last executing test programs:

2m46.430824769s ago: executing program 2 (id=903):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}, 0x1, 0x0, 0x0, 0x8084}, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x8810, &(0x7f0000000080)={0xa, 0x4ea0, 0x4, @loopback={0xff00000000000000}, 0x2ab8f1b6}, 0x1c)

2m42.689222648s ago: executing program 2 (id=908):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x7c, 0x400}, [@ldst={0x6, 0x3}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x41000, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x3, 0x10000}, 0x10}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x48081)
shutdown(0xffffffffffffffff, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'macvlan1\x00'})
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0xfffc, 0x7, @empty, 0x200}, 0x1c)
setsockopt(r3, 0x1, 0x9, &(0x7f0000000040), 0x29)

2m40.629884114s ago: executing program 2 (id=910):
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0xa41)
syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/uts\x00')
pipe2(&(0x7f0000000200)={0x0, 0x0}, 0x0)
fanotify_init(0x200, 0x0)
io_uring_setup(0x7fdb, 0x0)
fanotify_init(0x200, 0x0)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
listen(r0, 0x1ad72f7)
accept4$netrom(r0, 0x0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$netlink(0x10, 0x3, 0x10)
epoll_create1(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x15, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$key(0xf, 0x3, 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r2, @ANYRES64=r1, @ANYBLOB="00e97b379b04b5aad967c1e35beb7415a836d18ad75ecc3ca2081c5201370ffefcf7c0472683884537781b9d595268e8c93eb05dc9b70665ca981559cebe98a473a02cd607db01000000f84852914ce5682df8e1f54e413cea1a6ebf27d4e853aeead80e10aa4951ebb7c1a797e4bff17e143a1dbedddc5271a7e37579ac2ea76831a363f5187f99cb20783ab5d6bba73bc45477ee"], 0x20)

2m38.369733124s ago: executing program 2 (id=917):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb"], 0x0, 0x26}, 0x28)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={0x0})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x48e02, 0x0)
close(r1)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
io_setup(0x1, &(0x7f0000000040)=<r2=>0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="14"], 0x14}, 0x1, 0x0, 0x0, 0x4810}, 0x8000)
io_submit(r2, 0x1, &(0x7f0000000440)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x1, r1, &(0x7f0000000100)="653de841f0", 0x5, 0x8000}])

