched+0x10/0x10
[ 1500.400125][T19337]  ? fs_reclaim_acquire+0x7d/0x100
[ 1500.400161][T19337]  should_fail_ex+0x414/0x560
[ 1500.400198][T19337]  should_failslab+0xa8/0x100
[ 1500.400229][T19337]  __kmalloc_noprof+0xcb/0x4f0
[ 1500.400252][T19337]  ? tomoyo_encode+0x28b/0x550
[ 1500.400287][T19337]  tomoyo_encode+0x28b/0x550
[ 1500.400322][T19337]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1500.400356][T19337]  ? tomoyo_domain+0xda/0x130
[ 1500.400393][T19337]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1500.400418][T19337]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1500.400446][T19337]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1500.400491][T19337]  ? __lock_acquire+0xab9/0xd20
[ 1500.400542][T19337]  ? __fget_files+0x2a/0x420
[ 1500.400573][T19337]  ? __fget_files+0x2a/0x420
[ 1500.400599][T19337]  ? __fget_files+0x3a0/0x420
[ 1500.400624][T19337]  ? __fget_files+0x2a/0x420
[ 1500.400658][T19337]  security_file_ioctl+0xcb/0x2d0
[ 1500.400686][T19337]  __se_sys_ioctl+0x47/0x170
[ 1500.400712][T19337]  do_syscall_64+0xfa/0x3b0
[ 1500.400741][T19337]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1500.400770][T19337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1500.400792][T19337]  ? clear_bhb_loop+0x60/0xb0
[ 1500.400817][T19337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1500.400837][T19337] RIP: 0033:0x7f0dfbd8e929
[ 1500.400856][T19337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1500.400874][T19337] RSP: 002b:00007f0dfcbd4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1500.400897][T19337] RAX: ffffffffffffffda RBX: 00007f0dfbfb6080 RCX: 00007f0dfbd8e929
[ 1500.400913][T19337] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1500.400928][T19337] RBP: 00007f0dfcbd4090 R08: 0000000000000000 R09: 0000000000000000
[ 1500.400942][T19337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1500.400954][T19337] R13: 0000000000000000 R14: 00007f0dfbfb6080 R15: 00007ffd5b50ea28
[ 1500.400988][T19337]  </TASK>
[ 1500.401012][T19337] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1500.881703][T19346] Invalid ELF header magic: != ELF
[ 1501.246499][T19346] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1501.262725][T19346] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1501.816392][ T5876] usb 5-1: USB disconnect, device number 34
[ 1501.987518][ T8820] usb 9-1: USB disconnect, device number 7
[ 1503.153068][ T5910] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 1503.490877][T19372] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3649'.
[ 1503.897441][ T5910] usb 5-1: Using ep0 maxpacket: 16
[ 1503.937572][ T5910] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 1503.967672][ T5910] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1503.989223][ T5910] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1504.015507][ T5910] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[ 1504.217313][ T5910] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[ 1504.709231][ T5910] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1504.728165][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1504.759735][ T5910] usb 5-1: SerialNumber: syz
[ 1504.771528][T19358] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1504.810544][ T5910] cdc_acm 5-1:1.0: Control and data interfaces are not separated!
[ 1504.847284][ T5910] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -12
[ 1505.056127][T19386] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3653'.
[ 1505.672932][T19387] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3652'.
[ 1505.690283][ T5910] usb 5-1: USB disconnect, device number 35
[ 1505.949177][T19396] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3654'.
[ 1506.693552][T19402] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3655'.
[ 1507.917453][T19410] netlink: 100 bytes leftover after parsing attributes in process `syz.8.3659'.
[ 1507.947676][T19410] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3659'.
[ 1507.997275][ T5950] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1508.167636][ T5950] usb 6-1: Using ep0 maxpacket: 16
[ 1508.181482][ T5950] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1508.201881][ T5950] usb 6-1: config 0 has no interface number 0
[ 1508.220804][ T5950] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1508.439529][ T5950] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1508.936110][ T5950] usb 6-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[ 1508.955612][ T5950] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1508.991918][ T5950] usb 6-1: config 0 descriptor??
[ 1509.416655][T19432] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3667'.
[ 1509.925057][ T5950] uclogic 0003:28BD:0071.0007: pen parameters not found
[ 1510.007474][ T5950] uclogic 0003:28BD:0071.0007: interface is invalid, ignoring
[ 1510.044412][ T5950] usb 6-1: USB disconnect, device number 27
[ 1510.206292][T19443] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3670'.
[ 1510.941562][T19451] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3672'.
[ 1511.982823][T19467] netlink: 48 bytes leftover after parsing attributes in process `syz.8.3676'.
[ 1512.258161][T19471] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3678'.
[ 1512.760942][T19476] 9pnet_fd: Insufficient options for proto=fd
[ 1512.830741][T19477] No control pipe specified
[ 1513.993623][T19488] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3681'.
[ 1514.759502][T19500] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3685'.
[ 1515.463629][T19494] fanotify: failed to encode fid (type=0, len=0, err=-2)
[ 1516.218366][T17035] libceph: connect (1)[c::]:6789 error -101
[ 1516.224529][T17035] libceph: mon0 (1)[c::]:6789 connect error
[ 1516.517116][T19513] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3688'.
[ 1516.762054][T14047] libceph: connect (1)[c::]:6789 error -101
[ 1516.773463][T14047] libceph: mon0 (1)[c::]:6789 connect error
[ 1517.313025][T14047] libceph: connect (1)[c::]:6789 error -101
[ 1517.325000][T14047] libceph: mon0 (1)[c::]:6789 connect error
[ 1517.895754][T19503] ceph: No mds server is up or the cluster is laggy
[ 1518.003222][T19524] 9pnet_fd: Insufficient options for proto=fd
[ 1518.008700][T19525] FAULT_INJECTION: forcing a failure.