2m37.978567459s ago: executing program 2 (id=920):
r0 = socket$kcm(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000010007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
sendmsg$inet(r0, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b0700fc670000e4a17c45c8d260c9", 0x33fe0}], 0x1}, 0x600) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001cc0)=ANY=[@ANYBLOB="b702000000f0ff00bfa300000000000007030000f0ffffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7e38e52c997b03b72b3d0ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da00000080f24bf901115e17392ac66ad029d1c00000614600d53daeacea799a22812a1b3cab4d785c908c54f7a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b48610e9eefbda7f54f82a804d4a69bf9bc5fa77ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c2815df09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa9a1681989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a62ec45c3af97a8f17da954aff3ec8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde0745db06753a7ac70af2df2c772b0031fe13cab6692402a47e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cac8b4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf1301800000ff14a99202d9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ec7966130b547dbd8b0000f0a77fbcf2cd1d0000002000000000000928ee53595a779d243a48cea769470424d28804c026ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf90040662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cdfba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f64293091c989f72dcbbad3fdcd6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5d81e750d506d7a59a3ad09e8802e8f4f535447cc0fc9d5f89a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd11642d5577fb9030036bce9c764c714c9402c21d181aa0820d89f235a3f1c5fc853e59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa809000008e1d41e1dcf6e6879545b92bd49000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84937e859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af40fffe0000000000749efd3763655500344bae34137f5ab0d534b8d43e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b850580994484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b00cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe44dc87c92332af00f191b66b6a6f7323e8faffc0886f4af7fc100dcb39c77a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a437367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85cff7f000000002c331fca0e541b7ca211c28ed61c5257080f61ae96c18cc7130000000000002100000000000000000000000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce4616d42b07199de8b99231ace58c77819ee2b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e604bae6b13df468ad87a6c769f952283a1f4e3842edb3d40c68a2001000006dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa671e934e94d1eb3de6a5f99f301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6e9a84aebe6e6e79900369c17b0ed16acdce1b12b70000000000f4e8cdbadbec962a7edc91c6b80f53e3b19c372e40e2139ff4c1180365eb5b71d834eb0293e252b96e6c90ec4d23cc42e88d262c1fdc317c7c000000acbc1248f2389d7fbcc10a377cc4e28460c0516534bdb3ff372bfd94efa0d32b214b39cea885557d39265a1c5e08c29914db042aa4fe23a92f387ae6d7565d3ca6ceb040f859de2e47f6c04bc55f3b81249faf3a505ac0d29e053b9c1832e8a25a54ae433e43036b032518200e2875736fc139a344bf3bf4d8f6f57e5c4b7f62a23758cb30e43f1974b14d4f3e1a8ce71995ce28564a50f418af2b6f22a7c70c2213ec629288604aa1a9f418487c864af9368a08bd37eecb0a810c5c24d7a82c07a8e68caa7ff2eaf100f6fd4c3af07d7a86b34f2f4d34abf2f92f1a41a330a4e8fbb4876393b38f79573cb53c263090d620a37ea25cde9445ccb74ebc22156465f4871436b44981455eccc221a8251f71c047203ac4d62b0012cab329a5d9003ceff42b007aa61880da20b0ad83ae368a19d2827840b8d00f92745508e63cddaac6d2d3c6cb03d512c5be9e7fd86e461e1e6a228e630029dbeddf37a6990c75ff6dcb6f32f61e59e3bf97f48954fd7908ab05e74815d909548b277bf5c4570eaeb265f4ffeacc3a4ec2edb261d53d09ebb6bdf811e2a4ef0be6392d86a5285a7fd2e4345e14786abafdd4852d3d62c334760c05e1bba37d0f0742c53242596e13bc22682ae15694aaaadef41bbd7185b74feaf59dea096a23a48c9eb3be5c546eda0f4b07916ab14e12839318e953f15fab94c9ba783015ebb6983d514e3b1f246f0a63c5a58cc2be0cb179791ec1b9a3e7e62c165ae39855182266b36ce9d2943c49a7f9a2a89a948b37f2bb830ea790a2b2c2fcd06bc499434dda842cfa91b2df4368f07eb2410aa387d146bccd22698f8f322fbdf4cddf11fd3b85325af8df473c8f156833e5488f31165e6a56d4c1c661bcbefcefd10f47b2e593b836be67bdc15c3b7fb497ecbca1506a577e81947505553dfdfe963c20c12575c4abc45cf9229af181317fde5262a73600f90e7457280ff4229507178c5df9acc273a7be76f6596b2ac36a2d28627e0012f989d7f7a20f2b38eef5efc339b8784ad5fe6fac77926d83a73e3647a6351c23d7e51cf459e5d169d42566b012193338f67612c22eab89fb14a40edd2694696048f9d51d26fa256eede4a9b5dd3508f9308883194ab3b0661d51b18dbdca9b5f70a91db8fc9b19291664eccc8274340eef00c743588b0ae4e7280db3b7bce3041a5bb9fced08059a2518eaf35df7388a518965a9b4c6ee27872be887b37319370a4587e50f28060b963a6e4d73b338f4e8929bc5ada66b6920c633119d17c090e72daa679c6e5bb155710679660004705fd8d4cac660fc32554a20feb5d74cafe562aff12fe126abf5927205867d5fca4a4ff8c7d0933cdfaf5864f4dae435d1ab9e711f48cd03f4cc130b54e18428341e675968ac19509fe7bff5ef0e55d71987e44027e29d02ac36f3c486bcf22f86170cbeeee2a5eb3adadb7d906f25c73df5cd22a8d1ca00b027a1ab966ab4799e631a21042685fc8c05d5e04ab21a66c5f221dabdac52b43a5980b1efb49d9e03d05f4d1a8756085d0305ff3c4cec8500000000000000000000924f7fdfa25a3331d13a50233f70742f16f6e13bd716905299ab21864ec9d3a93b1de03592b73b327348427508a2dcb953dd23e42adfc18fc891a247ba5c7ebd7fa6da7e3ef3d11d4b1bb534b48064aed03c5850c12abf87240b65221a64ec331c31ce394dad6142619893bff5c810f53dbd875837705ad5139a31ff058aacd51eed21216e0bd179cb00bf02af8dc25be8f318bca707c05a0235b86f37606e1cfbc9ee5cd9741c7648713b24107697039cc40aa538c24e8934cd88238237b21f0a901c488c55178984597ef91e7a8d60081cf34081b5df32ef9a89a25203093b8cbb5cd416d189cffcbdb6a336e3adefa39ea04e2c425864c766283829db5c2beb709da87edcee6b682f18abcac4fb9d785beb2f840079b54dfb9a8ab1a6bf4eea20bb51804ec3d3848bfd11ba6a42bc2823559b70eaed4c673e0e834611b6fec4816ee94c62e88b13037d02cffd561f9bb97d6569114d0e6a7170e229ab9e938c18a568184bd6759e5c3526fbcb46da794c5bcb6303f8a4abfe0d37a0d757c686b0b5171892f867020778fcc567a21b04e684e9da29e86c3e392564f93b38d7bec00e82cd32e2a521a715ae603c12ff286ca67757d74553ce8607a1c5c4856e50094904bf08ecde97b7c513bf64252e839439b65ae0125fd8e9c6d142ee7a6af20cd5370396db6f616fb9e5a2824a5cd9c10000000000000000000000000000fd6a689d6779abe81e6aa2c63fce0faf9531a700c8cc02ea5d83f57fbfaee919668e9ba4776f2d5a1d544ea17288de3895fc39713fe150efeb27d43fcc1b53c00a4ade36652ecdb7fab04afa69e2b6611c0233670808a206578c5a7d0266ccf6c80ec69b22c8c71c6d8a057b71d39b18f15311dd7149a75f91ce676516532c0b89e0a2d4323080444686a790eca0390eea32e6fb0bd40b79e2c86d01435be3ba1224970c7e10e4bc54323decb110fb66f25477e309041ce13c8d8b077ead176bc45c5050a88acae7f8aaf962a990e6269de74cb1a915b85c01019066f2858cf322a21ebec7e060da478e31f943e7c31bbdb43c26702a0257e7103b4d532336dc6f0bd5d33a6f7d1134872859afb35a4e0731b38d3a914ed3aa376917b0bc84f5"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) (async)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000003c0)={r3, <r4=>0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0}) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x4}, 0x50)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r2, 0xc03064b7, &(0x7f0000000040)={r6, r4, r5, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0xfffffffd, 0xfff}) (async)
ioctl$FBIOGETCMAP(0xffffffffffffffff, 0x4604, &(0x7f0000000480)={0x1, 0x3, &(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x0, 0xe, 0x0, &(0x7f0000000200)="63eced8e2613c2b346dc3f0a7387", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000140)=0x15) (async)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f00000002c0)=0x7e) (async)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000300)) (async)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000040)=0x9) (async)
r8 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
io_submit(0x0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r8, 0x0}]) (async)
ioctl$VT_GETSTATE(r8, 0x5603, &(0x7f0000000140)={0x6, 0x47b9, 0x6}) (async)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000280)={0x0, <r9=>0x0}, &(0x7f0000000300)=0xc)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000300)=ANY=[], 0x20}, {&(0x7f0000005ec0)=ANY=[@ANYBLOB="fc2600002600020027bd7000fbdbdf254c00e4800400d4800400ae8004004180117c77a98c685c826ed799884bb2818524dc6baeef84052f51575d1bfc77ef216ce05192f74a60d16e291f026828e3b5a5ac297ee6a591bc0400d48040012a8004006980af7c4356fca13d912db2fb86541aba08fc70e61e42b12ab371881dfb4023d3e0d97dfaaa1455fea0845447b3bcced0137ceef8971b9977946da37e90c789f13f00764df8af50295abb8c825dafce7e01c6c1d843f449696f57d0a258755501aaa1c8e2d2fe936a000ff206003fb2feca334b37de081be6e6a237aeb3ae2618d2f763f71c153a8a42b34be5cf1d705f85f782af6a11ca6fa0d4974ad644a9a0ca5886422ed9cf7b54c514ac70d59094b857a216c0088fddf6780bf2f2b46b9667356002d5ede34fca0d1ead2d951dd334ed19c12af5166a6a0ab9faca53c4648b149b2c45f918eb110cc59dfd072cb39f4d1a0d9eeb706726f24cc605300afc1d5925c7d809f0129c72351bbd6f7d797faa91521767d9b9022d1915c6eec739cb6da979021cbc1ab70e9618eaeff351b64ec4e57d0400918059ebf891a95ca4ed83f3d980c913bc8684d2df7a00bd152c77a80a944493a976d3e3ee5f5feb7e215d72bd577ecc8c2b4cad6a41d726eebcebf071c02008cb8aedde4d345d7b5e198ef8ed60cf1bdb38110931f7b6c5027158b987c730314846f877aa1267f45fee993b56c1f99887c8849f5b44b6afce4a0c13763670831c76bc36441d9775c01d64c72f0f9b616007cc6b1e4b695943b1b37e5205098ef8baa5d8386241520ca3bb03233788db950234719d09f1c33518a92b49d98369215a4701af3dff488a55e768cb49aacd085b476fb8e0004700b2e9d602d9059541f97c9473634a544f0abe46c5479a191cd48d938e0a3158bb64b0b040f772dcace4c9fe969bebc62ecc4797adfad72006760c2030d9f07bbd5a406e820b26fa3408b9861296ebbbbff7043294ce2312323fc5fb1c078713551f51e173006a3911eaa3ddb5820c0b38b4756e087da5d6259d52d56687a73d892ad768bb6fb8ff76b78bc3499baed0319f8919e851ec0014129527d06c3aea2cfaa779ce85df0d4381e31981eb1c921c5625542570e46a366a6d231580dc6999dd14acec9b888eabef50c5611d901c74aa628f057b1ce1020baa93e6aaafa5462d9ea9fed82f6a33d8b679e22c4c39b51ad3667deb58bd55af9875da2608740582281428b2104be5d3ccd1c954410d93006095bde01f87fe76994822a957d10c381624014133dc253ef6a7d518d6324438e2ddefc61cf0c1b39f38bc59341f30f3de76f4869fdb6b43932534fa70af253cc023cff352804064bedbb41fe9a2643bfc213216b16bcc6c91133c9cfe35d92184debeeaa4cb885073ca88cd0017004007705145b05c3a9ae9b9bc8be4036c5330f364da165cfcd7b14beb9234f39a8ec3b9b7b826f42738c7b634323ecf0af2ac3c9ae8e1123272a442e59583fc1b02e0ac85751525b51e933e54ad60a87fe9e5c04ebdf05b07b08e84d661fa43ce3cacd68a3ba5244a0beafcdd6cf428eca5a1a45cd3f09f6390574d909384e2b287ccf010f97ca69127c06edb6cc6db316350ef61c58c6e2c796fd4526c3979e343bf86512f4b571af5dbfefc4c3cab6c7db5a9a717011c19857043816c33d72ee7396c80a79304c9ec00000051b17d47f67cfc37d4764567353cb742569dd58f6e7c22796683bc811089b5c121e2c388d141c47c93701186064edd55868f91b71dbb6135c9322115c53eebbcafb9bbc5cb92b4326760941ec17612f699570fefeb680caa2b1fe9e48bb18d51fb21a119d9089999f49272d8a1d710f35216fee4f11057ea90d848cadf386aea84c2406ad65cddd0946e1e09f6e071aa442eba1660d7d7d9adf3b0a2976b88cbb00926d8d132b573aa29192d7ec18675130837befb8127150f48fb8db7fdb699638ef166cd24a5694219b56b5d2b3227f9c280c599c45592ea495b71e0fdff1f63c0357363f2d9fbfc612379a817246c159f556c228a444e56cea044aaff578b948397d2e15acd9c78ce6eb7f12670629e37844a19bfd03e446776a5fcf31dd6ca54146fd791267a4b73bcd3a511cbe99d4720ba2fa6599aafd7a9f363f514f945474330efd9149655f925008cbac48a971bfd4eeb008c25e28d9d554191696477dabbceca9f88f54d905be506bec83fbcc78d322d15a498ceceb3f6b760c1b4bfdb6772ae7adfb1eb9e277b946b0d332a8b3391b087b8186b7e27da95dae4ddfe74221ef17634d3b05e3f9c34cc5e225973c2dd91f726ddac71e04d5fbc919068bf45d1a6dc945a88b48ae1223bfad29c433a76dbe34a5b87d5580a19bed4b210de83ce828a1f5c4278cd31d3da41ce5c0f97c0ae09162407e65d00e59d3f1011b743b13f1329a7dfad1c30d82ee109136074a8cb5d015fc368624a24b802a2c5ee26e610a62efcb7b33bc911356d011989db669e23e8416f2671b81fe2bc376653f0c8d131c372201f1b2a6096cc42e17eb3c3d883ddde82e4d724bede0d163c1563f3cbe837609b27f4d391f9d4bf014d69294bed19ef7909116b6fbb80ea217f4f5e74f1923808e054b94495b547445092842d10b0a9e30db4edba7f27bdede651ff2364ba2079ff9ce951a7d17e340e630d87fe2160f39942cb4ec21d5944fb8d9ce62b911b6f1f4981246fb0e3a766a337e2fdc62433d17e6a198c257f94dcae11d3b9b3dec9a6de4fea8a6819e0caf5e3a65963cd4ff21a659d5ca6f1d783e869f3637cc04d2013dcc26c12521948753e33672938efdb3bd42e8fc8449804c642cc71c7437979a49b7656dffb6446b3c0ab6538184613251cc61155d1c24ffc3f58781fe4a292a01ad0444ed2d7bcbf135215801a41c063c629b82261c67950951ea52056adf19cc84b2e41ab4ec1607cb29b267cc812ccf1c6afcf9e1416bc40bb7167656236dcb77d3aa51e3142397f05cd8c4110b1d3b8af598efb8f8781825e42a605a3090d40a87f0abed8ea343dffb08a9cad1655de7bba0c4958f0dc2ead0ff36ef04f7f488a1601d921d12ebab18bc35fea231501e1e6246fbf0fd852b1c1afb1c35a4c13d527c0500bc86e5e988cd21f5df1817429ce67678d02e9e75adb2d142b8f8e4f31fc7f00659a607a611a4129322d6d739953fd7b125e1a1c1bc7c1b2ed79bc5d0f28616488d27ba22517cc4f18d183bd594a08f0dae714364acac17a901345f8f707dfb1e15910ab486e9c26cb009385b710555f891b6dff267cbd5fc85df03bf50bc135c13a211cf31f05e38fea3cc0804dd1079a75a87023e198de2f03dbdd2734b0e927ef7c5b64a3b3d78bd4eefc993a710c71210b0bb1c840ad612cdc344f7c9b707a434a59063c2129ea7a2ecb1fb59647d43bdeff25361125c3a2e9e7d74f7a0e96c11a271bc6ff6d7702baee040a0023597030a2ac44c4cc3f3fdd5a96972d68c051930662626a93bf77480793fce5ae365cc792c352ad4b1ef9dad21bfb4d9c75f11070e57b3b21ae6d5bdc1254fc4183a0a2e34e56c3fbf23747a5f236b1487caf92e34936a4e2b696fc1ae1ecf4836ce4d6ea35a8f64136e34f5cd9f696f5f7206e47c263e9bbcfcbbb90ae97116dab78e2559df9b734c9c3040fc42fea46dfdd55f2ca636ea8ff5aa16650b5ac3a03321fcabd4f5a3a877dee8dba627e5d3486b2166049364d4e3553d55cf9def25520a1ef7c057239242ed4d3838856692befbe40e80c49c831345e2131e2826dc4f205ec72dd62e9cad869ff2692ce1b864379fa6060e40934b8919b4bb3d9389093b096a7ed8e245202d599832b61a354b93829a928316693f035703885d47d13f78cb32592bdef41d4f24808670e9cccb7f0869ebbbd996a99c7434def5b6274d7568c2845a58d5220bd80d9e92b712eb5e5f31428779429ace8d3695220d45e7d917907b9f5b3ba0848bec993af4fd07fb9feaa85b3beb0957cdc2ef85387766b4a3daf29f1eca4b62596bec3c3a1fcfbaadfd49d5e529544251e50ee6118b45276a8ef4575cdc31b75692802a226f76041472c21d82cb62aa20559097a4fe1f1dffd1f51231e6284801e96d68af2374e17a9ce2de6cc4acf764370a95356fdb1a6ce9648966436315adade91aae05e00e710aea79e9d0ae7cb88040a22b95746c4c7cb68fb5ab1a4db72332ae3dd136ebae44690157da0ad66784c5ab736925053729bb59a52729ea1fdb0e5e600594747084f950c003a9bdb2e69325188ca97d6a51ce690f9776abffd5473b3fd4b5bafa50736db66a7793c837f46612d2c1cbaeff33881e8c5cc592d97359160b1b91329a76f7a4747c16aaa295c522697d713b6e359bb10864259cf897a174d624887468a4c9fe3fc159ca1d1df7130fcd80df83597995089dde917540136ddc74736c0df94282b63c03557551c850e0ace4a77f022630e1006867bfbefff72704f39a261080cf3e91d152fb5a744366a1aa3b4a28662b0904ede3b725af0323453a3713104f096bed797ab8f8bccad127dcba46008e2261af87486eb8267563f095d241001b54990047a386c111c38fdb45d37eab9ca3aac7581ea00a3c4e32551913b7fe47ecc87d0c0d2e03253abf25f33b9e6b27ed7d9a39a01c1384dd8cc4491370601efc4b109050ab12eac4390fcf15693955b2e687c13bfafe1eab5e764466318259e14d8fa3c91b36bb2a4583e6d39bb645fbb1c3909731237f91ede875eb272a1f226a94d85a7bfe4dc8b25b8d5af8b2fd9f103b996758afd509fe6e1cc2120ad2cc3fd72b0536975d6945b59c03e79d547e333ac7effea056c568ec4cdf5fca3e113a48de2b5744f7775ddbb8de9cc52f5b1aa0fb4d3f27948403115f9775201d8f7f4b5642e29d472a585aafb93b7a7d2b3b13440c0ad31b1c40e53c5f7c638359951bcfece8f66d148481f077c76331f18cd1022100ef6045486145e2b65d186140922b8f19354f9c195cc2027831549b4fde2ab9f648b12b2acda70e161854f89bfa42b9e0be3f1a41e900b5c9f015ca0698d7b3935940bbfb14be138e7a913fcdccff55f1a66187c063ad6e119b27810b379f8ec77996c0cec9f47bccec8659957f76873a664c0c4b6b52d7b98029b6a91694bda1b72e128e6d45edce66796806b403d15bbec2a7cbca0d1c059a295f10300000088fbd5884e6f8267aef41d8fa49e56a85c3d2c032ea17ab14eb7b36755fe5d6b2f8b9cd9bd640117356b36f1c646b086b364a945193f0d2f0feb5261d4deccc13060b239ecbc6adb27dfd23673e78b96dd3340bc9359cab51a2947459fd738fabe8ed8429782c2688582270835e33fd8b8532d6f6e2ac901b1c7821663e85e2b4b84872d14383e512c74ab078b958d3a2a30382530777fd0ea44ab6982332a1721723a31ae7cb51b5e554aeca5e4c5e84b51cc09740e82cbf2b1e3bf715eb9f602de4a3dcd977555c6977effe1734cd81fca455f6b1f592e6e4da03e3cf1f92aabf33c8c0847ec337d88c74c739674fc08c7b57224d82af1714196fefd7effedf7a6a212e10304eae5f8b66deccbe852b33b9f2dc6bba83dcc0daf3ac9ad1269df555c0b8b8d54ec5241de5db5dba51c4f0c16c19293138d470f5d39ab5cbb3b8304039026e5612edc3bae50d38531363706f50e92adfae4b06fc206e2f2e7759b498ace80604ec759fb3cecd3818dac493504b5fd256b8eba7a34d118eab6325101935e8468a11c028abf77cbcf178700be290dd810ccf5f9fe285d3bcc553b6cdcf44778f56f46091fddfc268002ba7df3bb8250b5f92b4f7d6d18fcc7f4d4df4fa5531ed23ae79c78c6ede1294f4d4bfca0df0aedbef96b0f4b7ce28c13b063327cf139db01bab3bed65fe36890040d9c985b1c13a48c35d92930daefd0a991148666be0510119b853d72cef3de19530f23a84cb7e51d9c5e096ae7e4b85fec1f478bcd0e77770631a607313221b8cda01a12c0b808edeeedab6fc601b6c08e3134fd96f06ff9f5dd90c879e8727727ae81c030f8a5bbd1722d3ea673cdba310c8e437d1414a8d8cefe66a4399a43b3c74cb870fb119d7f0c6392ea30ecbd38e60fc219ff3ca1faf06cfa17c8706996fb46ad9e9297b00754eb9455989147e7b3f715c943ebf3d5cb349c45c663326eac9987a043ab896f50657cd45f7ac04955355304121d7fae7686a3fb3ca0ad280cbe147de7d4ecaf1f8e29d63f559bd1d22ab518483fea6d1717d7116fc73ee09c57ac68b9acebff5f2759930e7fb17747cd46d8d12f03e17fc5ce14a0d71bfb5e1dfb7541d003c37f44afd087eae0f89e4df13fc10dabb41b5eeade33bdd829317fb3ab263ce6c4a770e3f92b5cccab0a2c225aadec8675b53a1f063afdbe8844a458d5c0e2e13b8bdc8d4679d56a1dcac062c335e28bb387df190a8fc580f5d13a55fe2652e1b58808c814b7a27a990fd3d845c4e764de5d6a196e8f4d3cc94fa8a1552d8d83b0572a1757d303f36d998b6d92ffc074ecb6a5bf1987cec84eddc18ac2c3279c6397d1168e2c3cfe7bf87b1ae8ef0b0485ac3c38fd620cc4f64d0b33786fa1d8fae2489e8db26ef1afbb6b427c1f03d6766e965af9edc75559fadf03c5e43e38e9957452a366aa331bd5e4d0a2d8ffb50bdc5c4ed995c9fda532ca1efcd1fd7e804f98c2960975b66aa1b13bcdaf296d7b896c26d920d435dd987d58dffebb79bb00974077f1e3210ba622b98fade1efa49b06534c892f6a6943664936ff3a215f9ee6150ed6e48fd30eab635de6d27d6679feaa812493297941720c1aa8527feabdf2c6fdc2eeb2a03d5d0764769d59125c8f3afa356f701ab32293904eb1d6518acc301a2450db6efd4c3e91c52782614020a400ca4a2ba1ee5abc6638bb91e61af54c33e64100d5dd203f9fd76c006b61fe764f2970f0c6c8b1eb15f98c8a11e93f2669ea1f44aa05102432b4119bc966dd6067fd1b04ecf569d90e09d414d00b2b6203ebf28a35af08510fa846b1d813041d31b919079919e0b45d84144e626f06705830ae54561252da85ce311951abf507f294fe36b79ec229b52f23a29cd88d0ab243662ebba507084e95a01fe92890d2d7a9b03e2fc4be62538b723b99e04eccf49a62cb3ba7b1378a3e1b66021ba1246dfbb6e6f1dfedf00920a42eea95fcab28cf326b058bc7c732b2ce2854079b49a7d0fabb9b18e320f0092ea15c6200823f896556021b7a47d67d417dd4278c8caad36b18e3d81f125522ff74a6620e3dce661ed63468f562511ef148c46f19c633ffdbf96736d210331e65f2b822897329132df2a3090099a0f6b0fc5d6be77c02adb6b626e89353a66552c038c2f3f47e35336bf1899e7863fb099588bdc2d0221c72c153848ccadbd26c6d4e3babd634c0e6560514125cce45741f53e71c43a85693ba184c605d0efd3ed2f24b8d3ea67f466c27665a2e6b324e267912472364ab302d84159fe70b147adf57d2be04247c7402552c693ed80a268260f2ac001bd77826a5a0f67179ca85ad4069e291c48fdb9bba59fa523aa4939a719565f70d369125835da8cc1ccc2f5aa52ec8df7be01bed8dcef789ac5d9a6215ae6539c826fc4884e49bdd0fdf150c8c5938a165ffd9f47ae193985707a1143dae9e672df8383075a708f562f3627874ea502798a04ccb64f6bdc8", @ANYRES32=r9, @ANYBLOB="0800d800", @ANYRES32, @ANYBLOB="040023806b5fe0900d7c7b9f33c672a2b9a94fa7b6e7cb76b309d1f10ddc0de8508bb100aea9686e6bc743c8af2c0b8d31c2caab08742f179795024bcb7e19ad23499d62bebd222d314461d3aff5b4ad1dd1069295e5e091382a79439a0213987fff7d969278f934c934c4276fd7b71c5503b4c12961ad097ba9d86eb99da94c84e95646ccddc347e33f00a964d15b6a1240b2ffc351708241b24f6ebcb16b9e0d7d6171145cc33740471f32a4754a0f573666dd8c66af8f51c552f25cf0efbe3e82a97452fef8274744c6e2f81415dbc922863e1bbb5f4a87a061c4da8b5dcee539bcca5f8536ce4f7a6ca62970d2ac3730acaca8eb72dac0309bb231e1dfdc3a5df1a29a0912924cbc4ff0dfcef1a138574e3c72a2e91fab737f974158336e589f9b2f94a7f1eb1ae1f367eeb904dd1abb913dc876db1a3d931b4b63f8d4dc87ec5de28f2864384638f1644c4dbea2137a4bb8dc0593a06eae19895f3c9f881835b5dfb1a83b0290acd1dc51d8d17ab65534e68cf4c9172612f83341350bb6f84e6bea933994cb6e6d62fbf72dc7bc79768d5f46667dbaf7e09d6b91e1d40820c8679b9216f8d6d501eb1161b02fa0d1796eeb108dbfbe41d5d0dcf475976781188aea69564181fcbf148d9d3224b0a59488be86aecd3d9b6797adfe3bbd6c6e843bd29e79ca5d885a93ac521831dd14526123248ef1691d76f37fed4cd47edd65b4c14b8ff786559f886d7036065aec95cf3b3d3c3c08f6beadf3ad8aeabfd163203016eef8702fc45802027b3f3673853cf8b033d3c9bce87e5987578a06cd215c74610d95edcbc7352a529682f39d65c904a19501e5ef56c9f362532449b5a83ab617bd96a01dea4e4c4fd2de593168dd6bc67c1eef0c629ddfb85fc021056856e38ff46335de6adaa7604dc23c78c2f9735ec3512c6071b82d7910dbeb0516d84c1d6993aeff59b34c61468ef1da275afc8173a830014f4486147549aea04f0f016309c189f306fd3fb3ab92ec6b36dab34b1660bc2bd52dce2b477fa89afbdb549b4af6b07d9b11fc7f5aa5cfac2183fe240ffc0b10d8c94f5ebdb63f5a76c4757fe7c531b03ca898f5385b2cb543424127fb1f484ca792e45e5ff545dd950a223a3564834cbca1a608c366b3e257a13ceb753880119188328d5f4a2570304f9c7ee6022343298ea7c95904c2367acd0460d4e8561d6679660c3272bd508e08630db4284ea13f46a9c254f45ca104e4ac5901dd42149c818fa5834037f8cd977113b76838d1ffc98c98bd3ddbdd97a51e596b0fa1c9fab53da034294929d6a4899cc3fc976552d6057b37b2ee6551cfb552b009025d18e3138901cfa62790060ca4bc7639dcd22b965ee6efff04d5359cf52d20e79bec393e74be628b3ad6216eede0e2ce2a8ed024fbf204f81f275b21bb1904ee911a07a3dd5363c69814bc16151ce5d10cfcea2aff8d5d88b8c861d4023fa6070780199c0e8c9fdd443f2dac97697d1b086135301782109ad9665391d00773ffebe36aa0e1c52fd4381d2940b5b6d3c1daa43dda4bbf3c5f77d153732a6f501f9936a97bf49ed8e127ea3b1993575a3df5a6d4e99d138c5e531fca45a049bc1e0d4f33f433ac14c5c0c134fb9b52720d066c9f830be5b9b4bc35c548a5e78025204f5951e322c30bfc390b062cef58db68fe2408d32227c7aff2da461e9ea8eced2e4639589f816797a007e773e85126ecac6532e5675a010f04fccc89c2ab829b7ab2e4f51e08f5675ab8c4915963ff5276949a8b37fbdb4d344a80313f0d4340e3bb4a34d6dd0a0ff774788a4ec80347446769ea6b443deef3103d89be4ce6205082ffa0483cfed7c8c9c5ddc4c8990d04c0cc48a1780b131ef378c3f826a8f1352f6078962baa96b4bbefdbc7b8f09bfce0e9fa8795dcf6bb1b4e4fb1c1e49aa3f49b9702fe97d53b47d25bf0a0015c41ce9eb450ca8d246a2b6314b3a0a7e5888b324992586af45d41057b04cd08dbaef53bb79960f61c62fe2071d3d2849e8f9f2de3550a2ae40bd1432fa70ac44eaef722aae7e5fa85c93d6cda15457642e165313a46e07856b756e8fa47ec492b34d8088d4cfc226b7b4d61e9502a65c36e3b0ab6269e53cea7760f84f2fb7c8265064aa233f9e58c0d79122fa0fa2cf907b334ceb58125b2f2bde7432ed6729617e83681e7c5425bdfadc6299451251c2a58f06bb9126bcdf4ffb5fafff729b94ce7e0e58f4841d30c64bff3feac64854742358bab2cb3e2358de159a5c75036c2592b527c8f4ad2f2d67608e0b54a0aa39fbd3d5d4e2ef1b2d2316a3582cde084cef329f58ab75f37104a1101f7a78275dedc2a542d0ecd5116c3cc91cfa8081ab9a2b5592d31d048ef120dee04b8ec464ed601e76e981346a3b3d64495ad29dc69eaed20b582fc377ffcb37fc6a3faf72aebc083c80de5c0e3d1c335533b1c17ca0244c7a4339821fdf631b766f9995e280bb4a112bde49f76e8b35b5e31d263f147ef70db5a8894ef1bf605171cccdbb6ea6d663ef61e9813a602887b622b1e0f8757f67c30178c39dc85ec1ac4a1dc5040d6034e5ce263c621ae7abb3dd2815d3e57c6ba2170cac18978a68192a46b31ddffee85b09c8cd1f61956fdfeda1ae1ce6c878679e82db5bf2066e90733f20c8e022f869f42466a61c5d0e3fc8f720c8929819b3c2101f05befb71ca31e62836e3c66f3627f29fded0fda9b05ab4241277da35f412dc0cadabbf23ac0dd387b3139e103c3e68b37cbd9c6de9fb4cc30485e97c464542f94f36597282f501d7801edebb78abe430adaed538022e5c895df3c8a10ec771124f78464dd38c4a84a14959d319991d92678fbfec041a88e9ae0a514982f20e2bfe7bc86dffcc07190d59df99abf665ad81ec300c965cbc3fd61d25260c3c05c04eebc47febe44904f49cd376ed3e86d743423713645f979e4dd8dd225bad82fc4af71d9e07eab0e8b1365f61989c9e6d9467b732304f8abb5d310f9d311bd159e01961383f6068e4eaf84edac386ca514f9edf7d97f1e1b298d75c772e17ef00c94f516f6ff27e76278423bed693020b7ea5be6e1d5ef054369fe84a7c66fe4e8f0ebbc3f214cee77cdd2a9564177bba1237f824371823763cdaec92cd6b5bd023fab8f10e942538a6da6acc5b5172660ff28e86409b41f10a2f778a316c2ce8e1bdce5fb0298c4a5c0336a99dd3e8ed4f089530ce6537d4aff6dc3cf02e180ec3366ffb7ac88f6659cc813acab76c396952c513308d92a5c7df5527b96f7e5578b9e8aa4c45df6afbee49b5f4684a32ec8240f831bd50f939410726b06f4e564a6eb8a6bcfa42185997fa0900a594f17780bd00bb2e19d557b834050a21db802d04b9290efdfae9523394eeff2a9d1bca0891276ae141515a6a6001dc3c5a58299e507bc7a5c6e5cff90c42354454511bb0fb154c8818525ba3efd5d5d33f2aa2f91dd79854120e243578335445340da0146e8ba1a3b2ebde35459233e6f2c7ac28a698a76648fc665fd34686f1c201ec7108f8c9f5b4fddb3ef41e9e6b7088250b6458b836c388d4d08ebda223fbfbc9df678eaa745daeb226393acc79e086890e3c414ea1eceaf84e17186b58e194bc6fa459f6b79b83fc3348c7801db0bb6fc2c55818426512c4969acdd3ada01c044df1ead898cf3d5eb48f487d757a89bb32c014847c31f232931420bfce01a5e5fa5abcc135e3f022aad17cfb0ed1937d4feebcccc237273f3751e00b6fcf6d7c5d015f85bb3dc1068769a11af4faebf78e888d0ba3f635fe3de14d406313ad9a50b1c4db5f4414cead2b67efc8409f58395ef2f00d60c998ab0588626440d3825a3b4e17130f7f4f33c2b94f259f1427115c9dfc1a88ade41d1019290e4832567b963e8a9928d1d3c2d6f16e75f29b414dd068fb386bdc820efdcab1a076ff2dd37981a7b89afa18cd2b0b2490728b0a85935993796bca7beccbad52382402be81326369722829c5d4d0d473c739059f7550a2fe2bf0425e670f9428f273c0adfe4915f35a337f323c10dc39f08681d9c29db21454d32b30955e2d2c6662b99240639e79bc40e1f90ec0045ed7dcd4ec55f5c58540ac3dbca3d5ac2457383af632532f4a5f680f06845f1b4f79c5381754f75d95551629af403d6e096537d76e3876ba3a5c9d3f87055491bc8ec96e1c53077ecf2d779dacb8a62c0d84b9c820053a1a2119e2c881dcb00faa3df46dd84b833a3c020c61a2e412c1d3ec31692cb838c78f3d7be318442efc45835661c0b6f75de4417ef8cad0051c45b2c71e5c4c532cf1039ac78061d4c3ade0cb19e83bbb01d5c9c6cf3f90f07f4058ae22af7901450d56553a0fc18f0f9444ffc02b6519e9c9a26e9e89a92b67d645c92586986e2aa8a319cb8152859e0f997aa8cc1247015cb6d3184fc0e9c30035fc40613141483661f3954179c01a970cecebc7ce91b24066a7392000273b6d306c994490bfec7d20c4a870f56b55b9e502a7fdcb9a6b61af723c95a15222b8ef95c986194fcff6649264ee3e98bad383eee31a3e4d0b366c4edfd29b26146fce34af68671fc8b4a31d9a488e25912aef1827081eb206dc683111ffd3bcbb7f799b60cae99b08f569d302e90c853dc6ded828e7b535447b75736a20f9916f5f6930f0c2827bd2ad38663d95e647e4d496521f57bb3f532a51dd237285ea3727feb45d742389c214e53905f2f24a4f94ef7cc533fc170d6f95f449471fdaa80ddc77463bb193a472f2743251509a89ddd8e11a7367015963048f9bca7f1d374e8698a88c3593feb9e7b0fbd56acc0e6372c106c5f49ae4b1923c6f821d271242bb0fab7d0a21fb2478807d1e00e4ab029645fc0e9533ae087d63230f709994583da5b0a646e18dc5951ea468b67d9c233f616f8c13db6414d98fd2fa4c6bc511363d81338dccc6c7874e47ee92af74ec4c9321055e2c950950d0da4e1e3a59f8631a0e696b3e0c66346747a65eeefc3534a1b2c5b237306e0b938253166a9e92fea636616e7f6f9118b4fa6f859b4dee18c74d53c9f13af024d602e63c1255698e5e822491c5606d1d2a5ef0229594651c5c9c98f76db5d42146ebea05c42e3bd648a98d6cc3963adb890c8d661c202b644e47fd331f87f5e1eb3f12566ce04ca4e73d56c683f26cfddc000daf32cb2809a070e4374769c880a6e08cc5da1c670195607fd749983b16cc3c31011cbb67428b2b0086e3fb9d93071a163968bae0dbbbcc947ccfdc412248e485851ea93dd2d661c2fd583e3498ad5e6552897dc22f8fd2a0dd6c01d6086ed14cca56f2d1fe22054fc5301d3d6ec06e4805de0cb558d5d7b1b54aa9c5de0941dfa973f43efb1b17c9f3c69fabd8610ce9087197ebcafe37dc15822d94f07071c0fbc14e1281e1b074be69a5dbefe887959599fb0c22c83fb46382a5ee1dcf1e911bdd4d3481b55690e69891c8ae2f1a22acee050e008d177633f0532fa7243ff87f338afd040f305eb2b13f1bae35aa061ed56b995c5510da7905ccb05c2f71256a4b3176aeb44ef89629be543a215e85f7d66ab9ec5714a46df96c5f018699e2d7157f0bd3d6c96c96d4a92e3f50135c1ba91a97ee88c6eca43b56ee11c5586aa0c33683c1e62f2395c622e0d0ce136392cc5d2fc67b62a766ec1225f58472b93160ece0833655c73bb22d940277e0ee63eca9bdd1999f0f61c06485cddbde6f2cb0d0a2fb54e47cf5535327290108c2694ddc31d4bbb16eab818c24ca8cd9c35694a4d75d2a8a5ba779970724d37abe2cb0d2845003153e404001a803cd8dd0f89c06bee80d3ccb65c5a05e801eb1cee2fed63fe5d56901a91349bfc352d9ad746e6eb3298746631dd689a34a60aede224247c098a52f916cc37460a9a8dacbb405e1866f15bd47bfb4cfc520e8d0bdf686cb7e8921711b9c3b871678f00c1223cd8d95ed60afa7054145547d5436203d1f74a74bed89683bd47ed62685f9fc2c2148c940e7bed7911fdb7b0f4cf5a7882310ccd0dbb2966de466c0476f99eed0b492ccd61148935dc7fe85f3b62d10d3fd34604eb8f1fb2f43ec390c9a25f35d5df79cd7f207c7e791ac6eb7e9613cd19485601d869de1127baf18467eaeb6e9c624d218f23c4cd466d4572fcb67b7a9407003600950300000c00680038000000000000002d88abe6a0000b7a6a0cfa4c0bb765a12886e8ed7373cdeddeaa994ee47e79f685bdb095edf34ea7317a130686b63bf1f1883fe3220482e3ab98c78e64c905e1c6d719213a094f0218a84f436852bc1cf695fcf34fa98b43def33fc654374a1c5e5efe331f2454484dc16e75f48bdba51420c5ed3d530d3e6f10effb8dc8d684a7641fa0907be9fba07d31f55dc6d321b66d3890127c0cdd4ebdd934b2fb61966b8f85e0259abd55f504d01ca022c9473aac49b15b72274fff94e514a4b6fcce53292cb0e7b63929ddb8f275fc275537381295a4e32322a7aede59ac90fbbb954d223ad39c4fa0aacf70719d54d522756d49411cedd646a3574b4aad2e4607bdbf7ac8dd8e4bb3401f40ac63ba1e76b18d320f48cf1797c7"], 0x26fc}], 0x2, 0x0, 0x0, 0xb4b0c15ddcbc1c3d}, 0x40010)

2m37.778587436s ago: executing program 2 (id=922):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000000)="3e360fe17b0ab805000000b9315624370f01d9f00fbba622a5000066b80201c4c37bf0b0b498876f0d66baa100ecc744240000000080c7442402e4000000c7442406000000000f011c245b0f017005c50f01c5f3aa", 0x55}], 0x1, 0x1f, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xc, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, 0x0, 0x810)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000200)={0x4})
r4 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x85, 0x0, 0x0, {0x0, 0x0, 0xf}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x24}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)

2m21.957089849s ago: executing program 32 (id=922):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000000)="3e360fe17b0ab805000000b9315624370f01d9f00fbba622a5000066b80201c4c37bf0b0b498876f0d66baa100ecc744240000000080c7442402e4000000c7442406000000000f011c245b0f017005c50f01c5f3aa", 0x55}], 0x1, 0x1f, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text32={0x20, 0x0}], 0x1, 0xc, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, 0x0, 0x810)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000200)={0x4})
r4 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x85, 0x0, 0x0, {0x0, 0x0, 0xf}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x24}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)

11.514332895s ago: executing program 0 (id=1336):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0xa8003, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x3)
ioctl$TCFLSH(r3, 0x540b, 0x0)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000080)=0xb0000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000000)={@my=0x0})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r4, 0x7a6, &(0x7f0000000040)={0x4, 0x100000, 0x0, 0xfffffffffffffffd})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$MSR(&(0x7f0000000000), 0x7fffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map, 0xffffffffffffffff, 0x5}, 0x10)
request_key(&(0x7f0000002740)='asymmetric\x00', &(0x7f0000002780)={'syz', 0x3}, &(0x7f00000027c0)=',*[\\/&)\x00', 0xffffffffffffffff)

10.427130009s ago: executing program 3 (id=1340):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2d00, 0x0)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000000, 0x100010, r0, 0x5f748000)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
r1 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0xd093, 0x10, 0x3, 0x13f}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000000300)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000200)=@setlink={0x38, 0x10, 0x401, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x16122}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0xfffffff8}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24004040}, 0x20000000)
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100})
io_uring_enter(r1, 0x409c, 0x3, 0x28, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_X86_SET_MSR_FILTER(r6, 0x4188aec6, &(0x7f0000000cc0)={0x0, [{0x3, 0x0, 0x5, 0x0}, {0x1, 0x0, 0x31c8, 0x0}, {0x1, 0x0, 0x100, 0x0}, {0x3, 0x0, 0x5, 0x0}, {0x1, 0x0, 0x9, 0x0}, {0x2, 0x0, 0x10000000, 0x0}, {0x2, 0x0, 0x4, 0x0}, {0x1, 0x0, 0x6ffd4cd9, 0x0}, {0x3, 0x0, 0x0, 0x0}, {0x3, 0x0, 0xa6e, 0x0}, {0x1, 0x0, 0x6, 0x0}, {0x1, 0x0, 0x3, 0x0}, {0x0, 0x0, 0xf8, 0x0}, {0x2, 0x0, 0x3a281462, 0x0}, {0x1, 0x0, 0x3, 0xffffffffffffffff}, {0x1, 0x8, 0xfff, &(0x7f0000000bc0)="8a"}]})

10.366612927s ago: executing program 0 (id=1341):
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x5, 0x802001)
ioctl$VIDIOC_DQEVENT(r0, 0x80885659, &(0x7f0000000040)={0x0, @ctrl})
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c)
close(r0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e21, 0x6, @local, 0xffff}, 0x1c)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), r0)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r1, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40248c0}, 0x40050)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000380)={'tunl0\x00', &(0x7f0000000280)=@ethtool_rxnfc={0x0, 0xd, 0x8000000000000000, {0xb, @udp_ip4_spec={@loopback, @dev={0xac, 0x14, 0x14, 0xa}, 0x4e21, 0x4e24, 0x8}, {0x0, @multicast, 0x100, 0x1ff, [0x2, 0x81]}, @tcp_ip6_spec={@local, @private1, 0x4e22, 0x4e24, 0x7}, {0x0, @multicast, 0x4, 0x3, [0x5, 0x1]}, 0x10, 0x8}, 0x2, [0x3ff, 0x391]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000480)={'erspan0\x00', &(0x7f0000000400)={'tunl0\x00', <r3=>0x0, 0x7800, 0x10, 0x1, 0x6, {{0xf, 0x4, 0x1, 0x8, 0x3c, 0x68, 0x0, 0xb3, 0x0, 0x0, @loopback, @remote, {[@timestamp={0x44, 0x8, 0x45, 0x0, 0x3, [0x4]}, @timestamp_addr={0x44, 0x14, 0xf3, 0x1, 0x6, [{@dev={0xac, 0x14, 0x14, 0x11}, 0x1}, {@multicast1, 0x2}]}, @timestamp={0x44, 0xc, 0x43, 0x0, 0x9, [0x3ff, 0x8000000]}]}}}}})
getsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f00000004c0)={@rand_addr, <r4=>0x0}, &(0x7f0000000500)=0x14)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000005c0)={'ip6_vti0\x00', &(0x7f0000000540)={'ip6_vti0\x00', <r5=>0x0, 0x29, 0x9, 0xfe, 0x8, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, 0x40, 0x8000, 0xb, 0x6}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000600)={'vxcan1\x00', <r6=>0x0})
getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000640)={@dev, @remote, <r7=>0x0}, &(0x7f0000000680)=0xc)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000006c0)={'team0\x00', <r8=>0x0})
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r2, &(0x7f00000008c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000880)={&(0x7f0000000700)={0x154, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x3a}}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x30, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x3c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x40}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x34, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x7}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r8}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x44, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}]}, 0x154}, 0x1, 0x0, 0x0, 0x4004000}, 0x200020c4)
r9 = openat$cgroup_ro(r0, &(0x7f0000000900)='net_prio.prioidx\x00', 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r9, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x34, r1, 0x800, 0x70bd25, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r10 = accept4$rose(r9, &(0x7f0000000a40)=@full={0xb, @remote, @remote, 0x0, [@bcast, @remote, @remote, @rose, @bcast, @bcast]}, &(0x7f0000000a80)=0x40, 0x80800)
setsockopt$rose(r10, 0x104, 0x6, &(0x7f0000000ac0)=0x9, 0x4)
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r11, 0x84, 0x1, &(0x7f0000000b00)={0x0, 0x2, 0x7, 0x53e, 0x5, 0x7}, 0x14)
r12 = add_key$user(&(0x7f0000000b40), &(0x7f0000000b80)={'syz', 0x3}, &(0x7f0000000bc0)="93b5e8aff10ae3dce9b843aabf8a59410c13560600c009d0f985d189ca32cacb1c3bdae2003580d937b773e18f745f84c96aeacafdd22679fe3ae109ea8d36656dfe6d31ddaba4f7c0f8818c0b5ac97abc37fa11f83eca8ab2b40e86f29328ee879e9acaabeac6d55ca44a5f4e34fb13b902b513c6c1c9e9af46e4faaaf74b89398f5decf504502194cc4445b77d1e65f91ab235458aea18c69416c77209014f703265fff72b234881820a02c05904b60d", 0xb1, 0xfffffffffffffff8)
r13 = add_key$user(&(0x7f0000000c80), &(0x7f0000000cc0)={'syz', 0x2}, &(0x7f0000000d00)="024a0e533d2d311cdf634d99ed1057d3556714527b2a43be5327decaaf3b385d61028221593f048956f722e995bbe2b81f2782faed12d9", 0x37, 0xfffffffffffffffb)
keyctl$dh_compute(0x17, &(0x7f0000000e00)={r12, r13}, &(0x7f0000000e40)=""/250, 0xfa, &(0x7f0000001000)={&(0x7f0000000f40)={'poly1305-generic\x00'}, &(0x7f0000000f80)="d38a8b66c6efdcc2a02fee59c90afb0f9e5b8e90612de8968e71140dcfedfd8de0471e017c80609fc39ee67649183e2d0212122fd1dd908f595ebe0d5071dc2a93e4d949314c12761397b12d8452031bd1", 0x51})
r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001080), r9)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000010c0)={'wlan1\x00', <r15=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000001100)={'wlan1\x00', <r16=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r9, &(0x7f0000001240)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001200)={&(0x7f0000001180)={0x54, r14, 0x200, 0x70bd2c, 0x25dfdbff, {{}, {@void, @void, @val={0xc, 0x99, {0x4, 0x5d}}}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r15}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xda5, 0x4f}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r16}, @NL80211_ATTR_PID={0x8}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r0}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c0}, 0x24048011)

8.88552135s ago: executing program 0 (id=1344):
syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab82)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff058500000004000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r2}, 0x10)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[], 0x48)
mknod(&(0x7f0000000080)='./bus\x00', 0x4, 0x6)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='ext2\x00', 0x8080, &(0x7f00000001c0)='discard')
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_SNDMTU(r3, 0x112, 0xc, 0x0, &(0x7f0000000000))

8.807780356s ago: executing program 4 (id=1345):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0)
r1 = socket(0x1, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r3, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000000)=0x285c, 0x4)
sendmsg$key(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="0208000002"], 0x10}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r1, 0x1}, 0x20)
recvmmsg(r1, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000000440)={r0, 0x0, {0x0, 0x0, 0x0, 0x20000000000008, 0x200000, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c18e8438ef2a565ef1e83323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200000000000000000000000200"}})
r6 = syz_open_dev$loop(&(0x7f0000000180), 0x2, 0xe00)
r7 = openat$userio(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r7, &(0x7f0000000300)={0x1, 0x9}, 0x2)
read$FUSE(r1, &(0x7f00000019c0)={0x2020, 0x0, <r8=>0x0}, 0x2020)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000001c0)={r5, 0x1000, {0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x6, 0x1, 0x1, "b4fd8fc7627dac52d8cb59ee041bece67299bdef67e9fc8e7e824b0ee88aacece3eb96c6842f8d2a80b5f3897ed9694cb579bc9d2dc4a03da37ece06c23c4690", "2a311000ed7b4a6b872ec9dae68e9751a3e1a54df95160706589e73e0954dccb6c2cc6e27e976150dc31e9795f1ae61dd3feeff948c39595aa6b2d190a133d89", "6f03a17381447970d2c4d3571fcef5725ae3f19589c3cdbdf2e4459ff08c8044", [0xfffffffffffffffd, 0x1]}})
r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$FUSE_NOTIFY_RESEND(r9, &(0x7f00000000c0)={0x14}, 0x14)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001980), 0x2, 0x0)
r11 = io_uring_setup(0x6c70, &(0x7f0000001300)={0x0, 0x15c, 0x100, 0xffffffff})
io_uring_register$IORING_REGISTER_EVENTFD(r11, 0x4, 0x0, 0x1)
ioctl$FUSE_DEV_IOC_BACKING_OPEN(r10, 0x4010e501, 0x0)
r12 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="48781511f62cc18837a50af3439d18e0d7e20000", @ANYRES32=r6, @ANYRESOCT, @ANYRESDEC=r8], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x24000001)

8.578638334s ago: executing program 3 (id=1346):
openat$nullb(0xffffffffffffff9c, 0x0, 0xa4242, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
syz_open_dev$dri(0x0, 0x8, 0x200000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019480)=""/102400, 0x19000)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
add_key(&(0x7f00000003c0)='logon\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x4)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
prctl$PR_GET_TSC(0x19, &(0x7f00000001c0))
r2 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd)
getsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000300)={@private}, &(0x7f0000000340)=0xc)
keyctl$dh_compute(0x17, &(0x7f0000000080)={0x0, r2}, 0x0, 0x0, &(0x7f00000000c0)={0x0})
migrate_pages(0x0, 0x9, &(0x7f0000000040)=0x9, &(0x7f0000000380)=0x102)

8.578331627s ago: executing program 5 (id=1347):
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001d80)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r9, {0x0, 0xffe0}, {}, {0xa}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x2}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000000)