[ 1518.008700][T19525] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1518.041428][T19525] CPU: 0 UID: 0 PID: 19525 Comm: syz.5.3693 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1518.041461][T19525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1518.041475][T19525] Call Trace:
[ 1518.041484][T19525]  <TASK>
[ 1518.041493][T19525]  dump_stack_lvl+0x189/0x250
[ 1518.041530][T19525]  ? __pfx____ratelimit+0x10/0x10
[ 1518.041560][T19525]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1518.041590][T19525]  ? __pfx__printk+0x10/0x10
[ 1518.041626][T19525]  should_fail_ex+0x414/0x560
[ 1518.041656][T19525]  _copy_to_user+0x31/0xb0
[ 1518.041699][T19525]  simple_read_from_buffer+0xe1/0x170
[ 1518.041734][T19525]  proc_fail_nth_read+0x1df/0x250
[ 1518.041768][T19525]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1518.041797][T19525]  ? rw_verify_area+0x258/0x650
[ 1518.041814][T19525]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1518.041836][T19525]  vfs_read+0x1fd/0x980
[ 1518.041857][T19525]  ? __pfx___mutex_lock+0x10/0x10
[ 1518.041880][T19525]  ? __pfx_vfs_read+0x10/0x10
[ 1518.041898][T19525]  ? __fget_files+0x2a/0x420
[ 1518.041921][T19525]  ? __fget_files+0x3a0/0x420
[ 1518.041939][T19525]  ? __fget_files+0x2a/0x420
[ 1518.041966][T19525]  ksys_read+0x145/0x250
[ 1518.041981][T19525]  ? __fget_files+0x2a/0x420
[ 1518.042002][T19525]  ? __pfx_ksys_read+0x10/0x10
[ 1518.042023][T19525]  ? do_syscall_64+0xbe/0x3b0
[ 1518.042048][T19525]  do_syscall_64+0xfa/0x3b0
[ 1518.042069][T19525]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1518.042089][T19525]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1518.042105][T19525]  ? clear_bhb_loop+0x60/0xb0
[ 1518.042124][T19525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1518.042138][T19525] RIP: 0033:0x7f0dfbd8d33c
[ 1518.042153][T19525] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1518.042166][T19525] RSP: 002b:00007f0dfcbf5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1518.042182][T19525] RAX: ffffffffffffffda RBX: 00007f0dfbfb5fa0 RCX: 00007f0dfbd8d33c
[ 1518.042194][T19525] RDX: 000000000000000f RSI: 00007f0dfcbf50a0 RDI: 0000000000000004
[ 1518.042204][T19525] RBP: 00007f0dfcbf5090 R08: 0000000000000000 R09: 0000000000000000
[ 1518.042213][T19525] R10: 0000200000000ac0 R11: 0000000000000246 R12: 0000000000000001
[ 1518.042223][T19525] R13: 0000000000000000 R14: 00007f0dfbfb5fa0 R15: 00007ffd5b50ea28
[ 1518.042246][T19525]  </TASK>
[ 1518.275240][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1518.297004][T19528] dummy0: entered promiscuous mode
[ 1518.303241][T19528] bond0: entered promiscuous mode
[ 1518.308395][T19528] bond_slave_0: entered promiscuous mode
[ 1518.314205][T19528] bond_slave_1: entered promiscuous mode
[ 1518.321499][T19528] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[ 1518.329259][T19528] Cannot create hsr debugfs directory
[ 1518.334852][T19528] hsr1: entered allmulticast mode
[ 1518.340001][T19528] dummy0: entered allmulticast mode
[ 1518.345216][T19528] bond0: entered allmulticast mode
[ 1518.350410][T19528] bond_slave_0: entered allmulticast mode
[ 1518.358418][T19528] bond_slave_1: entered allmulticast mode
[ 1518.492764][T14047] libceph: connect (1)[c::]:6789 error -101
[ 1518.566874][T14047] libceph: mon0 (1)[c::]:6789 connect error
[ 1518.641401][T19531] No control pipe specified
[ 1519.409070][T19541] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3698'.
[ 1520.535863][T19549] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3703'.
[ 1520.557333][ T5950] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[ 1520.770992][ T5950] usb 9-1: Using ep0 maxpacket: 16
[ 1520.839744][ T5950] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1521.040158][ T5950] usb 9-1: config 1 has an invalid interface number: 206 but max is 0
[ 1521.178241][T19552] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3696'.
[ 1521.192482][ T5950] usb 9-1: config 1 has no interface number 0
[ 1521.209523][T19558] netlink: 'syz.7.3704': attribute type 11 has an invalid length.
[ 1521.247162][ T5950] usb 9-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[ 1521.292171][ T5950] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1521.357426][ T5950] usb 9-1: Product: syz
[ 1521.361697][ T5950] usb 9-1: Manufacturer: syz
[ 1521.397104][ T5950] usb 9-1: SerialNumber: syz
[ 1522.377165][T19571] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3705'.
[ 1523.653804][T19566] Invalid ELF header magic: != ELF
[ 1523.826513][ T5950] usb 9-1: USB disconnect, device number 8
[ 1524.155480][T15237] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[ 1524.608707][T15237] usb 10-1: Using ep0 maxpacket: 32
[ 1524.642378][ T5950] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[ 1525.224728][T15237] usb 10-1: too many endpoints for config 1 interface 0 altsetting 0: 127, using maximum allowed: 30
[ 1525.257366][T15237] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1525.298403][ T5950] usb 9-1: Using ep0 maxpacket: 32
[ 1525.306341][T19580] ceph: No mds server is up or the cluster is laggy
[ 1525.358238][T19597] netlink: 'syz.4.3713': attribute type 2 has an invalid length.
[ 1525.717502][T15237] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1525.733557][ T5950] usb 9-1: config 0 has an invalid interface number: 151 but max is 0
[ 1525.752130][T15237] usb 10-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[ 1525.762325][ T5950] usb 9-1: config 0 has no interface number 0
[ 1525.772455][ T5950] usb 9-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1525.796830][T15237] usb 10-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 127
[ 1525.819957][ T5950] usb 9-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[ 1525.843825][ T5950] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1525.863435][T15237] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1525.887279][T15237] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1525.896043][ T5950] usb 9-1: Product: syz
[ 1525.947616][ T5950] usb 9-1: Manufacturer: syz
[ 1525.953938][T15237] usb 10-1: SerialNumber: syz
[ 1525.963873][ T5950] usb 9-1: SerialNumber: syz
[ 1525.976777][T19579] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[ 1525.994146][ T5950] usb 9-1: config 0 descriptor??
[ 1526.025331][T15237] cdc_acm 10-1:1.0: Control and data interfaces are not separated!
[ 1526.041040][T15237] cdc_acm 10-1:1.0: This needs exactly 3 endpoints
[ 1526.202782][T15237] cdc_acm 10-1:1.0: probe with driver cdc_acm failed with error -22
[ 1527.289911][T19610] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3717'.
[ 1528.439627][ T5950] usb 9-1: USB disconnect, device number 9
[ 1528.506282][T19352] udevd[19352]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1528.660810][T19616] FAULT_INJECTION: forcing a failure.