7.576727104s ago: executing program 5 (id=1349):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x1, 0x0, 0x0, @vifc_lcl_ifindex, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000180)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r3, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a6608995274e60600000000000000ee1df06e926406d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)
ioctl$KVM_RUN(r0, 0xae80, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x45}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r5 = socket$rds(0x15, 0x5, 0x0)
r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000006a80), 0x101101, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='./cgroup.net/cgroup.procs\x00', &(0x7f0000000140), 0x21c804, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r6}})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r7, 0x7a4, &(0x7f00000000c0)={{@local, 0x41}, 0x6, 0x0, 0x4, 0x8})
r8 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000206010200000000000000000100000005000400000000000900020073"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r9, 0x0, 0xfffffffffffffffc}, 0x18)
write$binfmt_misc(r9, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f00000002c0)={r9, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000000000000000000000000af1e4ccfb7b3cad800", [0x0, 0x2000000000001]}})
bind$rds(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r5, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
sendmsg$rds(r5, &(0x7f0000000680)={&(0x7f00000001c0)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0}, 0x0)
close(r5)
sendmsg$inet6(r4, &(0x7f0000000100)={&(0x7f0000000000)={0xa, 0x4e21, 0x80000, @loopback}, 0x1c, 0x0, 0x0, &(0x7f00000001c0)=[@flowinfo={{0x14, 0x29, 0xb, 0x3}}], 0x18}, 0x4044004)

7.41908183s ago: executing program 4 (id=1350):
syz_open_dev$dri(&(0x7f00000000c0), 0x1fc, 0xa800)
mount(0x0, &(0x7f00000003c0)='./cgroup/cgroup.procs\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="1801010000029b42543092e2a8dba33e9c312d5c47e8000000", @ANYRES64=0x0], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000340)='skip_task_reaping\x00', r0, 0x0, 0xa}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x20402)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r6, 0xc0505405, &(0x7f0000000180)={{0x0, 0x0, 0x252, 0x3, 0x6}, 0x2000007, 0x2, 0x3})
ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101})
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r7 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r7, &(0x7f000001b700)=""/102400, 0x19000)
socket$inet(0x2, 0x2, 0x1)
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)

6.247343898s ago: executing program 4 (id=1351):
r0 = syz_usb_connect(0xc, 0x24, &(0x7f0000000100)=ANY=[], 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000000)={0x2, 0x40000083, 0x0, 0x0, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[], 0x10}}, 0x8000)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r3=>0xffffffffffffffff})
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, 0x0)
ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, 0x0)
ppoll(&(0x7f0000000000)=[{}], 0x1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES8=r0, @ANYRES32, @ANYRESOCT=r3, @ANYRES32=0x0, @ANYRES8, @ANYBLOB="00000000000000000300"/28], 0x50)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r5, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0xffbe}], 0x1, 0x0, 0x0, 0x8044045}, 0x0)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r5, 0x84, 0x7a, &(0x7f00000003c0)={0x0, @in={{0x2, 0x4e21, @broadcast}}}, &(0x7f0000000040)=0x84)

6.162970035s ago: executing program 5 (id=1352):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000000000056000000000000"], 0x56})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x102000, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000002340)={0x0, 0x0, @pic={0x7, 0x10, 0x4, 0x81, 0x0, 0xb, 0x7, 0x9, 0x5d, 0x1, 0x8, 0x40, 0x31, 0x0, 0x5, 0x4b}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)={0x3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.561558458s ago: executing program 5 (id=1354):
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x5, 0x802001)
ioctl$VIDIOC_DQEVENT(r0, 0x80885659, &(0x7f0000000040)={0x0, @ctrl})
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c)
close(r0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e21, 0x6, @local, 0xffff}, 0x1c)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), r0)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r1, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40248c0}, 0x40050)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000380)={'tunl0\x00', &(0x7f0000000280)=@ethtool_rxnfc={0x0, 0xd, 0x8000000000000000, {0xb, @udp_ip4_spec={@loopback, @dev={0xac, 0x14, 0x14, 0xa}, 0x4e21, 0x4e24, 0x8}, {0x0, @multicast, 0x100, 0x1ff, [0x2, 0x81]}, @tcp_ip6_spec={@local, @private1, 0x4e22, 0x4e24, 0x7}, {0x0, @multicast, 0x4, 0x3, [0x5, 0x1]}, 0x10, 0x8}, 0x2, [0x3ff, 0x391]}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000480)={'erspan0\x00', &(0x7f0000000400)={'tunl0\x00', <r3=>0x0, 0x7800, 0x10, 0x1, 0x6, {{0xf, 0x4, 0x1, 0x8, 0x3c, 0x68, 0x0, 0xb3, 0x0, 0x0, @loopback, @remote, {[@timestamp={0x44, 0x8, 0x45, 0x0, 0x3, [0x4]}, @timestamp_addr={0x44, 0x14, 0xf3, 0x1, 0x6, [{@dev={0xac, 0x14, 0x14, 0x11}, 0x1}, {@multicast1, 0x2}]}, @timestamp={0x44, 0xc, 0x43, 0x0, 0x9, [0x3ff, 0x8000000]}]}}}}})
getsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f00000004c0)={@rand_addr, <r4=>0x0}, &(0x7f0000000500)=0x14)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000005c0)={'ip6_vti0\x00', &(0x7f0000000540)={'ip6_vti0\x00', <r5=>0x0, 0x29, 0x9, 0xfe, 0x8, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, 0x40, 0x8000, 0xb, 0x6}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000600)={'vxcan1\x00', <r6=>0x0})
getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000640)={@dev, @remote, <r7=>0x0}, &(0x7f0000000680)=0xc)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000006c0)={'team0\x00', <r8=>0x0})
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r2, &(0x7f00000008c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000880)={&(0x7f0000000700)={0x154, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x3a}}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x30, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x3c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x40}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x34, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x7}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r8}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x44, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}]}, 0x154}, 0x1, 0x0, 0x0, 0x4004000}, 0x200020c4)
r9 = openat$cgroup_ro(r0, &(0x7f0000000900)='net_prio.prioidx\x00', 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(r9, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x34, r1, 0x800, 0x70bd25, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r10 = accept4$rose(r9, &(0x7f0000000a40)=@full={0xb, @remote, @remote, 0x0, [@bcast, @remote, @remote, @rose, @bcast, @bcast]}, &(0x7f0000000a80)=0x40, 0x80800)
setsockopt$rose(r10, 0x104, 0x6, &(0x7f0000000ac0)=0x9, 0x4)
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r11, 0x84, 0x1, &(0x7f0000000b00)={0x0, 0x2, 0x7, 0x53e, 0x5, 0x7}, 0x14)
r12 = add_key$user(&(0x7f0000000b40), &(0x7f0000000b80)={'syz', 0x3}, &(0x7f0000000bc0)="93b5e8aff10ae3dce9b843aabf8a59410c13560600c009d0f985d189ca32cacb1c3bdae2003580d937b773e18f745f84c96aeacafdd22679fe3ae109ea8d36656dfe6d31ddaba4f7c0f8818c0b5ac97abc37fa11f83eca8ab2b40e86f29328ee879e9acaabeac6d55ca44a5f4e34fb13b902b513c6c1c9e9af46e4faaaf74b89398f5decf504502194cc4445b77d1e65f91ab235458aea18c69416c77209014f703265fff72b234881820a02c05904b60d", 0xb1, 0xfffffffffffffff8)
r13 = add_key$user(&(0x7f0000000c80), &(0x7f0000000cc0)={'syz', 0x2}, &(0x7f0000000d00)="024a0e533d2d311cdf634d99ed1057d3556714527b2a43be5327decaaf3b385d61028221593f048956f722e995bbe2b81f2782faed12d9", 0x37, 0xfffffffffffffffb)
keyctl$dh_compute(0x17, &(0x7f0000000e00)={r12, r13}, &(0x7f0000000e40)=""/250, 0xfa, &(0x7f0000001000)={&(0x7f0000000f40)={'poly1305-generic\x00'}, &(0x7f0000000f80)="d38a8b66c6efdcc2a02fee59c90afb0f9e5b8e90612de8968e71140dcfedfd8de0471e017c80609fc39ee67649183e2d0212122fd1dd908f595ebe0d5071dc2a93e4d949314c12761397b12d8452031bd1", 0x51})
r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001080), r9)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000010c0)={'wlan1\x00', <r15=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000001100)={'wlan1\x00', <r16=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r9, &(0x7f0000001240)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001200)={&(0x7f0000001180)={0x54, r14, 0x200, 0x70bd2c, 0x25dfdbff, {{}, {@void, @void, @val={0xc, 0x99, {0x4, 0x5d}}}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r15}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xda5, 0x4f}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r16}, @NL80211_ATTR_PID={0x8}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r0}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c0}, 0x24048011)

4.504466026s ago: executing program 1 (id=1355):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = dup(r1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r1, &(0x7f0000000100)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, 0x0}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket(0xa, 0x5, 0x0)
r4 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e24, @remote}], 0x10)
sendto$inet6(r4, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e24, @local}], 0x10)
sendto$inet6(r3, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c)
close_range(r0, 0xffffffffffffffff, 0x0)

4.467242017s ago: executing program 5 (id=1356):
socket$packet(0x11, 0x2, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0)
mount(&(0x7f0000000300)=@nullb, &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0)='ocfs2\x00', 0x0, &(0x7f0000000400)='usrquota')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000440)='net/route\x00')
preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000002380)=""/169, 0xa9}], 0x1, 0x80, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r7, 0x2000)
bind$inet(r7, 0x0, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000000), &(0x7f0000000040)=0xc)

3.842766151s ago: executing program 0 (id=1357):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0xa, 0x2, 0x56d, 0x3}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000340), 0x1000, r2}, 0x38)
fsetxattr$security_ima(r1, &(0x7f0000000040), &(0x7f00000002c0)=@v2={0x3, 0x0, 0x11, 0x8}, 0x9, 0x0)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x6, 0x3, 0x7ffcfffc}]})
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, 0x0)

3.678000015s ago: executing program 3 (id=1358):
ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, &(0x7f0000000440)={0x5, "3d1527a3fe2a442573257652b28ed0e98d711036236b16d38fd718beffa74785dbaee5e725859c4e8e414fa1c84fb38da8a54e1e72d7265cb5d4f7f7243990da3822e4a4b80ee0377a1f1ee104765255ad6a44e1585e186fe2bcaec8e57c53fe0e69f9c38abb7e8eaf313430adef323623f9374ae0bfaf79b7eb9426e3145259ec107109a986cfe35f0e2755fa9be46e1208f7c7ccbd962cdfbd67130ca9b2b370087da4c2ce7416d125abfd6c81d9ce1529f7d435c60cd4fada95c54b01074df0a5e781629111fd54213930257cf2bf126d9bb64bdf95b79a0c5ba5f5c9fa807251256ead029d3a5430945f0ca8c461ef495ea9a20c4fdf3d9944c4a7b3be75b1e0a2191a34cd27f0640f3ff78be73a483a5a09f6fcf90b75c4c18640d0a50c798214e84b2546700321486db9264ee7116768b1458086aa5e169b62b2593eb1d30ff2a87d1fd61cf3adfa1f6d374778a9aecc45f8481fd27d221a883bee2e301d42e2ddb1112ed087b2d13d3f90a58e75a49c3ce9530ffea98bd875e689298f6af6d96f11522cc30db372b47685bf0a35b05ad49abc8c162d05923994980834693d38a319906f1fd57a7aef0f9f4cb352b9cf8561ae9a203af39484b0833e4461a3655cb40bfb520479e3e92effa327bff83f08b4409cd5e1fcbed73bad169e2f5f448bdb613cdfe5ded7f650154778e1f812cbe5dfcb3b91d7934c8b1fb1c4"})
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000880)=ANY=[@ANYRES64=r1, @ANYRES16, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002002929590c"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x240488c0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000780)="b5acdcca761511ff486503ee11fad25ec1c79501ecca332fe2682320d1d7d555d99b6886a29d181a6c06465a16824b5d64fe8eebfa3d0ba5a44c2832bc0a4d7cc832ce7fa24298a6c8eae706a7f894f1e8fcdfbba19902eb257c96036705ed1d98e53c382c587ff2f2678011d59eb85b45c923af825d17951e58873529059b4483a18390158400f135f59027599a97d7075735ec078f9bf75cc7e53cccfd5bdea05eb6b05e1ea71459d245f29a7ee9897809a7a3fc3e201414c60bb9a1da0b8b9315c546c3ea408cd0e166b504f914ddd97ace9f6a1ddba4fd265a5bf48b320b6f5dbdf322caeb1944e4359dca1c76dad18510b7ce2b9af8a64c0ecc1270", 0xfe}], 0x1, 0x0, 0x0, 0x2c}, 0x404c084)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000480)={@host})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r4, 0x7a5, &(0x7f0000000180)={{@any, 0x7}, 0x1, 0x2, 0x7})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r6, 0xaf01, 0x0)
ppoll(&(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r5, 0x0, 0xd}, 0x18)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r7, &(0x7f0000000040)="05000000010000", 0x7)
bind$bt_hci(r3, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r3, &(0x7f0000000040)="05000000010000", 0x7)

3.409705053s ago: executing program 1 (id=1359):
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001d80)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r9, {0x0, 0xffe0}, {}, {0xa}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x2}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000000)

3.082912493s ago: executing program 4 (id=1360):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, &(0x7f0000000080))
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5f7, @name="ac2ad54970138065d4b1a10a14b7e65642722c3da99ba40f000026e78ffc1e0a"})
r3 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000480)="fef0eca86999a4a0c7cb5b00", 0xc, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r4, r3}, &(0x7f00000000c0)=""/83, 0x53, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r7, 0x2000)
ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf041, 0x31c000})

1.33457464s ago: executing program 1 (id=1361):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002300)={0x1204, 0x42, 0xb, 0x70ad23, 0x25dfdbfe, {0x85}, [@nested={0x11ed, 0x13, 0x0, 0x1, [@generic="f331edbf59cac26b634a3a82592eca1e475dc9ee28064a2291c842cddd236621ebc0a318396cf7b955cdbbf59424e3afd9f3c87c4f441c0e34cfe0ddd233f1b287010cf1057c3596dbc3dfbbfbc303aafbe3b9acfdc38f54a9944c1749107ed3c51b658ee135c373520c7eba42b17f09485fc6a49d28c46d96ff16da6f5c94537744bcc555e818a683a5351f2771ad9bcd02480ef6768fd0571a5685268083030a5b0599d78a7c5583c3faab64591900fa218c0916dac54ba1697c2c52e82d0decbdfca227ac28eb3021c85deeb0ca8d48a5be763c0d21929d307edee3be398ec92756e8b99a008b6543dd75e01e2fa3537e10b097c2f386d97f", @generic="ecdc3abeb20114d12b", @typed={0x14, 0x3d, 0x0, 0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}}, @generic="737754695481eee7c947ba57f181e8ee6fb528a0a194e079758fd17b539e62a5ef6b9fe31f52fcf14182e9431ad818e85815e0ed413852ca1f64a14441a083f0c89e50e1cef084e094931805cbebd58d3f84", @nested={0x80, 0x7c, 0x0, 0x1, [@typed={0xc, 0x3b, 0x0, 0x0, @str='overlay\x00'}, @generic="3f8681486a7b5b152962e698201ee7bfa07741fec4d032bf722ca168e336ca15b492af6e16d999c15f664521286008019fe6d1ad2d77e3920ab3e9715d02a9c3cb0683117c1e12c6d4d86a865813e66fa3a32a2e4071617573192c6e21b7f5eff3148caff77a33bc6b5a84230be1a493"]}, @generic="db85e1735aa2f0e6ffcb50e517c60d049fa2e7369c5325b293be7f0953527ffb6ff7ffef77bcbec89efab7ac0644b3e145efc2650ab95d9235dc002d0006934465247f2e93fdec83c9e36df5ba06020029ed3191c3713e1c9407b3926964e4187eff569d662a82f90aa067111aabf4a657fe5d8789ce7642ed0817f5f96fba9c1f2633d5edb4be7a3a999eb00c5e3a8cef7ee8f7e72486733ffbe4a8f508c21842183977baf03918be005559e34c46ceac9a02143682aedbc79bcf4e0f0ffb1ad0f7f7ce03265c5ad2a80f3cae2a4593b0666056da553653a3a1173113f621f4b16fb3abbba63ac35fe7ac68fbea717cf1427d342eab1a21aec4a53bada2aef2bdffd0bc978a2343e3c3a1f88209fc68cdbcbaa4e7adae6fa0417dcfee5f26d4a93dcaaba432533c8d021b145dcb963cc0c4df1895fa62f4e8c66c6547d447fbef3b66523661d3b3185c5d83310a6198de3caffb8317c1e72f2e3d87f5b5288e0a40c8f6dd65dbbb48e6f0e09f5522e1baa5ab7f88964b4b57f851329f6350b31d930b7f1926fef420d1c75084c2971085d8c1336052f89bf01bb8ce5360dd4b3c8741db7dc0a478a649e8c1e3b3bac42d13447385a2479807467768615260e51448ae187d0661015e85ee43c564794f9bbfdfc116bd7d4ddcba977ef2d6cbe72890dfd6e5abd089f20547079cb2d94046ae60f52ea5ea549b78cf057ddbd7b2b5430d9c98cfef5bc232b56ddafe847de341e06550b090ef2fb950e07d72a0295b2cddba0d7e5bbb62eda69afd1b94454438eb3c1586b468b5044b7e84cccbd43dbf5cae6fd7ee2bd620c9123080e549081d7f47e12d2d4d45920aa06433493c1dbfaf0a9e74fdc0b37f13544d03b9c730f176644a03176f79c8f043321f5091d8ba94233b475fea450fa55877524495a2dff9153876b934d121ffc7561706fc34040655314dd6c27f5e1073d4556106386d18044dbcdc397f5adb5225c7cc39c384b0aa9e089c51396f57921355f9b7e472cf37e6f3484f0a757be7b37f019876cf94cc76d438b8e77a6aa4dd2c63bb661087c6fa6c1f1085d6ae3d0f5ecb1b597f251be668bea855f0d1b351c4a9834db757441f47abb7f69281c57cd6185574da10e38bac0b62983ef5ff0bc3055190bc83b70f43d2fe5d7a1eb9911e0f46b4f8e3a7e24f4a1450626c4668f649bc16baf48a598af89df07b5b76b5de73a349d9d916d205711010e68b8da9619b17f9d86496b84de49d02314f02b474d86305fb9c1b979d3fa57294dc4d0ec95b1156b7d3291e9d3b47b0b174ec2cbf4e34d1083230770b2ad1902ea430d2b8afe438e4008a6cf33505f0bce50629fce36b470164f66929782420703b7ba747a987de6f033941e953f44a8aa1f6f56409164beff1e95de5e76920d1c6ffa94a8f86713802f51f6e6f28d49f48bd04ba789f42a7ec05869fe4c6596e9791f1ca22f82f9ef3aabd2d00c6eecc593206b2aabeccfbcfd44a8149093ce5d54629f626b414549c26a109f9e71c2fbce7d5d7aa2de16f926963e0cdc403a482bb6c6a5f55f415ed124ccda4e68d2067e92240a9feff24568d5949e6bbd0a5e83675395b56e5293e2ac662f4a0ca61c709ff4a8af744d69371151309478ba8cb4c1d49b91c9bf037b2a14c06f4a9bd13611ad99e98d0b26643010dc9116779c4a56d12085651504f145da4596f649bcf08641cf5cda4e8ee9ffe69b3e8850311330ae2c4145dbd65aef98199f1ed10b36e9bf8d9814273923f80a1d49904efe218483afaabf5450529601719b88a1f981c16af46c48b778d3443f631ef86e5131d1366c1b10d5bac3ac263d8642035c0bd59bd03e67ddf4991b25a7f3a35465f6d88ff6a8e309c33b6c893d0537fb7cc89c62a8f9d83a82012fbd9c2e06286d39a143892113e69368dd682f0539ab2e1911a3786b9d51930d37a0b75f9d65fd3b9aeccc4f6b6566876d40400dd4d516b650c8d8ed031f60dcad6d1c48cdec060d3cc059c1ab3c88da3b5e71166c1aa625c6b2d8f6e147f981a01ec60565616047b586495b552c53cc0cdfaaab98cc3f07983e0b652302b672219cfb56956ef2879690033eea6087fa6ece307b61ad406c5a8e246ca0ffad8fd4c38260b86c95ec237f60a3039159db1dcbbe9844a79dc0fd7966eccb328757c358ae8a9e72f506bd4c6947fa98b01fa2778fb21ab6cec3c1af7d108b2715116643a87f8d45bb168050244e25580198a7b064ec9c5d73c54d19115b57d2185919bb0fdf12445b775d356b000d5869e40816b019680ab44d8548cd8d5b82b6fbd2cba484ac23244d35c3d30b557c8c4ee017bd164c63091d96b588a90f2862bb3f71d0e3dc22398945b3342a224cd1daed3cfb9e1bc9ba735aa77337d8a4531f18382ac150b4465cec7ca8283840291e4e7a6d2ee76beff26bb016395d9a9529609b4b57b5f75f965b3df369b7b6e552d840e6f7fca1ef828c4f4f878c5397995baf52a925fe621240e62ffe1bb46ac7a49532dd0c8992b789cd68fdae3a0589ebea6cd50fe0f1e4922e0edc01c033cd3218efa4d45b637b487c9943868972b0064db618125bda0f61fdf0b2fc618204a97fd2c750988c94c61df838655e8bf9a2c4f9f52b9a8f0858ecb3d0bfa834be5a8b5698810bc62ce251a1b3c7763bae237b25a887b94c8583e163de53065663120051f687f83f09d905f23ae95a059774880b607aa259d1ad9d5e6ba2c253cf346c7708ef58eac5ebeebd0c64b45e0188795b01b688f36bc6e3d8872e7c1d2077374d647c7edd67f064e83589cb5d60cef5d9fa94d4a77adf37ff719ec421f269b0a9103cccada06f341b0689188382cff489b4e3f2bf1c52e600fab4053dd2f7dcb5cec3cc1428c519dd014605361ae67aaa984e6cd1583dd328be29f20602698695f5a14ef88a22ad8321dec842556a2d6f8513c6d30a1b5bbb83b41e73e17e36b927c552b8249d965a91a299f156d83be09b33f674a01436b0fbd9cf2999c5515d4eacb95b7c71cfd97f1346fff8070915f50b761273794b99ac4c8795de25a33d306f568d0e34f101ef057817bcb6ca8fef4c430ebf59fd542782eaf2ad47d964a7bdee7796eacef8b64dcb2b6d8a444b894d4ac0380b56feba54cea866183892c30c6ad688a494612419e567effc2bcbf98790bc032bc3704db2161a3d788c1c265d9df24e3067d10e9a017f61744aa485326645f363936e4d435af370cfbb82957eae7609b3c61de99f1724461b229e16730a18f0a57d4205517f238485439982042e6f4d18440c7658cf2b66ada4ee4bfcf0e543b816173ae8c42b2aa651156c36f3596f496ad337d74bb7cf90d0dfdf162775090abd9476561d51a5fc0b08fd24d6ae0e6d7d246f35df49158422366d2f9e9dfd9a809bdb4f47043210f6bdea407ef15af0129f2025cf37ac2bdbcb4f9c3965ef0c25b3fe50878cc13c9981d077c8d7d4dd5235c9760ee4956241de90323ce6c083ae9fa85e727985f8e0dccc951367a299bd1ac630807ccbd14de11a8c48f05a6a1872c42a605889f04e2253f1b69a95092dfe5997b7bd8ec573ec86c8a76f9fdb9ec383c0fdd0b3ddeb5383de2d3c31e2109fc301a15c7bea2acd492e720a4cfd8c5d4c55bc47ab7d58870a85406219658db2dbd0aedff28a6f3e2e66aba94e7517c59b3a7ac1952756b51b18aa914487d31c90537c56eb1f3006096ee60fac555a55874d151eaf9c469f93ab2a404a12e7beea8b8c38481096a34759f63eebd1863b5e613bd1a2ac2a27d7ac1828b09b1db27aa391ac6e5f707bc1b123890ca6ab96433e99b0a5d2d4f380a2545df38566c7669841ee54fd1d24c5c6fc78fc0b9e5e1f88afa8a9f6cf808b499db968805d2da2ef5e7a809f0ed5e832b796d0fe3359574dd66e927f0e8e40710957255b7bf7784c421d0f44802d6e970075f4926d4581349a6505683a1baa65304e5a5ec445015efc6b6af8197490deae653798e0daf491aa1774b48cedd9a3f4faaed16eb06721cd9c33c739521eab41439ddcd5cb64e1eaec487e96859bbc58e9d9a656166facb9dc35dfcbdbf7815e9e04e7f6206ffb46ed16a6a1d584a7d4ffc3726333f4ae615b39c22a5d02adc42af5c764fd1059bf00cd8baa28a775c933472fde0c841d8ca28f578a7614d8916be0d6b2589b3ecebc52cf74eca2b50a82c27789e37d9ef6694176b2b419a8175d68a129dd1d83f9e7ea5ff61a499c750ae679300d83eed1b53ccc2d2ca019e79b43e91c387cf9f3908b774cf91657241286e39d538f2675728a7e3a5e1a89e6f8635b0f6a580fc90349a8d650a5377ed55356d826cb90292fd74746ca5dd75bf0d208ee7ca383d872544bd4d619b43640fee4a3a71b750e75e8b2a5a77a12a44f64b75432dac78a479c81f98d43c535d65cbbdb2f631c9f79a1cc6b1d5e432be8c56869e9e75d7d7dba21235faa24bd90801587b9221157c2d74163faf3f6a211ed5fcfbf99a0e61cc8925934e2530fdd80837a30cdbf29a18b2cc9d88f531f07a85ef579370eef11c9d61ca58ecf79e5f3c3f342bc1795a9db82c57e4b88c4b6e82ccd013082bd95f59806565f33f851705060045899bc320880f34d643fcb50dc6ca49e6ebfc0845156e404d8c842a836619b96dc0e9661e00be31eaa39d030c93289d09218d71b556f71caf06ee7da7dca12660299fe2df066cdac2791a06ad0e1a4e7bf6b48c31696c7c213eb80b4813f26815c01fe59016311bd18c14b174f224e0ae4e1e3a0e4f740f6187379c99ad0becc7f1ce4899c1cbf5824444b3a68ba016c63fd71a4e1dbe805829e91764789ad7b38d3c8d875c395c43e4889e52960f07c5adc28cc87543f3daee8f150f34c0026e1574d29e401e467d02396adba665eef12b89b622011b25594e84ce8bdfe755525f0eb14f195a20426dd6d7ecde9e4533e0304bc407d585a16107888294b60c1bfa1dde7582ff518f4235efe28d54d705e07aa79cdb2b9aac33d731280ba7928abfb525fdbebcd08dd6a24237ee8ca36d5aabaf92154e895c3a4cca2a84326077f8882289218138b7307bc408b97973fe9fc81d87df67117389cac86d410ef28d68120759f43b377ebfb76d4adad77a37b5f9289c04e5c28143cd3d20adc85cd216a646e1f2f455b7fff6bdd249a4b16dc48102e32726d549f93199e8140e0cd0c9d2d48ec28a635ecde9f637f35f650ff01461d144aa9bf88649988d9cd180bf15942118f3cfba95043285618477edafe6baed9abdd9f283d1609f3599585b20bb2324d2e9b3f00a8b0c1025117e85cb2936e953614f55c38d46ded9455a3166485d5dbfda4785c50b83265d7e90afa72a5bea679b164d76c03f0ef7193061b3f77b935a6878b390dd2351b617633a0279b0d1c25e8914bc8474027f7622b765e6b44867bf6c3241e886ba4cf7544568a2d2e87b0a86e72cf7b693ca0fb9bffd9a62e8a597133e55703fd88f388af5dd8a71581dc83489c302ea3ad36493453a211b17285a36cf661f47d9d0484bd27e60875b9cd90ea45ca57d9e99737004db0da661094f01e94f6300dfa802628a028455033efb3eaba216d9310a2a5b75252ed5a57803607b280c38be8bb27d7fcfdd50a3708c023142cca1cc326d713fdf7d2f54ae65b35b37c785072bd5af1f9bf8d5714291690c19f3a27189c0e9311307b7bd458dbe92394b2c9975e84c1fde28d526d302ce21735420935b1d81fec51bfcf92b85e19350b02a1bb45c08228d3dae9e95758ed10214acae319e6db59a10"]}]}, 0x1204}, 0x1, 0x0, 0x0, 0x10}, 0x40094)
fsopen(&(0x7f0000000000)='overlay\x00', 0x0)
r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', &(0x7f0000000240)={0x80100, 0x40}, 0x18)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000000)=0x2)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODESET_CTL(r3, 0x40086412, &(0x7f0000000080))
r4 = openat(r1, &(0x7f0000000280)='./file1\x00', 0xd40, 0x14)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000180)={0xb, &(0x7f00000008c0)=[{0x77f, 0x9, 0x9, 0xfff}, {0x4, 0x5, 0x12, 0x10}, {0x2, 0x0, 0x67, 0x7}, {0x1, 0x1, 0x3, 0x3}, {0x9, 0x51, 0x6, 0xd6}, {0xfffc, 0x6a, 0xed, 0xf7b0}, {0x2, 0xc4, 0x9, 0x7}, {0x30, 0x1, 0x7, 0x6}, {0x404, 0x8, 0xf, 0x80000000}, {0x7, 0x9, 0x7}, {0x5b0, 0x4, 0xff, 0xf}]})
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000240), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x12, r6, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newsa={0x2f4, 0x10, 0x713, 0x0, 0x1, {{@in6=@empty, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {@in6=@private1, 0x0, 0x33}, @in=@dev, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x5d, 0x14, {{'poly1305-simd\x00'}, 0x88, 0x0, "3509fe8fd560d44aa5074c50bc700e53cd"}}, @tmpl={0x184, 0x5, [{{@in=@multicast1, 0x4d5, 0x33}, 0x14, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3505, 0x1, 0x0, 0x8, 0xfffffffc, 0x5, 0x6}, {{@in=@multicast1, 0x4d4, 0x3c}, 0xa, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x4, 0x0, 0x9, 0x8000800, 0x4, 0x6}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d6, 0x32}, 0x2, @in=@dev={0xac, 0x14, 0x14, 0x30}, 0x3504, 0x1, 0x3, 0xc0, 0xcb2, 0x6, 0x1}, {{@in6=@remote, 0x4d3, 0x33}, 0xa, @in6=@remote, 0x3500, 0x4, 0x0, 0x8, 0x8, 0x7f, 0x5}, {{@in6=@private1, 0x4d5, 0x32}, 0x2, @in6=@remote, 0x0, 0x1, 0x2, 0x6, 0x7, 0x1, 0x3}, {{@in=@empty, 0x4d2, 0xff}, 0xa, @in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x3502, 0x4, 0x3, 0x6, 0x9, 0x2}]}, @replay_esn_val={0x20, 0x17, {0x1, 0x70bd29, 0x70bd25, 0x70bd2d, 0x70bd27, 0x3f800, [0x6]}}]}, 0x2f4}}, 0x0)
preadv(r7, &(0x7f00000000c0)=[{&(0x7f0000002140)=""/4096, 0x1000}], 0x1, 0x141, 0x0)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)={0xc0, 0x9, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x74, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0x6}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010100}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0x5, 0x1a, '\x00'}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010100}}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x7ff}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0x69}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x10}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0xc0}, 0x1, 0x0, 0x0, 0x48010}, 0x20008000)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000100)={&(0x7f0000001100)=[0x0], 0x1})
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r10 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$DRM_IOCTL_GET_UNIQUE(r4, 0xc0106401, &(0x7f00000002c0)={0x85, &(0x7f0000000340)=""/133})
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r10, 0x84, 0x7d, &(0x7f0000000000)={0x4, 0x8004, 0x5, 0x8}, &(0x7f0000000040)=0x10)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r9, 0x6, 0x21, &(0x7f0000000000)="12dc7a749688991a34aa7cc6cbaba4b8", 0x10)
close(r4)
socket$phonet_pipe(0x23, 0x5, 0x2)

1.278936706s ago: executing program 0 (id=1362):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={0x0})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x48e02, 0x0)
close(r1)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
io_setup(0x1, &(0x7f0000000040)=<r2=>0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="14"], 0x14}, 0x1, 0x0, 0x0, 0x4810}, 0x8000)
io_submit(r2, 0x1, &(0x7f0000000440)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x1, r1, &(0x7f0000000100)="653de841f0", 0x5, 0x8000}])

1.176099875s ago: executing program 3 (id=1363):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, 0x0}, 0xfffffffe}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/213, 0xd5}, {&(0x7f0000000900)=""/242, 0xf2}, {&(0x7f0000003e00)=""/4098, 0x1002}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, 0x0}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffbfffb702000008000000b703000000000000850000007b00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
epoll_create1(0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000240), &(0x7f00000003c0)=r6}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r2, 0x25, 0x2, @val=@tcx}, 0x1c)
syz_emit_ethernet(0x2a, &(0x7f00000005c0)={@broadcast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, @echo_reply={0x0, 0x0, 0x0, 0x65, 0x4}}}}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

1.146691172s ago: executing program 4 (id=1364):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000000000056000000000000"], 0x56})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x102000, 0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000002340)={0x0, 0x0, @pic={0x7, 0x10, 0x4, 0x81, 0x0, 0xb, 0x7, 0x9, 0x5d, 0x1, 0x8, 0x40, 0x31, 0x0, 0x5, 0x4b}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)={0x3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.026807057s ago: executing program 1 (id=1365):
io_setup(0x494, &(0x7f0000000000)=<r0=>0x0)
r1 = socket$inet6_icmp(0xa, 0x2, 0x3a)
io_submit(r0, 0x1, &(0x7f0000000080)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x8, 0x1, r1, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x2}])

990.316496ms ago: executing program 3 (id=1366):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x9000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, 0x0, 0x8, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x5}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x58fc}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x1)
unshare(0xc000600)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001c80)=@newqdisc={0x138, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x108, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "6f9541cd1a4dbfb5aabf32d14fa803f2395f13ad51c818a9ac681a324aae9361398f5ff3819975f3fbd6df30f7f4bb6e4be729e73936dd2b9e745898d6b548631c7c1c2afad2a5a8186a7c600dcfdd2ca385d336fe9d4189ab6352510d6351563e771422166355f92ed4a437ac7caa6221a30751521fdee7f63bb67c5c95e441e7171fb7b1a77c437830993c765f5af208dabbef48095f83f715789c96ba76e87fa9d8800da3c90c144b9a548a06271c9a31e836baae4c8e1f9357178d2a4a02d21d0f038c2711334e6432c8c419205335bc4b4e7831c7dc2225719d220a8178649103040641b8d090a4474ebf896ce78f0096ae597635cdd32e4ef4f161c738"}]}}]}, 0x138}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000004c0)={'batadv0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'team0\x00', <r4=>0x0})
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffd}}}]}, 0x38}}, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000540)={@private, @dev, <r7=>0x0}, &(0x7f0000000580)=0xc)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r8, &(0x7f0000000140)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r9, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r9], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000005c0)=<r11=>0x0, &(0x7f0000000600)=0x4)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000640)={&(0x7f00000008c0)={0x5a0, 0x0, 0x404, 0x70bd2d, 0x25dfdbfc, {}, [{{0x8}, {0xf0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0x1a4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8001}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r2}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8, 0x1, r4}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r6}, {0x12c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r7}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xad}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0x15c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xf972}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x3, 0x6, 0x5, 0x42c3999d}]}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r11}}}]}}]}, 0x5a0}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)
r12 = open(&(0x7f0000000380)='./file1\x00', 0x109042, 0x0)
fallocate(r12, 0x0, 0x7ffffffffffffffe, 0x7000000)
r13 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r14 = socket$inet6_mptcp(0xa, 0x1, 0x106)
shutdown(r14, 0x240)
ioctl$SNDCTL_DSP_SETFRAGMENT(r13, 0xc004500a, &(0x7f0000000180)=0xffff0018)
read$dsp(r13, &(0x7f0000000080)=""/203, 0xcb)

916.817183ms ago: executing program 0 (id=1367):
syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab82)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff058500000004000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r2}, 0x10)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[], 0x48)
mknod(&(0x7f0000000080)='./bus\x00', 0x4, 0x6)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='ext2\x00', 0x8080, &(0x7f00000001c0)='discard')
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_SNDMTU(r3, 0x112, 0xc, 0x0, &(0x7f0000000000))

554.735941ms ago: executing program 1 (id=1368):
openat$nullb(0xffffffffffffff9c, 0x0, 0xa4242, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
syz_open_dev$dri(0x0, 0x8, 0x200000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019480)=""/102400, 0x19000)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
add_key(&(0x7f00000003c0)='logon\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x4)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
prctl$PR_GET_TSC(0x19, &(0x7f00000001c0))
r2 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd)
getsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000300)={@private}, &(0x7f0000000340)=0xc)
keyctl$dh_compute(0x17, &(0x7f0000000080)={0x0, r2}, 0x0, 0x0, &(0x7f00000000c0)={0x0})
migrate_pages(0x0, 0x9, &(0x7f0000000040)=0x9, &(0x7f0000000380)=0x102)