[ 1528.660810][T19616] name failslab, interval 1, probability 0, space 0, times 0
[ 1528.674979][T19616] CPU: 0 UID: 0 PID: 19616 Comm: syz.4.3716 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1528.675010][T19616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1528.675023][T19616] Call Trace:
[ 1528.675040][T19616]  <TASK>
[ 1528.675049][T19616]  dump_stack_lvl+0x189/0x250
[ 1528.675088][T19616]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1528.675121][T19616]  ? __pfx__printk+0x10/0x10
[ 1528.675160][T19616]  should_fail_ex+0x414/0x560
[ 1528.675190][T19616]  should_failslab+0xa8/0x100
[ 1528.675220][T19616]  __kmalloc_noprof+0xcb/0x4f0
[ 1528.675245][T19616]  ? security_prepare_creds+0x52/0x390
[ 1528.675280][T19616]  security_prepare_creds+0x52/0x390
[ 1528.675312][T19616]  prepare_creds+0x497/0x6c0
[ 1528.675341][T19616]  lookup_user_key+0x2dd/0x1090
[ 1528.675373][T19616]  ? __pfx_lookup_user_key+0x10/0x10
[ 1528.675399][T19616]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[ 1528.675432][T19616]  ? strncpy_from_user+0x150/0x290
[ 1528.675454][T19616]  __se_sys_add_key+0x2f5/0x400
[ 1528.675475][T19616]  ? __pfx___se_sys_add_key+0x10/0x10
[ 1528.675502][T19616]  ? do_syscall_64+0xbe/0x3b0
[ 1528.675527][T19616]  ? __x64_sys_add_key+0x20/0xc0
[ 1528.675548][T19616]  do_syscall_64+0xfa/0x3b0
[ 1528.675571][T19616]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1528.675594][T19616]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1528.675611][T19616]  ? clear_bhb_loop+0x60/0xb0
[ 1528.675632][T19616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1528.675649][T19616] RIP: 0033:0x7faf08f8e929
[ 1528.675665][T19616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1528.675680][T19616] RSP: 002b:00007faf09e8a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[ 1528.675699][T19616] RAX: ffffffffffffffda RBX: 00007faf091b6160 RCX: 00007faf08f8e929
[ 1528.675712][T19616] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140
[ 1528.675723][T19616] RBP: 00007faf09e8a090 R08: fffffffffffffffe R09: 0000000000000000
[ 1528.675735][T19616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1528.675744][T19616] R13: 0000000000000000 R14: 00007faf091b6160 R15: 00007fff4646a478
[ 1528.675770][T19616]  </TASK>
[ 1528.893213][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1529.248187][ T5886] usb 10-1: USB disconnect, device number 2
[ 1529.958182][ T5876] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1529.970154][T19622] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3718'.
[ 1530.957457][T15237] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[ 1531.158381][T15237] usb 9-1: Using ep0 maxpacket: 16
[ 1531.198724][T15237] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1531.235523][T15237] usb 9-1: config 1 has an invalid interface number: 206 but max is 0
[ 1531.259906][T15237] usb 9-1: config 1 has no interface number 0
[ 1531.285967][T15237] usb 9-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[ 1531.321996][T15237] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1531.344712][T15237] usb 9-1: Product: syz
[ 1531.367266][T15237] usb 9-1: Manufacturer: syz
[ 1531.375754][T15237] usb 9-1: SerialNumber: syz
[ 1532.051886][T19642] Invalid ELF header magic: != ELF
[ 1532.744119][T19647] FAULT_INJECTION: forcing a failure.
[ 1532.744119][T19647] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1532.757469][T19647] CPU: 1 UID: 0 PID: 19647 Comm: syz.9.3727 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1532.757509][T19647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1532.757526][T19647] Call Trace:
[ 1532.757537][T19647]  <TASK>
[ 1532.757548][T19647]  dump_stack_lvl+0x189/0x250
[ 1532.757585][T19647]  ? __pfx____ratelimit+0x10/0x10
[ 1532.757616][T19647]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1532.757648][T19647]  ? __pfx__printk+0x10/0x10
[ 1532.757670][T19647]  ? __might_fault+0xb0/0x130
[ 1532.757709][T19647]  should_fail_ex+0x414/0x560
[ 1532.757740][T19647]  _copy_from_iter+0x1db/0x16f0
[ 1532.757784][T19647]  ? __pfx__copy_from_iter+0x10/0x10
[ 1532.757820][T19647]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[ 1532.757848][T19647]  ? skb_put+0x11b/0x210
[ 1532.757875][T19647]  hci_sock_sendmsg+0x422/0xef0
[ 1532.757907][T19647]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[ 1532.757938][T19647]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1532.757963][T19647]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[ 1532.757989][T19647]  __sock_sendmsg+0x21c/0x270
[ 1532.758023][T19647]  sock_write_iter+0x258/0x330
[ 1532.758055][T19647]  ? __pfx_sock_write_iter+0x10/0x10
[ 1532.758097][T19647]  ? bpf_lsm_file_permission+0x9/0x20
[ 1532.758124][T19647]  ? security_file_permission+0x75/0x290
[ 1532.758160][T19647]  vfs_write+0x548/0xa90
[ 1532.758191][T19647]  ? __pfx_sock_write_iter+0x10/0x10
[ 1532.758221][T19647]  ? __pfx_vfs_write+0x10/0x10
[ 1532.758257][T19647]  ? __fget_files+0x2a/0x420
[ 1532.758296][T19647]  ksys_write+0x145/0x250
[ 1532.758324][T19647]  ? __pfx_ksys_write+0x10/0x10
[ 1532.758345][T19647]  ? rcu_is_watching+0x15/0xb0
[ 1532.758383][T19647]  ? do_syscall_64+0xbe/0x3b0
[ 1532.758418][T19647]  do_syscall_64+0xfa/0x3b0
[ 1532.758451][T19647]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1532.758473][T19647]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1532.758499][T19647]  ? clear_bhb_loop+0x60/0xb0
[ 1532.758526][T19647]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1532.758548][T19647] RIP: 0033:0x7f5af7f8e929
[ 1532.758567][T19647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1532.758585][T19647] RSP: 002b:00007f5af8e6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1532.758609][T19647] RAX: ffffffffffffffda RBX: 00007f5af81b6160 RCX: 00007f5af7f8e929
[ 1532.758625][T19647] RDX: 0000000000000138 RSI: 00002000000002c0 RDI: 0000000000000009
[ 1532.758640][T19647] RBP: 00007f5af8e6b090 R08: 0000000000000000 R09: 0000000000000000
[ 1532.758653][T19647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1532.758666][T19647] R13: 0000000000000000 R14: 00007f5af81b6160 R15: 00007fff06f389b8
[ 1532.758701][T19647]  </TASK>
[ 1533.456349][T19650] FAULT_INJECTION: forcing a failure.