341.339044ms ago: executing program 5 (id=1369):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = dup(r1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r1, &(0x7f0000000100)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, 0x0}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket(0xa, 0x5, 0x0)
r4 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e24, @remote}], 0x10)
sendto$inet6(r4, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e24, @local}], 0x10)
sendto$inet6(r3, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c)
close_range(r0, 0xffffffffffffffff, 0x0)

230.699104ms ago: executing program 1 (id=1370):
openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x8c36, 0x80, 0x2, 0xbfdffffa}, &(0x7f0000000000)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITE_FIXED={0x5, 0x1e, 0x4007, @fd_index=0x1, 0x7, 0x7fe000000000000, 0x4, 0x3, 0x1, {0x1}})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2)
utime(&(0x7f0000001080)='./cgroup.cpu/cgroup.procs\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1200000002000000040000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000059c8d466ffbec8a159d37a671a903ab43ab4eca1d3e7081b4a0ea783dc8e9983226ea6c0f63a8acb5fb6f0f3b01ececcd95ed30e19ffaf3703ddcbf374e03f8fb8464e"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r7}, &(0x7f0000000040), &(0x7f0000000140)=r6}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r7, &(0x7f00000002c0), 0x0}, 0x20)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES64=r8, @ANYRESOCT=r5, @ANYRES32=0x0, @ANYRES32, @ANYRES32], 0x48)
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r10, @ANYBLOB="2d000000ffef000000000000", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, 0x0, &(0x7f0000000700)=r9}, 0x20)
sendmsg$inet(r8, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x0)

120.805008ms ago: executing program 3 (id=1371):
r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_pressure(r0, 0x0, 0x2, 0x0)
mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff)
socket$kcm(0x29, 0x2, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
syz_open_dev$dri(0x0, 0x8, 0x200000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000003580)={0x2, 0x4e21, @dev}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000100), 0x4)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
add_key$user(0x0, &(0x7f0000000440), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
mkdir(0x0, 0x12)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000001e40)={[{@stats}]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
ptrace$ARCH_MAP_VDSO_32(0x1e, r3, 0x5, 0x2002)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

0s ago: executing program 4 (id=1372):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001d80)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {}, {0xa}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x2}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000080}, 0x20000000)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000001dc0)=@newtfilter={0x30, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0xfff3, 0xffe0}, {}, {0xc, 0xfff2}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8848}, 0x2000c884)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000000c0)={<r6=>0x0, 0x5}, &(0x7f0000000140)=0x8)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000280)={r6, 0x2}, &(0x7f00000002c0)=0xc)

kernel console output (not intermixed with test programs):

 audit(1755769480.148:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6267 comm="syz.1.82" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f09ab38ebe9 code=0x0
[  144.976738][ T6283] capability: warning: `syz.1.86' uses deprecated v2 capabilities in a way that may be insecure
[  145.984162][ T6289] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  145.993616][ T6289] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  147.268274][ T5911] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  147.803208][ T5911] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  147.878369][ T5911] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  147.910535][ T5911] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  147.924089][ T5911] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.721908][ T5911] usb 4-1: usb_control_msg returned -32
[  148.731597][ T5911] usbtmc 4-1:16.0: can't read capabilities
[  149.665298][ T6318] netlink: 56 bytes leftover after parsing attributes in process `syz.3.91'.
[  149.742087][ T6318] netlink: 104 bytes leftover after parsing attributes in process `syz.3.91'.
[  150.293592][  T149] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.581314][  T149] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.803549][   T24] usb 4-1: USB disconnect, device number 6
[  150.816646][  T149] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  151.008560][  T149] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.177202][  T149] bridge_slave_1: left allmulticast mode
[  152.273394][ T6330] syz.4.98: attempt to access beyond end of device
[  152.273394][ T6330] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  152.296584][ T6330] EXT4-fs (nbd4): unable to read superblock
[  152.307055][  T149] bridge_slave_1: left promiscuous mode
[  152.313406][  T149] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.386412][ T5960] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  152.434519][  T149] bridge_slave_0: left allmulticast mode
[  152.479688][  T149] bridge_slave_0: left promiscuous mode
[  152.501746][  T149] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.875223][ T5960] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  152.889116][ T5960] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.002982][ T5960] usb 2-1: config 0 descriptor??
[  153.179852][ T5960] gspca_main: spca508-2.14.0 probing 8086:0110
[  153.486435][ T5960] gspca_spca508: reg_read err -32
[  153.531298][ T5960] gspca_spca508: reg_read err -32
[  153.545119][ T5960] gspca_spca508: reg_read err -32
[  153.734043][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  153.745553][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  153.765017][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  153.774655][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  153.783543][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  153.904621][ T5960] gspca_spca508: reg_read err -71
[  153.933448][ T5960] gspca_spca508: reg write: error -71
[  153.947226][ T5960] spca508 2-1:0.0: probe with driver spca508 failed with error -71
[  153.985078][ T5960] usb 2-1: USB disconnect, device number 6
[  155.576991][ T6365] program syz.3.108 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  155.678888][  T149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  155.785927][  T149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  155.907139][ T5851] Bluetooth: hci4: command tx timeout
[  155.954733][  T149] bond0 (unregistering): Released all slaves
[  156.123993][ T6365] warning: `syz.3.108' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  157.987908][ T5851] Bluetooth: hci4: command tx timeout
[  158.826393][  T149] hsr_slave_0: left promiscuous mode
[  158.840600][  T149] hsr_slave_1: left promiscuous mode
[  158.857973][  T149] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  158.869349][  T149] batman_adv: batadv0: Removing interface: batadv_slave_0
[  158.893478][  T149] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  158.916346][  T149] batman_adv: batadv0: Removing interface: batadv_slave_1
[  158.960552][  T149] veth1_macvtap: left promiscuous mode
[  158.977648][  T149] veth0_macvtap: left promiscuous mode
[  158.983515][  T149] veth1_vlan: left promiscuous mode
[  159.000028][  T149] veth0_vlan: left promiscuous mode
[  159.406991][ T5925] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  159.955352][ T5925] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  159.977703][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.008306][ T5925] usb 4-1: Product: syz
[  160.022298][ T5925] usb 4-1: Manufacturer: syz
[  160.030617][ T5925] usb 4-1: SerialNumber: syz
[  160.063216][ T5925] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  160.073585][ T5851] Bluetooth: hci4: command tx timeout
[  160.124587][ T5912] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  160.259943][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  160.271740][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  160.281572][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  160.291970][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  160.303333][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  160.681681][ T5925] usb 4-1: USB disconnect, device number 7
[  161.193971][ T5912] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  161.229926][ T5912] ath9k_htc: Failed to initialize the device
[  161.265284][ T6346] chnl_net:caif_netlink_parms(): no params data found
[  161.280697][ T5925] usb 4-1: ath9k_htc: USB layer deinitialized
[  161.539427][   T24] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  161.797402][   T24] usb 1-1: Using ep0 maxpacket: 8
[  161.863768][   T24] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  161.892678][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.990316][   T24] pvrusb2: Hardware description: Terratec Grabster AV400
[  162.003187][   T24] pvrusb2: **********
[  162.013569][   T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  162.042881][   T24] pvrusb2: Important functionality might not be entirely working.
[  162.072452][   T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  162.117002][   T24] pvrusb2: **********
[  162.156175][   T51] Bluetooth: hci4: command tx timeout
[  162.242949][ T2343] pvrusb2: Invalid write control endpoint
[  162.396369][   T51] Bluetooth: hci0: command tx timeout
[  162.968805][   T24] usb 1-1: USB disconnect, device number 3
[  163.095965][ T2343] pvrusb2: Invalid write control endpoint
[  163.128369][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  163.164749][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  163.192673][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  163.234724][ T2343] pvrusb2: Device being rendered inoperable
[  163.248055][ T6346] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.257208][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  163.264453][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  163.273210][ T6346] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.290608][ T6346] bridge_slave_0: entered allmulticast mode
[  163.302844][ T6346] bridge_slave_0: entered promiscuous mode
[  163.319615][ T2343] pvrusb2: Attached sub-driver cx25840
[  163.325269][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  163.350462][ T6346] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.366520][ T6346] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.386332][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  163.411604][ T6346] bridge_slave_1: entered allmulticast mode
[  163.440853][ T6346] bridge_slave_1: entered promiscuous mode
[  163.689195][ T6346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  163.702829][ T6346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  163.831165][ T6346] team0: Port device team_slave_0 added
[  163.850529][ T6346] team0: Port device team_slave_1 added
[  164.068128][ T6346] batman_adv: batadv0: Adding interface: batadv_slave_0
[  164.077277][ T6475] fuse: Bad value for 'fd'
[  164.108828][ T6346] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.157919][ T6346] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  164.278188][ T6346] batman_adv: batadv0: Adding interface: batadv_slave_1
[  164.285679][ T6346] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  164.467206][   T51] Bluetooth: hci0: command tx timeout
[  164.564363][ T6346] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  164.624563][ T6419] chnl_net:caif_netlink_parms(): no params data found
[  165.050707][  T149] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.548114][   T51] Bluetooth: hci0: command tx timeout
[  166.819691][  T149] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.984183][ T6346] hsr_slave_0: entered promiscuous mode
[  166.991718][ T6346] hsr_slave_1: entered promiscuous mode
[  166.998391][ T6346] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  167.006142][ T6346] Cannot create hsr debugfs directory
[  167.535793][  T149] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.991228][  T149] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.119066][ T6419] bridge0: port 1(bridge_slave_0) entered blocking state
[  168.145825][ T6419] bridge0: port 1(bridge_slave_0) entered disabled state
[  168.153851][ T6419] bridge_slave_0: entered allmulticast mode
[  168.169580][ T6419] bridge_slave_0: entered promiscuous mode
[  168.184565][ T6419] bridge0: port 2(bridge_slave_1) entered blocking state
[  168.202766][ T6419] bridge0: port 2(bridge_slave_1) entered disabled state
[  168.211010][ T6419] bridge_slave_1: entered allmulticast mode
[  168.242592][ T6419] bridge_slave_1: entered promiscuous mode
[  168.626478][   T51] Bluetooth: hci0: command tx timeout
[  169.032313][ T6419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  169.117456][ T6419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  170.123635][ T6419] team0: Port device team_slave_0 added
[  170.222667][ T6419] team0: Port device team_slave_1 added
[  171.705087][ T6419] batman_adv: batadv0: Adding interface: batadv_slave_0
[  171.884182][ T6419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.005673][ T6561] netlink: 4 bytes leftover after parsing attributes in process `syz.0.144'.
[  172.633473][ T6419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  172.768024][ T6419] batman_adv: batadv0: Adding interface: batadv_slave_1
[  172.810139][ T6419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  172.908375][ T6419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  175.039281][  T149] bridge_slave_1: left allmulticast mode
[  175.045410][  T149] bridge_slave_1: left promiscuous mode
[  175.064986][  T149] bridge0: port 2(bridge_slave_1) entered disabled state
[  175.173122][  T149] bridge_slave_0: left allmulticast mode
[  175.181447][  T149] bridge_slave_0: left promiscuous mode
[  175.192117][  T149] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.922828][  T149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  177.925394][  T149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  177.927318][  T149] bond0 (unregistering): Released all slaves
[  178.024627][ T6419] hsr_slave_0: entered promiscuous mode
[  178.025489][ T6419] hsr_slave_1: entered promiscuous mode
[  178.025972][ T6419] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  178.026013][ T6419] Cannot create hsr debugfs directory
[  178.153327][ T6590] netlink: 4 bytes leftover after parsing attributes in process `syz.0.152'.
[  178.187779][ T6599] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  178.198825][ T6599] batadv_slave_0: entered promiscuous mode
[  178.339393][ T6601] fuse: Bad value for 'fd'
[  179.178041][  T149] hsr_slave_0: left promiscuous mode
[  179.206032][  T149] hsr_slave_1: left promiscuous mode
[  179.230633][  T149] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  179.242362][  T149] batman_adv: batadv0: Removing interface: batadv_slave_0
[  179.253635][  T149] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  179.264725][  T149] batman_adv: batadv0: Removing interface: batadv_slave_1
[  179.310198][  T149] veth1_macvtap: left promiscuous mode
[  179.316209][  T149] veth0_macvtap: left promiscuous mode
[  179.324758][  T149] veth1_vlan: left promiscuous mode
[  179.346067][  T149] veth0_vlan: left promiscuous mode
[  181.761223][  T149] team0 (unregistering): Port device team_slave_1 removed
[  181.814434][  T149] team0 (unregistering): Port device team_slave_0 removed
[  183.209785][   T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  183.377983][   T24] usb 4-1: Using ep0 maxpacket: 16
[  183.429405][   T24] usb 4-1: config 0 has an invalid interface number: 63 but max is 0
[  183.438441][   T24] usb 4-1: config 0 has no interface number 0
[  183.445555][   T24] usb 4-1: config 0 interface 63 altsetting 150 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  183.465562][   T24] usb 4-1: config 0 interface 63 altsetting 150 endpoint 0x81 has invalid wMaxPacketSize 0
[  183.481317][   T24] usb 4-1: config 0 interface 63 altsetting 150 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  183.499745][   T24] usb 4-1: config 0 interface 63 has no altsetting 0
[  183.509585][   T24] usb 4-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00
[  183.522949][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.694735][   T24] usb 4-1: config 0 descriptor??
[  184.069571][ T6346] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  184.092286][ T6637] vxcan1: entered allmulticast mode
[  184.104207][ T6346] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  184.123114][ T6631] vxcan1: left allmulticast mode
[  184.148616][ T6346] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  184.228252][ T6346] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  184.710964][ T3506] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.890614][ T3506] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.039284][ T3506] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.210883][ T3506] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.257256][ T6419] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  185.282305][ T6346] 8021q: adding VLAN 0 to HW filter on device bond0
[  185.297811][ T6419] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  185.317689][ T6419] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  185.379603][ T6419] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  185.457685][ T6346] 8021q: adding VLAN 0 to HW filter on device team0
[  185.621473][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.628754][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.760238][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.767529][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.251388][   T24] usbhid 4-1:0.63: can't add hid device: -71
[  186.260661][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  186.271192][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  186.290287][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  186.326169][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  186.336120][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  186.607224][   T24] usbhid 4-1:0.63: probe with driver usbhid failed with error -71
[  186.622243][   T24] usb 4-1: USB disconnect, device number 8
[  186.736088][ T3506] bridge_slave_1: left allmulticast mode
[  186.742456][ T3506] bridge_slave_1: left promiscuous mode
[  186.748780][ T3506] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.783707][ T3506] bridge_slave_0: left allmulticast mode
[  186.793952][ T3506] bridge_slave_0: left promiscuous mode
[  186.800826][ T3506] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.836695][ T3506] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  187.868615][ T3506] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  187.900799][ T3506] bond0 (unregistering): Released all slaves
[  188.527155][   T51] Bluetooth: hci1: command tx timeout
[  189.648264][ T3506] hsr_slave_0: left promiscuous mode
[  189.676914][ T3506] hsr_slave_1: left promiscuous mode
[  189.689195][ T3506] batman_adv: batadv0: Removing interface: batadv_slave_0
[  189.715839][ T3506] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  189.744456][ T3506] batman_adv: batadv0: Removing interface: batadv_slave_1
[  189.822499][ T3506] veth1_macvtap: left promiscuous mode
[  189.830146][ T3506] veth0_macvtap: left promiscuous mode
[  189.835917][ T3506] veth1_vlan: left promiscuous mode
[  189.843216][ T3506] veth0_vlan: left promiscuous mode
[  190.587348][ T5898] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  190.603726][   T51] Bluetooth: hci1: command tx timeout
[  190.778573][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  190.792121][ T5898] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  190.809729][ T5898] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  190.840672][ T5898] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  190.896784][ T5898] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  190.940434][ T5898] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  191.022019][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.428350][ T5898] usb 4-1: GET_CAPABILITIES returned 0
[  191.546690][ T5898] usbtmc 4-1:16.0: can't read capabilities
[  192.017076][ T5898] usb 4-1: USB disconnect, device number 9
[  192.626372][   T51] Bluetooth: hci1: command tx timeout
[  192.860820][ T3506] team0 (unregistering): Port device team_slave_1 removed
[  192.938805][ T3506] team0 (unregistering): Port device team_slave_0 removed
[  194.241793][ T6419] 8021q: adding VLAN 0 to HW filter on device bond0
[  194.405286][ T6419] 8021q: adding VLAN 0 to HW filter on device team0
[  194.423838][   T30] audit: type=1326 audit(1755769530.888:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6782 comm="syz.0.180" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cbdb8ebe9 code=0x0
[  194.576704][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  194.583094][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  194.726713][   T51] Bluetooth: hci1: command tx timeout
[  195.588508][ T5977] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.596563][ T5977] bridge0: port 1(bridge_slave_0) entered forwarding state
[  195.798960][ T5977] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.806418][ T5977] bridge0: port 2(bridge_slave_1) entered forwarding state
[  196.089097][ T6346] 8021q: adding VLAN 0 to HW filter on device batadv0
[  196.203835][ T6679] chnl_net:caif_netlink_parms(): no params data found
[  197.109137][ T6346] veth0_vlan: entered promiscuous mode
[  197.267120][ T6346] veth1_vlan: entered promiscuous mode
[  197.290477][ T6679] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.299787][ T6679] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.309828][ T6679] bridge_slave_0: entered allmulticast mode
[  197.320106][ T6679] bridge_slave_0: entered promiscuous mode
[  197.335873][ T6679] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.345048][ T6679] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.473065][ T6679] bridge_slave_1: entered allmulticast mode
[  198.229336][ T6679] bridge_slave_1: entered promiscuous mode
[  198.427763][ T6679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  198.456013][ T6419] 8021q: adding VLAN 0 to HW filter on device batadv0
[  198.484192][ T6679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  198.660273][ T6679] team0: Port device team_slave_0 added
[  198.725725][ T6679] team0: Port device team_slave_1 added
[  198.807554][ T6346] veth0_macvtap: entered promiscuous mode
[  198.893124][ T6679] batman_adv: batadv0: Adding interface: batadv_slave_0
[  198.920371][ T6679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  198.989267][ T6679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  199.033218][ T6346] veth1_macvtap: entered promiscuous mode
[  199.071399][ T6679] batman_adv: batadv0: Adding interface: batadv_slave_1
[  199.084277][ T6679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  199.114723][ T6679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  199.407409][ T6679] hsr_slave_0: entered promiscuous mode
[  199.420778][ T6679] hsr_slave_1: entered promiscuous mode
[  199.432728][ T6346] batman_adv: batadv0: Interface activated: batadv_slave_0
[  199.544309][ T6346] batman_adv: batadv0: Interface activated: batadv_slave_1
[  199.625102][ T6346] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  199.642181][ T6346] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  199.652634][ T6346] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  199.703383][ T6346] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  200.269755][ T6419] veth0_vlan: entered promiscuous mode
[  200.288795][ T5977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.324354][ T6419] veth1_vlan: entered promiscuous mode
[  200.347007][ T5977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  201.326205][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  201.335436][ T6871] Illegal XDP return value 4294967274 on prog  (id 38) dev N/A, expect packet loss!
[  201.345291][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  201.512243][ T6419] veth0_macvtap: entered promiscuous mode
[  201.575503][ T6419] veth1_macvtap: entered promiscuous mode
[  201.866957][ T6419] batman_adv: batadv0: Interface activated: batadv_slave_0
[  201.894118][ T6885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.190'.
[  201.929956][ T6419] batman_adv: batadv0: Interface activated: batadv_slave_1
[  202.073419][   T30] audit: type=1326 audit(1755769538.538:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6889 comm="syz.2.191" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba32d8ebe9 code=0x0
[  202.118233][ T6419] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  202.130967][ T6419] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  202.141758][ T6419] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  202.163085][ T6419] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  202.451360][ T6679] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  202.936602][ T5911] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  203.104264][ T6679] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  203.146570][ T5911] usb 4-1: config 2 has an invalid interface number: 211 but max is 0
[  203.186732][ T5911] usb 4-1: config 2 has no interface number 0
[  203.234171][ T5911] usb 4-1: config 2 interface 211 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  203.276094][ T6679] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  203.327901][ T5911] usb 4-1: config 2 interface 211 altsetting 0 endpoint 0x82 has an invalid bInterval 36, changing to 4
[  203.352033][ T6679] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  203.381047][ T5911] usb 4-1: New USB device found, idVendor=2040, idProduct=8268, bcdDevice=27.95
[  203.405475][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.427934][ T5911] usb 4-1: Product: syz
[  203.432363][ T5911] usb 4-1: Manufacturer: syz
[  203.450615][ T5911] usb 4-1: SerialNumber: syz
[  203.480088][ T6897] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  203.521457][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.542978][ T5911] em28xx 4-1:2.211: New device syz syz @ 12 Mbps (2040:8268, interface 211, class 211)
[  203.545997][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.624567][ T5911] em28xx 4-1:2.211: Device initialization failed.
[  203.648413][ T5911] em28xx 4-1:2.211: Device must be connected to a high-speed USB 2.0 port.
[  203.701078][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.730514][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  204.944411][ T6679] 8021q: adding VLAN 0 to HW filter on device bond0
[  205.054806][ T6679] 8021q: adding VLAN 0 to HW filter on device team0
[  205.073297][ T5882] usb 4-1: USB disconnect, device number 10
[  205.146093][ T5977] bridge0: port 1(bridge_slave_0) entered blocking state
[  205.153444][ T5977] bridge0: port 1(bridge_slave_0) entered forwarding state
[  205.198227][ T5977] bridge0: port 2(bridge_slave_1) entered blocking state
[  205.205570][ T5977] bridge0: port 2(bridge_slave_1) entered forwarding state
[  206.620233][ T6938] syz.4.115: attempt to access beyond end of device
[  206.620233][ T6938] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  206.750101][ T6938] EXT4-fs (nbd4): unable to read superblock
[  208.105440][ T6957] hugetlbfs: syz.0.201 (6957): Using mlock ulimits for SHM_HUGETLB is obsolete
[  209.719727][ T6679] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.026976][ T6679] veth0_vlan: entered promiscuous mode
[  210.094184][ T6679] veth1_vlan: entered promiscuous mode
[  210.327079][ T6977] netlink: 8 bytes leftover after parsing attributes in process `syz.3.205'.
[  210.380842][ T6679] veth0_macvtap: entered promiscuous mode
[  210.676636][ T6679] veth1_macvtap: entered promiscuous mode
[  211.081568][ T6679] batman_adv: batadv0: Interface activated: batadv_slave_0
[  211.141987][ T6679] batman_adv: batadv0: Interface activated: batadv_slave_1
[  211.200432][ T6679] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  211.265071][ T6679] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  211.296373][ T6679] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  211.336465][ T6679] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  212.187376][ T3506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  212.226855][ T3506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  212.383762][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  212.415797][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  212.742623][ T6998] netlink: 'syz.4.209': attribute type 2 has an invalid length.
[  212.871846][ T6999] netlink: zone id is out of range
[  212.877331][ T6999] netlink: zone id is out of range
[  212.882511][ T6999] netlink: zone id is out of range
[  212.887816][ T6999] netlink: zone id is out of range
[  212.893040][ T6999] netlink: zone id is out of range
[  212.898313][ T6999] netlink: zone id is out of range
[  212.903513][ T6999] netlink: zone id is out of range
[  212.908742][ T6999] netlink: zone id is out of range
[  212.914094][ T6999] netlink: zone id is out of range
[  212.919359][ T6999] netlink: zone id is out of range
[  213.893456][ T7011] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.212'.
[  215.667652][ T7025] netlink: 8 bytes leftover after parsing attributes in process `syz.4.216'.
[  216.147293][  T978] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  217.272606][ T5835] Bluetooth: hci3: command 0x0406 tx timeout
[  217.279010][ T5835] Bluetooth: hci2: command 0x0406 tx timeout
[  217.696364][  T978] usb 5-1: device descriptor read/64, error -71
[  217.751039][ T7042] syz.3.219: attempt to access beyond end of device
[  217.751039][ T7042] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  217.771800][ T7042] EXT4-fs (nbd3): unable to read superblock
[  217.959824][  T978] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  218.136336][  T978] usb 5-1: device descriptor read/64, error -71
[  219.096584][  T978] usb usb5-port1: attempt power cycle
[  219.987778][ T7058] process 'syz.4.223' launched './file0' with NULL argv: empty string added
[  220.982345][ T7062] netlink: 56 bytes leftover after parsing attributes in process `syz.0.224'.
[  223.605533][ T7081] netlink: 'syz.1.230': attribute type 39 has an invalid length.
[  225.107307][ T7091] binder: BINDER_SET_CONTEXT_MGR already set
[  225.113546][ T7091] binder: 7090:7091 ioctl 4018620d 200000000040 returned -16
[  225.838217][  T978] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  226.116403][  T978] usb 1-1: Using ep0 maxpacket: 8
[  226.147521][ T7104] i2c i2c-0: Invalid block write size 35
[  226.166974][ T7096] comedi comedi2: dt2814: I/O port conflict (0xb000,2)
[  226.191345][ T7104] autofs: Bad value for 'fd'
[  226.366915][   T44] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  226.387748][ T7107] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0
[  226.495511][ T7106] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  226.657439][  T978] usb 1-1: unable to get BOS descriptor or descriptor too short
[  226.693948][  T978] usb 1-1: unable to read config index 0 descriptor/start: -71
[  226.748399][  T978] usb 1-1: can't read configurations, error -71
[  226.750642][   T44] usb 3-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76
[  226.774119][   T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.782606][   T44] usb 3-1: Product: syz
[  226.792106][   T44] usb 3-1: Manufacturer: syz
[  226.824392][   T44] usb 3-1: SerialNumber: syz
[  227.710945][   T44] usb 3-1: config 0 descriptor??
[  227.861371][ T7124] netlink: 4 bytes leftover after parsing attributes in process `syz.0.240'.
[  228.931350][ T7124] team0 (unregistering): Port device team_slave_0 removed
[  228.944610][ T7124] team0 (unregistering): Port device team_slave_1 removed
[  229.092244][   T44] usb_8dev 3-1:0.0 can0: sending command message failed
[  229.135627][   T44] usb_8dev 3-1:0.0 can0: can't get firmware version
[  229.397379][   T44] usb_8dev 3-1:0.0: probe with driver usb_8dev failed with error -22
[  229.429643][   T44] usb 3-1: USB disconnect, device number 3
[  229.519302][ T7139] syz.4.243: attempt to access beyond end of device
[  229.519302][ T7139] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  229.610674][ T7139] EXT4-fs (nbd4): unable to read superblock
[  232.260153][ T7159] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  234.283889][ T7175] Zero length message leads to an empty skb
[  235.150847][ T7189] netlink: 8 bytes leftover after parsing attributes in process `syz.2.258'.
[  236.319424][ T7199] binder: 7196:7199 ioctl c0306201 200000000640 returned -22
[  236.442415][ T7200] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  237.084295][ T7197] binder: 7196:7197 ioctl c0306201 2000000000c0 returned -14
[  239.380769][ T7228] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  239.468267][ T7228] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  241.175745][ T7251] syz.3.272: attempt to access beyond end of device
[  241.175745][ T7251] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  241.190107][ T7251] EXT4-fs (nbd3): unable to read superblock
[  241.198296][  T978] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  241.379311][  T978] usb 1-1: config 2 has an invalid descriptor of length 238, skipping remainder of the config
[  241.399369][   T30] audit: type=1326 audit(1755769577.858:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7255 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  241.449306][  T978] usb 1-1: config 2 has 0 interfaces, different from the descriptor's value: 1
[  241.463543][   T30] audit: type=1326 audit(1755769577.858:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7255 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  241.493290][  T978] usb 1-1: New USB device found, idVendor=05ac, idProduct=8514, bcdDevice=d8.dd
[  241.510597][  T978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.521272][   T30] audit: type=1326 audit(1755769577.868:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7255 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  241.547661][  T978] usb 1-1: Product: syz
[  241.551976][  T978] usb 1-1: Manufacturer: syz
[  241.559890][  T978] usb 1-1: SerialNumber: syz