[ 1533.456349][T19650] name failslab, interval 1, probability 0, space 0, times 0
[ 1533.456456][T19650] CPU: 1 UID: 0 PID: 19650 Comm: syz.9.3729 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1533.456485][T19650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1533.456498][T19650] Call Trace:
[ 1533.456507][T19650]  <TASK>
[ 1533.456517][T19650]  dump_stack_lvl+0x189/0x250
[ 1533.456553][T19650]  ? __pfx____ratelimit+0x10/0x10
[ 1533.456586][T19650]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1533.456617][T19650]  ? __pfx__printk+0x10/0x10
[ 1533.456657][T19650]  should_fail_ex+0x414/0x560
[ 1533.456689][T19650]  should_failslab+0xa8/0x100
[ 1533.456719][T19650]  __kmalloc_noprof+0xcb/0x4f0
[ 1533.456743][T19650]  ? bit_cursor+0xeb5/0x1f80
[ 1533.456781][T19650]  bit_cursor+0xeb5/0x1f80
[ 1533.456826][T19650]  ? enable_work+0x1c4/0x2c0
[ 1533.456858][T19650]  ? __pfx_bit_cursor+0x10/0x10
[ 1533.456905][T19650]  ? __pfx_bit_cursor+0x10/0x10
[ 1533.456935][T19650]  ? fbcon_cursor+0x4e5/0x740
[ 1533.456969][T19650]  con_flush_chars+0x1f9/0x280
[ 1533.456991][T19650]  con_write+0x2e/0x40
[ 1533.457031][T19650]  n_tty_write+0xd32/0x11d0
[ 1533.457089][T19650]  ? __pfx_n_tty_write+0x10/0x10
[ 1533.457114][T19650]  ? __pfx_woken_wake_function+0x10/0x10
[ 1533.457142][T19650]  ? file_tty_write+0x2e8/0x990
[ 1533.457169][T19650]  ? rcu_is_watching+0x15/0xb0
[ 1533.457200][T19650]  ? kfree+0x4d/0x440
[ 1533.457223][T19650]  ? __pfx_n_tty_write+0x10/0x10
[ 1533.457249][T19650]  file_tty_write+0x503/0x990
[ 1533.457290][T19650]  vfs_write+0x548/0xa90
[ 1533.457320][T19650]  ? __pfx_tty_write+0x10/0x10
[ 1533.457351][T19650]  ? __pfx_vfs_write+0x10/0x10
[ 1533.457388][T19650]  ? __fget_files+0x2a/0x420
[ 1533.457434][T19650]  ksys_write+0x145/0x250
[ 1533.457461][T19650]  ? __pfx_ksys_write+0x10/0x10
[ 1533.457482][T19650]  ? rcu_is_watching+0x15/0xb0
[ 1533.457519][T19650]  ? do_syscall_64+0xbe/0x3b0
[ 1533.457554][T19650]  do_syscall_64+0xfa/0x3b0
[ 1533.457585][T19650]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1533.457606][T19650]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1533.457629][T19650]  ? clear_bhb_loop+0x60/0xb0
[ 1533.457656][T19650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1533.457676][T19650] RIP: 0033:0x7f5af7f8e929
[ 1533.457696][T19650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1533.457715][T19650] RSP: 002b:00007f5af8ead038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1533.457738][T19650] RAX: ffffffffffffffda RBX: 00007f5af81b5fa0 RCX: 00007f5af7f8e929
[ 1533.457755][T19650] RDX: 0000000000001006 RSI: 0000200000002080 RDI: 0000000000000004
[ 1533.457770][T19650] RBP: 00007f5af8ead090 R08: 0000000000000000 R09: 0000000000000000
[ 1533.457784][T19650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1533.457796][T19650] R13: 0000000000000000 R14: 00007f5af81b5fa0 R15: 00007fff06f389b8
[ 1533.457831][T19650]  </TASK>
[ 1533.487659][T15237] usb 9-1: USB disconnect, device number 10
[ 1533.602307][T19654] ªªªªª»: renamed from hsr0 (while UP)
[ 1533.664049][T19651] tmpfs: Bad value for 'mpol'
[ 1534.268923][T19665] snd_dummy snd_dummy.0: control 0:0:4:syz0:-8 is already present
[ 1534.779715][T19670] FAULT_INJECTION: forcing a failure.
[ 1534.779715][T19670] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1534.779752][T19670] CPU: 0 UID: 0 PID: 19670 Comm: syz.8.3734 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1534.779778][T19670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1534.779791][T19670] Call Trace:
[ 1534.779800][T19670]  <TASK>
[ 1534.779809][T19670]  dump_stack_lvl+0x189/0x250
[ 1534.779845][T19670]  ? __pfx____ratelimit+0x10/0x10
[ 1534.779875][T19670]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1534.779907][T19670]  ? __pfx__printk+0x10/0x10
[ 1534.779928][T19670]  ? __might_fault+0xb0/0x130
[ 1534.779966][T19670]  should_fail_ex+0x414/0x560
[ 1534.779995][T19670]  _copy_from_iter+0x1db/0x16f0
[ 1534.780038][T19670]  ? __pfx__copy_from_iter+0x10/0x10
[ 1534.780066][T19670]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[ 1534.780102][T19670]  ? skb_put+0x11b/0x210
[ 1534.780129][T19670]  hci_sock_sendmsg+0x422/0xef0
[ 1534.780160][T19670]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[ 1534.780190][T19670]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1534.780214][T19670]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[ 1534.780240][T19670]  __sock_sendmsg+0x21c/0x270
[ 1534.780273][T19670]  sock_write_iter+0x258/0x330
[ 1534.780303][T19670]  ? __pfx_sock_write_iter+0x10/0x10
[ 1534.780343][T19670]  ? bpf_lsm_file_permission+0x9/0x20
[ 1534.780370][T19670]  ? security_file_permission+0x75/0x290
[ 1534.780406][T19670]  vfs_write+0x548/0xa90
[ 1534.780435][T19670]  ? __pfx_sock_write_iter+0x10/0x10
[ 1534.780463][T19670]  ? __pfx_vfs_write+0x10/0x10
[ 1534.780499][T19670]  ? __fget_files+0x2a/0x420
[ 1534.780537][T19670]  ksys_write+0x145/0x250
[ 1534.780563][T19670]  ? __pfx_ksys_write+0x10/0x10
[ 1534.780592][T19670]  ? rcu_is_watching+0x15/0xb0
[ 1534.780628][T19670]  ? do_syscall_64+0xbe/0x3b0
[ 1534.780662][T19670]  do_syscall_64+0xfa/0x3b0
[ 1534.780690][T19670]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1534.780718][T19670]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1534.780738][T19670]  ? clear_bhb_loop+0x60/0xb0
[ 1534.780764][T19670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1534.780784][T19670] RIP: 0033:0x7fdc0df8e929
[ 1534.780803][T19670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1534.780821][T19670] RSP: 002b:00007fdc0ed39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1534.780843][T19670] RAX: ffffffffffffffda RBX: 00007fdc0e1b5fa0 RCX: 00007fdc0df8e929
[ 1534.780859][T19670] RDX: 0000000000000006 RSI: 0000200000000300 RDI: 0000000000000004
[ 1534.780872][T19670] RBP: 00007fdc0ed39090 R08: 0000000000000000 R09: 0000000000000000
[ 1534.780886][T19670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1534.780899][T19670] R13: 0000000000000000 R14: 00007fdc0e1b5fa0 R15: 00007ffc529af988
[ 1534.780931][T19670]  </TASK>
[ 1536.427329][T19676] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1536.490553][T19676] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1536.491761][T19676] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1536.492289][T19676] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1536.492883][T19676] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1536.493039][T19676] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1536.493202][T19676] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1537.920467][T19703] dummy0: entered promiscuous mode
[ 1537.927771][T19703] bond0: entered promiscuous mode
[ 1537.932861][T19703] bond_slave_0: entered promiscuous mode
[ 1537.938888][T19703] bond_slave_1: entered promiscuous mode
[ 1537.946177][T19703] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1537.953935][T19703] Cannot create hsr debugfs directory
[ 1537.961629][T19703] hsr0: entered allmulticast mode
[ 1537.966714][T19703] dummy0: entered allmulticast mode
[ 1537.972140][T19703] bond0: entered allmulticast mode
[ 1537.977430][T19703] bond_slave_0: entered allmulticast mode
[ 1537.983196][T19703] bond_slave_1: entered allmulticast mode
[ 1538.197785][T12256] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1538.267630][T19707] 9pnet_fd: Insufficient options for proto=fd
[ 1538.525906][T19709] 9pnet_fd: Insufficient options for proto=fd
[ 1538.606151][T19710] No control pipe specified
[ 1538.634400][T12256] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1538.637272][T12241] Bluetooth: hci2: command 0x041b tx timeout
[ 1538.640826][T12256] Bluetooth: hci3: command 0x0419 tx timeout
[ 1538.646609][T12241] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1538.652791][T12256] Bluetooth: hci0: command 0x040f tx timeout
[ 1538.652834][T12256] Bluetooth: hci4: command 0x041b tx timeout
[ 1539.092239][T19709] No control pipe specified
[ 1539.687545][T19712] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1539.687798][T19712] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1539.687996][T19712] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1539.688197][T19712] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1539.688391][T19712] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1539.688580][T19712] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1539.688769][T19712] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1539.718942][T19716] snd_dummy snd_dummy.0: control 0:0:4:syz0:-8 is already present
[ 1539.885296][T19723] ip6t_REJECT: TCP_RESET illegal for non-tcp
[ 1541.965808][ T8720] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1541.972592][T12241] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1541.972724][T12256] Bluetooth: hci0: command 0x040f tx timeout
[ 1541.978698][T12241] Bluetooth: hci4: command 0x041b tx timeout
[ 1541.984729][T18751] Bluetooth: hci3: command 0x0419 tx timeout
[ 1541.990749][T15686] Bluetooth: hci2: command 0x041b tx timeout
[ 1541.996844][T12256] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1542.578618][T19746] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3754'.
[ 1542.597000][T19746] netlink: 32 bytes leftover after parsing attributes in process `syz.8.3754'.
[ 1543.424460][T19748] sctp: [Deprecated]: syz.9.3755 (pid 19748) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1543.424460][T19748] Use struct sctp_sack_info instead
[ 1543.915805][T19758] netlink: 79 bytes leftover after parsing attributes in process `syz.9.3758'.
[ 1543.915932][T19758] netlink: 79 bytes leftover after parsing attributes in process `syz.9.3758'.
[ 1544.281477][  T980] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[ 1544.527453][  T980] usb 9-1: device descriptor read/64, error -71
[ 1544.767429][  T980] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[ 1544.897283][  T980] usb 9-1: device descriptor read/64, error -71
[ 1545.007814][  T980] usb usb9-port1: attempt power cycle
[ 1545.229444][T19770] bond0: entered promiscuous mode
[ 1545.367376][  T980] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[ 1545.614345][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1545.615737][  T980] usb 9-1: device descriptor read/8, error -71
[ 1546.343860][T19773] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1546.350425][T19773] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1546.359880][T19773] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1546.377388][T19773] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1546.387745][T19773] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1546.415948][T19773] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1546.426697][T19773] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1546.549310][  T980] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[ 1546.707819][  T980] usb 9-1: device descriptor read/8, error -71
[ 1547.019509][T19787] syz.4.3766 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1547.030580][  T980] usb usb9-port1: unable to enumerate USB device
[ 1547.817389][T12256] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1548.388772][ T5910] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[ 1548.436634][T12256] Bluetooth: hci0: command 0x040f tx timeout
[ 1548.443639][T19738] Bluetooth: hci4: command 0x041b tx timeout
[ 1548.449813][T19738] Bluetooth: hci3: command 0x0419 tx timeout
[ 1548.453272][ T5824] Bluetooth: hci2: command 0x041b tx timeout
[ 1548.487409][ T5824] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1548.487480][T12256] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1549.301184][ T5910] usb 5-1: config 0 has an invalid interface number: 113 but max is 0
[ 1549.322844][ T5910] usb 5-1: config 0 has no interface number 0
[ 1549.412991][ T5910] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[ 1549.670729][ T5910] usb 5-1: config 0 interface 113 has no altsetting 0
[ 1550.087441][ T5910] usb 5-1: string descriptor 0 read error: -71
[ 1550.093811][ T5910] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[ 1550.106118][T19797] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1550.194977][T19812] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3772'.
[ 1550.657504][T12256] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1550.719413][T19797] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1550.747423][T19797] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1550.761631][T19797] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1550.768013][T19797] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1550.774375][T19797] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1550.886594][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1550.887849][T19797] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1550.908360][ T5910] usb 5-1: config 0 descriptor??
[ 1550.927680][ T5910] usb 5-1: can't set config #0, error -71
[ 1550.940980][ T5910] usb 5-1: USB disconnect, device number 36
[ 1551.223579][T19828] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3777'.
[ 1551.679152][T19820] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1551.685756][T19820] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1551.692293][T19820] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1551.698645][T19820] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1551.705069][T19820] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1551.711705][T19820] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1551.718127][T19820] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1553.687395][T12256] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1553.769023][T12256] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1553.775124][T12256] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1553.775517][T19844] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3782'.
[ 1553.885901][T15686] Bluetooth: hci3: command 0x0419 tx timeout
[ 1553.887606][T12241] Bluetooth: hci2: command 0x041b tx timeout
[ 1553.893624][T19738] Bluetooth: hci4: command 0x041b tx timeout
[ 1554.483103][ T5824] Bluetooth: hci0: command 0x040f tx timeout
[ 1555.980233][T19867] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3788'.
[ 1556.295884][T19872] batadv_slave_0: entered promiscuous mode
[ 1556.302308][T19872] batadv_slave_0: entered allmulticast mode
[ 1556.662973][T19876] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3789'.
[ 1557.457720][T13709] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1557.818838][ T5886] libceph: connect (1)[c::]:6789 error -101
[ 1557.832964][ T5886] libceph: mon0 (1)[c::]:6789 connect error
[ 1557.986945][T13709] usb 5-1: Using ep0 maxpacket: 16
[ 1558.009904][T13709] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1558.038095][T13709] usb 5-1: config 1 has an invalid interface number: 206 but max is 0
[ 1558.063866][T13709] usb 5-1: config 1 has no interface number 0
[ 1558.113536][T13709] usb 5-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[ 1558.483109][T19899] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3795'.
[ 1558.514394][ T5886] libceph: connect (1)[c::]:6789 error -101
[ 1558.530764][ T5886] libceph: mon0 (1)[c::]:6789 connect error
[ 1558.540415][T13709] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1558.548679][T13709] usb 5-1: Product: syz
[ 1558.552946][T13709] usb 5-1: Manufacturer: syz
[ 1558.557682][T13709] usb 5-1: SerialNumber: syz
[ 1558.566056][T19887] ceph: No mds server is up or the cluster is laggy
[ 1559.820894][T19911] Invalid ELF header magic: != ELF
[ 1559.909671][T19911] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1559.920461][T19911] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1560.698957][T13709] usb 5-1: USB disconnect, device number 37
[ 1560.768527][T19903] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1560.899670][T19919] 9pnet_fd: Insufficient options for proto=fd
[ 1561.131900][T19921] No control pipe specified
[ 1561.769098][T19931] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3805'.
[ 1561.808883][T13709] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1562.217438][T13709] usb 6-1: Using ep0 maxpacket: 16
[ 1562.230945][T13709] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1562.260749][T13709] usb 6-1: config 1 has an invalid interface number: 206 but max is 0
[ 1562.269588][T13709] usb 6-1: config 1 has no interface number 0
[ 1562.302883][T13709] usb 6-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[ 1562.328523][T13709] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1562.347970][T13709] usb 6-1: Product: syz
[ 1562.356750][T13709] usb 6-1: Manufacturer: syz
[ 1562.391848][T13709] usb 6-1: SerialNumber: syz
[ 1562.805680][T19937] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1562.814543][T19937] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1562.823215][T19937] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1562.833402][T19937] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1562.844320][T19937] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1562.854910][T19937] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1562.867602][T19937] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1564.298215][T19924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1564.307111][T19924] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1564.372183][T19946] Invalid ELF header magic: != ELF
[ 1564.772817][ T5824] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1564.824458][T13709] usb 6-1: USB disconnect, device number 29
[ 1564.877603][T15237] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1564.885450][ T5910] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[ 1564.888700][ T5824] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1564.899255][T12256] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1564.905407][T12256] Bluetooth: hci0: command 0x040f tx timeout
[ 1564.911746][T19738] Bluetooth: hci4: command 0x041b tx timeout
[ 1564.911837][T15686] Bluetooth: hci2: command 0x041b tx timeout
[ 1564.926359][T12241] Bluetooth: hci3: command 0x0419 tx timeout
[ 1565.088372][T19965] 9pnet_fd: Insufficient options for proto=fd
[ 1565.106624][T15237] usb 5-1: Using ep0 maxpacket: 8
[ 1565.117280][ T5910] usb 10-1: Using ep0 maxpacket: 16
[ 1565.154123][T15237] usb 5-1: config 252 has an invalid interface number: 138 but max is 0
[ 1565.171144][T15237] usb 5-1: config 252 has no interface number 0
[ 1565.183853][T19966] No control pipe specified
[ 1565.199571][ T5910] usb 10-1: unable to get BOS descriptor or descriptor too short
[ 1565.215413][T15237] usb 5-1: config 252 interface 138 altsetting 30 endpoint 0x5 has invalid maxpacket 512, setting to 64
[ 1565.284137][T15237] usb 5-1: config 252 interface 138 has no altsetting 0
[ 1565.307757][ T5910] usb 10-1: config 1 has an invalid interface number: 206 but max is 0
[ 1565.335009][ T5910] usb 10-1: config 1 has no interface number 0
[ 1565.357852][T15237] usb 5-1: New USB device found, idVendor=0424, idProduct=7801, bcdDevice=32.4b
[ 1565.398617][ T5910] usb 10-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[ 1565.437249][T15237] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1565.741034][ T5910] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1565.831319][ T5910] usb 10-1: Product: syz
[ 1565.835635][ T5910] usb 10-1: Manufacturer: syz
[ 1565.841606][ T5910] usb 10-1: SerialNumber: syz
[ 1566.141625][T19957] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3814'.
[ 1566.141655][T19957] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3814'.
[ 1566.148034][T19957] ip6gretap1: entered allmulticast mode
[ 1566.155470][T15237] usb 5-1: string descriptor 0 read error: -71
[ 1566.334045][T19971] snd_dummy snd_dummy.0: control 0:0:4:syz0:-8 is already present
[ 1566.785817][T15237] usb 5-1: USB disconnect, device number 38
[ 1567.352444][T19976] netlink: 'syz.5.3819': attribute type 3 has an invalid length.
[ 1567.603723][T19975] Invalid ELF header magic: != ELF
[ 1568.567584][ T5910] usb 10-1: USB disconnect, device number 3
[ 1568.610716][T19994] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3825'.
[ 1569.575951][T19990] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1569.586308][T19990] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1569.597329][T19990] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1569.615459][T19990] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1569.627782][T19990] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1569.636872][T19990] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1569.653456][T19990] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 1570.357968][T20015] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3828'.
[ 1570.368922][T20012] netlink: 'syz.9.3829': attribute type 30 has an invalid length.
[ 1570.418286][T20009] Invalid ELF header magic: != ELF
[ 1570.485870][T20012] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1570.495964][T20012] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1570.505121][T20012] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1570.514565][T20012] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1570.844809][T12241] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1570.972537][T20012] netdevsim netdevsim9 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1570.981845][T20012] netdevsim netdevsim9 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1570.991743][T20012] netdevsim netdevsim9 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1571.001490][T20012] netdevsim netdevsim9 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[ 1571.607372][T12241] Bluetooth: hci3: command 0x0419 tx timeout
[ 1571.613741][T12241] Bluetooth: hci2: command 0x041b tx timeout
[ 1571.685428][ T5886] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1571.717610][T15686] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1571.723772][T15686] Bluetooth: hci0: command 0x040f tx timeout
[ 1571.730063][T12241] Bluetooth: hci6: command 0x0c1a tx timeout
[ 1571.741756][T15686] Bluetooth: hci4: command 0x041b tx timeout
[ 1572.278907][T20042] FAULT_INJECTION: forcing a failure.
[ 1572.278907][T20042] name failslab, interval 1, probability 0, space 0, times 0
[ 1572.291747][T20042] CPU: 0 UID: 0 PID: 20042 Comm: syz.9.3839 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1572.291777][T20042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1572.291791][T20042] Call Trace:
[ 1572.291802][T20042]  <TASK>
[ 1572.291813][T20042]  dump_stack_lvl+0x189/0x250
[ 1572.291851][T20042]  ? __pfx____ratelimit+0x10/0x10
[ 1572.291883][T20042]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1572.291914][T20042]  ? __pfx__printk+0x10/0x10
[ 1572.291943][T20042]  ? __pfx___might_resched+0x10/0x10
[ 1572.291972][T20042]  ? fs_reclaim_acquire+0x7d/0x100
[ 1572.292009][T20042]  should_fail_ex+0x414/0x560
[ 1572.292044][T20042]  should_failslab+0xa8/0x100
[ 1572.292076][T20042]  __kmalloc_noprof+0xcb/0x4f0
[ 1572.292101][T20042]  ? video_usercopy+0x18f/0x14f0
[ 1572.292127][T20042]  video_usercopy+0x18f/0x14f0
[ 1572.292153][T20042]  ? smk_tskacc+0x2fc/0x370
[ 1572.292188][T20042]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1572.292209][T20042]  ? __pfx_video_usercopy+0x10/0x10
[ 1572.292228][T20042]  ? smack_file_ioctl+0x2a9/0x340
[ 1572.292276][T20042]  ? __fget_files+0x2a/0x420
[ 1572.292303][T20042]  ? __fget_files+0x3a0/0x420
[ 1572.292336][T20042]  v4l2_ioctl+0x18a/0x1e0
[ 1572.292370][T20042]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1572.292402][T20042]  __se_sys_ioctl+0xfc/0x170
[ 1572.292427][T20042]  do_syscall_64+0xfa/0x3b0
[ 1572.292460][T20042]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1572.292481][T20042]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1572.292502][T20042]  ? clear_bhb_loop+0x60/0xb0
[ 1572.292529][T20042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1572.292550][T20042] RIP: 0033:0x7f5af7f8e929
[ 1572.292570][T20042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1572.292589][T20042] RSP: 002b:00007f5af8e6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1572.292613][T20042] RAX: ffffffffffffffda RBX: 00007f5af81b6160 RCX: 00007f5af7f8e929
[ 1572.292629][T20042] RDX: 00002000000001c0 RSI: 00000000c0d05640 RDI: 0000000000000007
[ 1572.292644][T20042] RBP: 00007f5af8e6b090 R08: 0000000000000000 R09: 0000000000000000
[ 1572.292658][T20042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1572.292672][T20042] R13: 0000000000000000 R14: 00007f5af81b6160 R15: 00007fff06f389b8
[ 1572.292711][T20042]  </TASK>
[ 1572.525537][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1572.561241][ T5886] usb 5-1: Using ep0 maxpacket: 32
[ 1572.582234][ T5886] usb 5-1: config 0 has an invalid interface number: 151 but max is 0
[ 1572.622394][ T5886] usb 5-1: config 0 has no interface number 0
[ 1572.681941][ T5886] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1572.856500][ T5886] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[ 1572.866796][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1572.885179][ T5886] usb 5-1: Product: syz
[ 1572.909952][ T5886] usb 5-1: Manufacturer: syz
[ 1572.914626][ T5886] usb 5-1: SerialNumber: syz
[ 1572.965609][ T5886] usb 5-1: config 0 descriptor??
[ 1572.983958][T20046] 9pnet_fd: Insufficient options for proto=fd
[ 1573.178466][T20047] No control pipe specified
[ 1574.288346][T20053] 9pnet_fd: Insufficient options for proto=fd
[ 1574.393541][T20056] No control pipe specified
[ 1574.884835][T20055] ip6t_REJECT: TCP_RESET illegal for non-tcp
[ 1575.434650][ T5886] usb 5-1: USB disconnect, device number 39
[ 1575.462369][T19916] udevd[19916]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1575.717598][ T5910] usb 9-1: new full-speed USB device number 15 using dummy_hcd
[ 1576.139611][ T5910] usb 9-1: config 0 has an invalid interface number: 160 but max is 0
[ 1576.139645][ T5910] usb 9-1: config 0 has no interface number 0
[ 1576.140090][ T5910] usb 9-1: config 0 interface 160 altsetting 64 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1576.140118][ T5910] usb 9-1: config 0 interface 160 has no altsetting 0
[ 1576.148327][ T5910] usb 9-1: New USB device found, idVendor=3612, idProduct=d032, bcdDevice=56.e4
[ 1576.148352][ T5910] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1576.148368][ T5910] usb 9-1: Product: syz
[ 1576.148380][ T5910] usb 9-1: Manufacturer: syz
[ 1576.148392][ T5910] usb 9-1: SerialNumber: syz
[ 1576.153102][ T5910] usb 9-1: config 0 descriptor??
[ 1576.155094][ T5910] usb-storage 9-1:0.160: USB Mass Storage device detected
[ 1576.384748][T20061] xt_policy: neither incoming nor outgoing policy selected
[ 1577.010952][T20078] snd_dummy snd_dummy.0: control 0:0:4:syz0:-8 is already present
[ 1577.403362][T20086] 9pnet_fd: Insufficient options for proto=fd
[ 1578.002739][  T980] usb 9-1: USB disconnect, device number 15
[ 1578.273686][T20096] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3853'.
[ 1579.470085][T20069] snd_dummy snd_dummy.0: control 0:0:4:syz0:-8 is already present
[ 1580.137259][  T980] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[ 1580.168458][   T31] INFO: task syz-executor:10364 blocked for more than 144 seconds.
[ 1580.168486][   T31]       Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0
[ 1580.168501][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1580.168513][   T31] task:syz-executor    state:D stack:21696 pid:10364 tgid:10364 ppid:1      task_flags:0x400140 flags:0x00004004
[ 1580.168575][   T31] Call Trace:
[ 1580.168586][   T31]  <TASK>
[ 1580.168602][   T31]  __schedule+0x16a2/0x4cb0
[ 1580.168744][   T31]  ? __lock_acquire+0xa61/0xd20
[ 1580.168779][   T31]  ? schedule+0x165/0x360
[ 1580.168812][   T31]  ? __pfx___schedule+0x10/0x10
[ 1580.168859][   T31]  ? schedule+0x91/0x360
[ 1580.168892][   T31]  schedule+0x165/0x360
[ 1580.168924][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1580.168952][   T31]  __mutex_lock+0x724/0xe80
[ 1580.168986][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1580.169024][   T31]  ? nfsd_shutdown_threads+0x4e/0xd0
[ 1580.169056][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1580.169086][   T31]  ? net_generic+0x1e/0x240
[ 1580.169119][   T31]  ? net_generic+0x1e/0x240
[ 1580.169144][   T31]  ? net_generic+0x1e/0x240
[ 1580.169166][   T31]  ? net_generic+0x1e/0x240
[ 1580.169197][   T31]  nfsd_shutdown_threads+0x4e/0xd0
[ 1580.169227][   T31]  nfsd_umount+0x42/0xd0
[ 1580.169258][   T31]  deactivate_locked_super+0xb9/0x130
[ 1580.169285][   T31]  cleanup_mnt+0x425/0x4c0
[ 1580.169320][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1580.169355][   T31]  task_work_run+0x1d4/0x260
[ 1580.169386][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1580.169411][   T31]  ? __x64_sys_umount+0x122/0x160
[ 1580.169443][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1580.169477][   T31]  exit_to_user_mode_loop+0xec/0x110
[ 1580.169507][   T31]  do_syscall_64+0x2bd/0x3b0
[ 1580.169547][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1580.169579][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1580.169602][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1580.169630][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1580.169652][   T31] RIP: 0033:0x7fe76cb8fc57
[ 1580.169674][   T31] RSP: 002b:00007ffcbf8c97a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1580.169701][   T31] RAX: 0000000000000000 RBX: 00007fe76cc10925 RCX: 00007fe76cb8fc57
[ 1580.169719][   T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcbf8c9860
[ 1580.169735][   T31] RBP: 00007ffcbf8c9860 R08: 0000000000000000 R09: 0000000000000000
[ 1580.169750][   T31] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcbf8ca8f0
[ 1580.169767][   T31] R13: 00007fe76cc10925 R14: 000000000015d6aa R15: 00007ffcbf8ca930
[ 1580.169804][   T31]  </TASK>
[ 1580.169880][   T31] 
[ 1580.169880][   T31] Showing all locks held in the system:
[ 1580.169894][   T31] 1 lock held by khungtaskd/31:
[ 1580.169909][   T31]  #0: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1580.169994][   T31] 6 locks held by kworker/0:2/980:
[ 1580.170008][   T31]  #0: ffff8881442a6d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1580.170077][   T31]  #1: ffffc90003827bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1580.170152][   T31]  #2: ffff888144b33198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[ 1580.170219][   T31]  #3: ffff888144f68510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21a3/0x4a00
[ 1580.170284][   T31]  #4: ffff888027d2b668 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21cb/0x4a00
[ 1580.170349][   T31]  #5: ffffffff8edc8df0 (ehci_cf_port_reset_rwsem){.+.+}-{4:4}, at: hub_port_reset+0x163/0x1750
[ 1580.170430][   T31] 2 locks held by getty/5581:
[ 1580.170443][   T31]  #0: ffff8880309f40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1580.170510][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1580.170609][   T31] 2 locks held by syz-executor/10364:
[ 1580.170623][   T31]  #0: ffff888059c860e0 (&type->s_umount_key#90){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0
[ 1580.170687][   T31]  #1: ffffffff8e41b5c8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x4e/0xd0
[ 1580.170759][   T31] 2 locks held by kworker/u8:14/16064:
[ 1580.170778][   T31] 2 locks held by syz.2.3173/17633:
[ 1580.170792][   T31]  #0: ffffffff8f563770 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[ 1580.170856][   T31]  #1: ffffffff8e41b5c8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x12a/0x1650
[ 1580.170960][   T31] 1 lock held by syz.7.3848/20083:
[ 1580.170971][   T31] 1 lock held by syz.8.3853/20092:
[ 1580.170981][   T31] 3 locks held by syz.5.3856/20101:
[ 1580.170991][   T31] 1 lock held by syz.9.3858/20107:
[ 1580.171001][   T31] 1 lock held by syz.9.3858/20108:
[ 1580.171011][   T31]  #0: ffff8880325d3660 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock_killable+0x1d/0x70
[ 1580.171059][   T31] 5 locks held by syz.9.3858/20110:
[ 1580.171071][   T31] 
[ 1580.171076][   T31] =============================================
[ 1580.171076][   T31] 
[ 1580.171092][   T31] NMI backtrace for cpu 1
[ 1580.171104][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1580.171121][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1580.171130][   T31] Call Trace:
[ 1580.171137][   T31]  <TASK>
[ 1580.171143][   T31]  dump_stack_lvl+0x189/0x250
[ 1580.171165][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1580.171183][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1580.171205][   T31]  ? __pfx__printk+0x10/0x10
[ 1580.171229][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1580.171254][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1580.171270][   T31]  ? _printk+0xcf/0x120
[ 1580.171288][   T31]  ? __pfx__printk+0x10/0x10
[ 1580.171304][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1580.171325][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1580.171345][   T31]  watchdog+0xfee/0x1030
[ 1580.171366][   T31]  ? watchdog+0x1de/0x1030
[ 1580.171390][   T31]  kthread+0x711/0x8a0
[ 1580.171408][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1580.171425][   T31]  ? __pfx_kthread+0x10/0x10
[ 1580.171442][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1580.171460][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1580.171478][   T31]  ? __pfx_kthread+0x10/0x10
[ 1580.171495][   T31]  ret_from_fork+0x3fc/0x770
[ 1580.171517][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1580.171547][   T31]  ? __switch_to_asm+0x39/0x70
[ 1580.171560][   T31]  ? __switch_to_asm+0x33/0x70
[ 1580.171573][   T31]  ? __pfx_kthread+0x10/0x10
[ 1580.171590][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1580.171616][   T31]  </TASK>
[ 1580.171622][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1580.171663][    C0] NMI backtrace for cpu 0
[ 1580.171677][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1580.171698][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1580.171709][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1580.171735][    C0] Code: c3 dd 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 45 28 00 f3 0f 1e fa fb f4 <e9> 98 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1580.171750][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2
[ 1580.171766][    C0] RAX: 4573ce1f0dc0a800 RBX: ffffffff81974c88 RCX: 4573ce1f0dc0a800
[ 1580.171786][    C0] RDX: 0000000000000001 RSI: ffffffff8d96e815 RDI: ffffffff8be1b940
[ 1580.171799][    C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb
[ 1580.171812][    C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8f9fdbf0
[ 1580.171826][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50
[ 1580.171838][    C0] FS:  0000000000000000(0000) GS:ffff888125c84000(0000) knlGS:0000000000000000
[ 1580.171853][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1580.171865][    C0] CR2: 0000200000034000 CR3: 0000000086430000 CR4: 00000000003526f0
[ 1580.171883][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1580.171894][    C0] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1580.171905][    C0] Call Trace:
[ 1580.171912][    C0]  <TASK>
[ 1580.171919][    C0]  default_idle+0x13/0x20
[ 1580.171935][    C0]  default_idle_call+0x74/0xb0
[ 1580.171951][    C0]  do_idle+0x1e8/0x510
[ 1580.171980][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1580.172018][    C0]  cpu_startup_entry+0x44/0x60
[ 1580.172045][    C0]  rest_init+0x2de/0x300
[ 1580.172061][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[ 1580.172088][    C0]  start_kernel+0x47d/0x500
[ 1580.172116][    C0]  x86_64_start_reservations+0x24/0x30
[ 1580.172135][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1580.172153][    C0]  common_startup_64+0x13e/0x147
[ 1580.172181][    C0]  </TASK>
[ 1580.172646][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1580.172661][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[ 1580.172680][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1580.172690][   T31] Call Trace:
[ 1580.172697][   T31]  <TASK>
[ 1580.172705][   T31]  dump_stack_lvl+0x99/0x250
[ 1580.172728][   T31]  ? __asan_memcpy+0x40/0x70
[ 1580.172748][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1580.172771][   T31]  ? __pfx__printk+0x10/0x10
[ 1580.172796][   T31]  panic+0x2db/0x790
[ 1580.172816][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1580.172842][   T31]  ? __pfx_panic+0x10/0x10
[ 1580.172863][   T31]  ? __pfx_delay_tsc+0x10/0x10
[ 1580.172880][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1580.172907][   T31]  ? irq_work_queue+0xc3/0x140
[ 1580.172933][   T31]  watchdog+0x102d/0x1030
[ 1580.172960][   T31]  ? watchdog+0x1de/0x1030
[ 1580.172985][   T31]  kthread+0x711/0x8a0
[ 1580.173004][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1580.173023][   T31]  ? __pfx_kthread+0x10/0x10
[ 1580.173041][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1580.173060][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1580.173080][   T31]  ? __pfx_kthread+0x10/0x10
[ 1580.173097][   T31]  ret_from_fork+0x3fc/0x770
[ 1580.173120][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1580.173145][   T31]  ? __switch_to_asm+0x39/0x70
[ 1580.173159][   T31]  ? __switch_to_asm+0x33/0x70
[ 1580.173173][   T31]  ? __pfx_kthread+0x10/0x10
[ 1580.173191][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1580.173218][   T31]  </TASK>
[ 1580.173388][   T31] Kernel Offset: disabled