[  241.567618][   T30] audit: type=1326 audit(1755769577.868:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7255 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  241.606070][   T30] audit: type=1326 audit(1755769577.898:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7255 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  241.681800][   T30] audit: type=1326 audit(1755769577.898:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7255 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  241.717722][   T30] audit: type=1326 audit(1755769577.898:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7255 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  241.751419][   T30] audit: type=1326 audit(1755769577.898:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7255 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  241.813784][  T978] usb 1-1: USB disconnect, device number 6
[  241.841669][   T30] audit: type=1326 audit(1755769577.898:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7255 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  241.904997][   T30] audit: type=1326 audit(1755769577.898:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7255 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  243.347126][ T7272] netlink: 32 bytes leftover after parsing attributes in process `syz.1.278'.
[  243.383124][ T7272] netlink: 32 bytes leftover after parsing attributes in process `syz.1.278'.
[  243.394748][ T7272] netlink: 32 bytes leftover after parsing attributes in process `syz.1.278'.
[  243.414981][ T7272] netlink: 32 bytes leftover after parsing attributes in process `syz.1.278'.
[  243.452844][ T7272] netlink: 32 bytes leftover after parsing attributes in process `syz.1.278'.
[  243.474425][ T7272] netlink: 32 bytes leftover after parsing attributes in process `syz.1.278'.
[  243.492693][ T7272] netlink: 32 bytes leftover after parsing attributes in process `syz.1.278'.
[  243.513646][ T7272] netlink: 32 bytes leftover after parsing attributes in process `syz.1.278'.
[  243.578062][ T7272] netlink: 32 bytes leftover after parsing attributes in process `syz.1.278'.
[  243.603964][ T7272] netlink: 32 bytes leftover after parsing attributes in process `syz.1.278'.
[  250.526343][ T5882] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  250.688250][ T5882] usb 3-1: Using ep0 maxpacket: 32
[  250.738423][ T5882] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  250.780867][ T5882] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  250.799418][ T5882] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  250.827475][ T5882] usb 3-1: config 1 has no interface number 0
[  250.843281][ T5882] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  250.856143][ T5882] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  250.869996][ T5882] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  250.879654][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.895982][ T7334] syz.0.294: attempt to access beyond end of device
[  250.895982][ T7334] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  250.910110][ T7334] EXT4-fs (nbd0): unable to read superblock
[  250.942089][ T5882] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  251.999225][ T5882] snd_usb_pod 3-1:1.1: invalid control EP
[  252.005036][ T5882] snd_usb_pod 3-1:1.1: cannot start listening: -22
[  252.037074][ T5882] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  252.267139][ T5882] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[  252.459857][ T5882] usb 3-1: USB disconnect, device number 4
[  254.746332][ T7366] __nla_validate_parse: 15 callbacks suppressed
[  254.746495][ T7366] netlink: 8 bytes leftover after parsing attributes in process `syz.1.302'.
[  255.887464][ T7378] binder: BINDER_SET_CONTEXT_MGR already set
[  255.893738][ T7378] binder: 7376:7378 ioctl 4018620d 200000000040 returned -16
[  255.907316][ T7378] binder: 7376:7378 ioctl c0306201 2000000001c0 returned -22
[  257.006455][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  257.012787][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  258.356476][ T7399] netlink: 8 bytes leftover after parsing attributes in process `syz.3.310'.
[  260.594219][ T7413] netlink: 8 bytes leftover after parsing attributes in process `syz.2.313'.
[  260.786319][ T5882] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  260.970004][ T5882] usb 5-1: not running at top speed; connect to a high speed hub
[  260.999315][ T5882] usb 5-1: config 1 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  261.051269][ T5882] usb 5-1: config 1 interface 0 has no altsetting 0
[  261.068536][ T5882] usb 5-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.40
[  261.094883][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.111991][ T5882] usb 5-1: Product: 倊
[  261.147029][ T5882] usb 5-1: Manufacturer: à „
[  261.157323][ T5882] usb 5-1: SerialNumber: syz
[  261.388012][ T7411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  261.443253][ T7411] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  261.711021][ T7411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  261.720462][ T7411] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  261.765454][ T7411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  261.863816][ T7411] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  263.248552][ T5882] usbhid 5-1:1.0: can't add hid device: -71
[  263.254737][ T5882] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  263.285970][ T5882] usb 5-1: USB disconnect, device number 5
[  263.453363][   T30] kauditd_printk_skb: 47 callbacks suppressed
[  263.453384][   T30] audit: type=1326 audit(1755769599.908:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7434 comm="syz.0.318" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6cbdb8ebe9 code=0x0
[  265.325443][ T7453] overlayfs: failed to resolve './bus': -2
[  267.041324][ T7475] 9pnet_fd: Insufficient options for proto=fd
[  271.226954][ T7500] qnx4: no qnx4 filesystem (no root dir).
[  273.956373][  T978] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  274.139627][  T978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  274.186419][  T978] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  274.207948][  T978] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  274.243796][  T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.271855][  T978] usb 3-1: config 0 descriptor??
[  274.527685][ T7521] fuse: Bad value for 'fd'
[  274.597452][ T7522] syz.3.341: attempt to access beyond end of device
[  274.597452][ T7522] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  274.646146][ T7522] EXT4-fs (nbd3): unable to read superblock
[  274.851081][  T978] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  274.886094][  T978] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  274.928502][  T978] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0003/input/input6
[  275.032378][  T978] cm6533_jd 0003:0D8C:0022.0003: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0
[  275.100239][  T978] usb 3-1: USB disconnect, device number 5
[  275.285624][ T7524] fido_id[7524]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  276.027360][ T7531] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  276.036244][ T7531] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  276.044785][ T7531] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  276.052850][ T7531] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  277.059202][   T30] audit: type=1326 audit(1755769613.528:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7529 comm="syz.0.344" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cbdb8ebe9 code=0x0
[  277.253614][ T7537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.346'.
[  277.417057][ T7540] netlink: 'syz.2.345': attribute type 10 has an invalid length.
[  277.430127][ T7540] netlink: 40 bytes leftover after parsing attributes in process `syz.2.345'.
[  277.648579][ T7537] team0 (unregistering): Port device team_slave_0 removed
[  277.682101][ T7537] team0 (unregistering): Port device team_slave_1 removed
[  278.896347][ T5851] Bluetooth: hci4: command 0x0406 tx timeout
[  279.639442][ T7566] gretap0: refused to change device tx_queue_len
[  279.685493][ T7566] net_ratelimit: 6 callbacks suppressed
[  279.685509][ T7566] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  280.069962][ T7570] tipc: Started in network mode
[  280.075092][ T7570] tipc: Node identity 0000000000005f000000000000000001, cluster identity 4711
[  280.085475][ T7570] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  283.072162][ T7596] syz.0.358: attempt to access beyond end of device
[  283.072162][ T7596] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  283.288226][ T7596] EXT4-fs (nbd0): unable to read superblock
[  283.828279][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  286.371723][ T7627] syz_tun: entered allmulticast mode
[  286.384300][ T7627] syz_tun: left allmulticast mode
[  286.431652][ T7626] overlay: ./file1 is not a directory
[  286.654993][   T30] audit: type=1326 audit(1755769623.118:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7633 comm="syz.1.374" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f74b658ebe9 code=0x0
[  286.871933][ T7629] netlink: 8 bytes leftover after parsing attributes in process `syz.3.372'.
[  292.837154][   T30] audit: type=1326 audit(1755769629.308:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7686 comm="syz.3.388" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff69398ebe9 code=0x0
[  293.106612][ T7693] syz.2.384: attempt to access beyond end of device
[  293.106612][ T7693] nbd2: rw=4096, sector=2, nr_sectors = 2 limit=0
[  293.143564][ T7693] EXT4-fs (nbd2): unable to read superblock
[  295.576249][    C1] hrtimer: interrupt took 86724 ns
[  301.279432][ T7742] netlink: 4 bytes leftover after parsing attributes in process `syz.4.400'.
[  301.826355][   T44] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  302.047832][   T44] usb 3-1: Using ep0 maxpacket: 16
[  302.056715][   T44] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  302.086401][   T44] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  302.106304][   T44] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  302.115530][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.177533][   T44] usb 3-1: config 0 descriptor??
[  302.638129][ T7757] syz.0.402: attempt to access beyond end of device
[  302.638129][ T7757] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  302.653622][ T7757] EXT4-fs (nbd0): unable to read superblock
[  303.051210][ T7764] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  303.094938][ T7765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  303.202161][ T7765] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.073600][ T7770] netlink: 8 bytes leftover after parsing attributes in process `syz.4.407'.
[  304.112077][ T7770] ip6gretap0: entered promiscuous mode
[  304.122084][ T7770] ip6gretap0: left promiscuous mode
[  306.869997][ T5960] usb 3-1: USB disconnect, device number 6
[  308.034584][ T7808] syz.3.415: attempt to access beyond end of device
[  308.034584][ T7808] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  308.048801][ T7808] syz.3.415: attempt to access beyond end of device
[  308.048801][ T7808] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0
[  308.062385][ T7808] Mount JFS Failure: -5
[  309.291017][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  313.209170][ T7846] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  313.438156][   T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  313.565756][   T30] audit: type=1326 audit(1755769650.028:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7855 comm="syz.2.431" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba32d8ebe9 code=0x0
[  313.627996][   T10] usb 4-1: Using ep0 maxpacket: 32
[  313.781119][   T10] usb 4-1: config 0 has an invalid interface number: 169 but max is 0
[  313.794130][   T10] usb 4-1: config 0 has no interface number 0
[  314.249672][   T10] usb 4-1: config 0 interface 169 has no altsetting 0
[  314.724024][   T10] usb 4-1: New USB device found, idVendor=0781, idProduct=0001, bcdDevice= 2.00
[  314.757582][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.793117][   T10] usb 4-1: Product: syz
[  314.803105][   T10] usb 4-1: Manufacturer: syz
[  314.816502][   T10] usb 4-1: SerialNumber: syz
[  314.882961][   T10] usb 4-1: config 0 descriptor??
[  315.148270][   T10] usb-storage 4-1:0.169: USB Mass Storage device detected
[  315.189001][   T10] usb-storage 4-1:0.169: Quirks match for vid 0781 pid 0001: 1
[  315.313361][   T10] usb 4-1: USB disconnect, device number 11
[  315.735219][ T7879] syz_tun: entered allmulticast mode
[  316.790100][   T24] hid-generic 0000:0004:0034.0004: unknown main item tag 0x0
[  316.825280][   T24] hid-generic 0000:0004:0034.0004: unknown main item tag 0x0
[  316.893793][   T24] hid-generic 0000:0004:0034.0004: unknown main item tag 0x0
[  316.934456][ T7882] netlink: 'syz.0.436': attribute type 2 has an invalid length.
[  317.323939][   T24] hid-generic 0000:0004:0034.0004: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  317.705519][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  319.824689][ T7873] syz_tun: left allmulticast mode
[  320.992368][ T7887] fido_id[7887]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  323.277727][ T7911] syz.2.442: attempt to access beyond end of device
[  323.277727][ T7911] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  323.291554][ T7911] syz.2.442: attempt to access beyond end of device
[  323.291554][ T7911] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0
[  323.304894][ T7911] Mount JFS Failure: -5
[  325.637394][ T5912] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  326.645869][ T5912] usb 1-1: Using ep0 maxpacket: 32
[  326.929412][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  326.961786][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  326.984790][ T5912] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  327.025568][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.063763][ T5912] usb 1-1: config 0 descriptor??
[  328.413117][ T5912] kone 0003:1E7D:2CED.0005: bogus close delimiter
[  328.440877][ T5912] kone 0003:1E7D:2CED.0005: item 0 0 2 10 parsing failed
[  328.441767][ T5912] kone 0003:1E7D:2CED.0005: parse failed
[  328.441841][ T5912] kone 0003:1E7D:2CED.0005: probe with driver kone failed with error -22
[  328.449597][ T5912] usb 1-1: USB disconnect, device number 7
[  328.616310][ T5911] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  328.766847][ T5911] usb 5-1: Using ep0 maxpacket: 32
[  328.775034][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[  328.798591][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  328.836104][ T5911] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  328.871993][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  328.904214][ T5911] usb 5-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[  328.923119][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.934550][ T5911] usb 5-1: Product: syz
[  328.942534][ T5911] usb 5-1: Manufacturer: syz
[  328.960338][ T5911] usb 5-1: SerialNumber: syz
[  328.969261][ T5911] usb 5-1: config 0 descriptor??
[  328.982828][ T5911] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input8
[  328.999776][ T5191] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  329.071030][ T7953] syz.3.455: attempt to access beyond end of device
[  329.071030][ T7953] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  329.084574][ T7953] syz.3.455: attempt to access beyond end of device
[  329.084574][ T7953] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0
[  329.098039][ T7953] Mount JFS Failure: -5
[  329.165079][ T5191] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  329.231275][    C1] xpad 5-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1
[  329.628104][ T5191] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  329.707901][ T7940] overlayfs: failed to resolve './file0': -2
[  329.879918][ T5191] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  329.941746][    C0] xpad 5-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1
[  330.025350][ T5191] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  330.101654][ T6087] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  330.195316][ T7961] binder: BINDER_SET_CONTEXT_MGR already set
[  330.201656][ T7961] binder: 7959:7961 ioctl 4018620d 200000000040 returned -16
[  330.227587][ T7961] binder: 7959:7961 ioctl c0306201 2000000001c0 returned -22
[  330.436683][  T978] usb 5-1: USB disconnect, device number 6
[  330.436751][    C1] xpad 5-1:0.0: xpad_irq_in - usb_submit_urb failed with result -19
[  331.848588][ T7968] binder: BINDER_SET_CONTEXT_MGR already set
[  331.855199][ T7968] binder: 7964:7968 ioctl 4018620d 200000000040 returned -16
[  331.872977][ T7968] binder: 7964:7968 ioctl c0306201 2000000001c0 returned -22
[  332.825759][ T7975] sctp: [Deprecated]: syz.2.463 (pid 7975) Use of int in max_burst socket option deprecated.
[  332.825759][ T7975] Use struct sctp_assoc_value instead
[  334.001300][ T7992] mkiss: ax0: crc mode is auto.
[  335.846261][ T8001] syz.0.470: attempt to access beyond end of device
[  335.846261][ T8001] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  335.860292][ T8001] syz.0.470: attempt to access beyond end of device
[  335.860292][ T8001] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0
[  335.873659][ T8001] Mount JFS Failure: -5
[  337.493459][ T8020] netlink: 8 bytes leftover after parsing attributes in process `syz.4.476'.
[  341.397223][   T30] audit: type=1326 audit(1755769677.858:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8051 comm="syz.1.487" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f74b658ebe9 code=0x0
[  343.561801][ T8078] af_packet: tpacket_rcv: packet too big, clamped from 16 to 4294967272. macoff=96
[  343.856687][ T5912] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  344.019886][ T5912] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  344.051098][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 4
[  344.116038][ T5912] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  344.141325][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.222913][ T5912] usb 4-1: Product: syz
[  344.227669][ T5912] usb 4-1: Manufacturer: syz
[  344.232368][ T5912] usb 4-1: SerialNumber: syz
[  344.257095][ T5912] usb 4-1: config 0 descriptor??
[  344.277039][ T5912] em28xx 4-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0)
[  344.306295][ T5912] em28xx 4-1:0.0: Device initialization failed.
[  344.328376][ T5912] em28xx 4-1:0.0: Device must be connected to a high-speed USB 2.0 port.
[  344.478332][   T24] usb 4-1: USB disconnect, device number 12
[  345.089123][ T8102] binder: BINDER_SET_CONTEXT_MGR already set
[  345.095428][ T8102] binder: 8099:8102 ioctl 4018620d 200000000040 returned -16
[  345.110038][ T8102] binder: 8099:8102 ioctl c0306201 2000000001c0 returned -22
[  347.476383][ T5912] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  347.638767][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  347.667801][ T5912] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  347.694376][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.733455][ T5912] usb 5-1: Product: syz
[  347.739264][ T5912] usb 5-1: Manufacturer: syz
[  347.794381][ T5912] usb 5-1: SerialNumber: syz
[  347.821781][ T5912] usb 5-1: config 0 descriptor??
[  347.840984][ T5912] em28xx 5-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0)
[  347.882520][ T5912] em28xx 5-1:0.0: Device initialization failed.
[  347.915493][ T5912] em28xx 5-1:0.0: Device must be connected to a high-speed USB 2.0 port.
[  348.138465][   T24] usb 5-1: USB disconnect, device number 7
[  348.198500][   T30] audit: type=1326 audit(1755769684.658:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8122 comm="syz.1.505" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f74b658ebe9 code=0x0
[  354.604042][   T30] audit: type=1326 audit(1755769691.068:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8177 comm="syz.0.519" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cbdb8ebe9 code=0x0
[  355.566595][   T37] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  356.287556][   T37] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  356.522506][   T37] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  356.679461][   T37] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  357.295456][   T37] bridge_slave_1: left allmulticast mode
[  357.320450][   T37] bridge_slave_1: left promiscuous mode
[  357.343960][   T37] bridge0: port 2(bridge_slave_1) entered disabled state
[  357.389745][   T37] bridge_slave_0: left allmulticast mode
[  357.409368][   T37] bridge_slave_0: left promiscuous mode
[  357.427403][   T37] bridge0: port 1(bridge_slave_0) entered disabled state
[  357.698270][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  357.711368][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  357.721993][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  357.737560][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  357.747342][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  359.446698][ T8238] fuse: Unknown parameter 'fd0xffffffffffffffff00000000000000000000'
[  359.827227][   T51] Bluetooth: hci4: command tx timeout
[  360.804276][   T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  360.854673][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  360.892185][   T37] bond0 (unregistering): Released all slaves
[  361.064398][   T37] tipc: Left network mode
[  361.434010][   T30] audit: type=1326 audit(1755770465.898:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8276 comm="syz.1.542" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f74b658ebe9 code=0x0
[  362.456973][   T51] Bluetooth: hci4: command tx timeout
[  363.007194][ T8288] netlink: 8 bytes leftover after parsing attributes in process `syz.0.543'.
[  363.019550][ T8288] netlink: 20 bytes leftover after parsing attributes in process `syz.0.543'.
[  363.373228][ T8291] xt_TPROXY: Can be used only with -p tcp or -p udp
[  363.445267][   T37] hsr_slave_0: left promiscuous mode
[  363.480084][   T37] hsr_slave_1: left promiscuous mode
[  363.523189][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  363.577933][   T37] batman_adv: batadv0: Removing interface: batadv_slave_0
[  363.660867][   T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  363.696482][   T37] batman_adv: batadv0: Removing interface: batadv_slave_1
[  363.749005][   T37] veth1_macvtap: left promiscuous mode
[  363.754813][   T37] veth0_macvtap: left promiscuous mode
[  363.784680][   T37] veth1_vlan: left promiscuous mode
[  363.800894][   T37] veth0_vlan: left promiscuous mode
[  364.549267][   T51] Bluetooth: hci4: command tx timeout
[  365.011348][ T8322] sctp: [Deprecated]: syz.3.548 (pid 8322) Use of struct sctp_assoc_value in delayed_ack socket option.
[  365.011348][ T8322] Use struct sctp_sack_info instead
[  366.212247][ T8331] binder: 8329:8331 ioctl c0306201 2000000001c0 returned -22
[  366.320871][ T8333] netlink: 8 bytes leftover after parsing attributes in process `syz.3.550'.
[  366.627864][   T51] Bluetooth: hci4: command tx timeout
[  369.803332][   T30] audit: type=1326 audit(1755770474.247:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8351 comm="syz.4.555" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x0
[  370.136777][   T37] team0 (unregistering): Port device team_slave_1 removed
[  370.214649][   T37] team0 (unregistering): Port device team_slave_0 removed
[  370.363210][ T5911] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  371.014236][ T5911] usb 1-1: Using ep0 maxpacket: 8
[  371.044893][ T5911] usb 1-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  371.054258][ T5911] usb 1-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  371.062866][ T5911] usb 1-1: Product: syz
[  371.067183][ T5911] usb 1-1: Manufacturer: syz
[  371.072267][ T5911] usb 1-1: SerialNumber: syz
[  371.085014][ T5911] usb 1-1: config 0 descriptor??
[  371.106080][ T5911] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  371.367336][ T8364] (unnamed net_device) (uninitialized): option arp_interval: mode dependency failed, not supported in mode balance-alb(6)
[  371.488801][ T8213] chnl_net:caif_netlink_parms(): no params data found
[  371.818004][ T5911] gspca_zc3xx: reg_r err -110
[  371.938846][ T5911] gspca_zc3xx 1-1:0.0: probe with driver gspca_zc3xx failed with error -110
[  372.067633][ T5911] usb 1-1: USB disconnect, device number 8
[  372.930374][ T8391] comedi comedi0: dmm32at: I/O port conflict (0x3,16)
[  373.012548][ T8213] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.039175][ T8213] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.072363][ T8213] bridge_slave_0: entered allmulticast mode
[  373.104279][ T8213] bridge_slave_0: entered promiscuous mode
[  373.131602][ T8213] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.166248][ T8213] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.323930][ T8213] bridge_slave_1: entered allmulticast mode
[  373.336193][ T8213] bridge_slave_1: entered promiscuous mode
[  374.728237][ T8406] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  374.773231][   T30] audit: type=1326 audit(1755770479.237:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8407 comm="syz.0.567" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cbdb8ebe9 code=0x0
[  374.808811][ T8213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  374.843738][ T8213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  375.119271][ T8213] team0: Port device team_slave_0 added
[  375.174089][ T8213] team0: Port device team_slave_1 added
[  375.220061][ T8417] netlink: 8 bytes leftover after parsing attributes in process `syz.4.569'.
[  375.426172][ T8213] batman_adv: batadv0: Adding interface: batadv_slave_0
[  375.443153][ T8213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  375.519567][ T8213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  375.576935][ T8213] batman_adv: batadv0: Adding interface: batadv_slave_1
[  375.599751][ T8213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  375.684707][ T8213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  376.925642][ T8213] hsr_slave_0: entered promiscuous mode
[  376.932953][ T8213] hsr_slave_1: entered promiscuous mode
[  376.939912][ T8213] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  376.948793][ T8213] Cannot create hsr debugfs directory
[  378.018441][ T8442] netlink: 'syz.4.573': attribute type 1 has an invalid length.
[  378.248704][ T8450] netlink: 28 bytes leftover after parsing attributes in process `syz.4.573'.
[  378.884928][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  379.653270][ T8450] 8021q: adding VLAN 0 to HW filter on device bond1
[  381.213337][ T8213] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  381.411284][ T8488] evm: overlay not supported
[  382.090656][ T8213] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  382.302205][ T8213] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  382.393368][ T8213] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  382.798321][   T30] audit: type=1326 audit(1755770487.266:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.4.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  382.872590][   T30] audit: type=1326 audit(1755770487.266:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.4.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  382.964053][   T30] audit: type=1326 audit(1755770487.266:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.4.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  383.043694][   T30] audit: type=1326 audit(1755770487.266:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.4.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  383.068527][ T8213] 8021q: adding VLAN 0 to HW filter on device bond0
[  383.085726][   T30] audit: type=1326 audit(1755770487.266:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.4.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  383.117634][ T8213] 8021q: adding VLAN 0 to HW filter on device team0
[  383.133925][   T30] audit: type=1326 audit(1755770487.266:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.4.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  383.157701][   T30] audit: type=1326 audit(1755770487.266:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.4.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  383.183370][   T30] audit: type=1326 audit(1755770487.266:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.4.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  383.354684][   T30] audit: type=1326 audit(1755770487.266:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.4.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  383.377937][   T30] audit: type=1326 audit(1755770487.266:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.4.584" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15178ebe9 code=0x7ffc0000
[  383.698259][ T5977] bridge0: port 1(bridge_slave_0) entered blocking state
[  383.705641][ T5977] bridge0: port 1(bridge_slave_0) entered forwarding state
[  384.066323][ T5977] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.073720][ T5977] bridge0: port 2(bridge_slave_1) entered forwarding state
[  384.217503][ T8516] FAULT_INJECTION: forcing a failure.
[  384.217503][ T8516] name failslab, interval 1, probability 0, space 0, times 0
[  384.331223][ T8516] CPU: 0 UID: 0 PID: 8516 Comm: syz.4.588 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  384.331254][ T8516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  384.331266][ T8516] Call Trace:
[  384.331275][ T8516]  <TASK>
[  384.331285][ T8516]  dump_stack_lvl+0x189/0x250
[  384.331315][ T8516]  ? __pfx____ratelimit+0x10/0x10
[  384.331353][ T8516]  ? __pfx_dump_stack_lvl+0x10/0x10
[  384.331377][ T8516]  ? __pfx__printk+0x10/0x10
[  384.331410][ T8516]  ? __pfx___might_resched+0x10/0x10
[  384.331430][ T8516]  ? fs_reclaim_acquire+0x7d/0x100
[  384.331461][ T8516]  should_fail_ex+0x414/0x560
[  384.331489][ T8516]  should_failslab+0xa8/0x100
[  384.331514][ T8516]  kmem_cache_alloc_noprof+0x73/0x3c0
[  384.331533][ T8516]  ? _sctp_make_chunk+0x14e/0x430
[  384.331566][ T8516]  _sctp_make_chunk+0x14e/0x430
[  384.331598][ T8516]  sctp_make_datafrag_empty+0x122/0x230
[  384.331627][ T8516]  ? __pfx_sctp_make_datafrag_empty+0x10/0x10
[  384.331650][ T8516]  ? __kasan_kmalloc+0x93/0xb0
[  384.331674][ T8516]  ? sctp_auth_send_cid+0x69/0x250
[  384.331704][ T8516]  sctp_datamsg_from_user+0x729/0xef0
[  384.331752][ T8516]  sctp_sendmsg_to_asoc+0x1003/0x1810
[  384.331780][ T8516]  ? __asan_memcpy+0x40/0x70
[  384.331816][ T8516]  ? sctp_assoc_add_peer+0xcfa/0x13b0
[  384.331864][ T8516]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  384.331893][ T8516]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  384.331931][ T8516]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  384.331959][ T8516]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  384.331985][ T8516]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  384.332014][ T8516]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  384.332037][ T8516]  ? security_sctp_bind_connect+0x7e/0x2e0
[  384.332079][ T8516]  sctp_sendmsg+0x1941/0x2810
[  384.332123][ T8516]  ? __pfx_sctp_sendmsg+0x10/0x10
[  384.332150][ T8516]  ? __lock_acquire+0xab9/0xd20
[  384.332196][ T8516]  ? sock_rps_record_flow+0x19/0x410
[  384.332231][ T8516]  ? inet_sendmsg+0x2f4/0x370
[  384.332252][ T8516]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  384.332276][ T8516]  __sock_sendmsg+0x19c/0x270
[  384.332306][ T8516]  __sys_sendto+0x3bd/0x520
[  384.332339][ T8516]  ? __pfx___sys_sendto+0x10/0x10
[  384.332363][ T8516]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  384.332403][ T8516]  ? __fget_files+0x3a0/0x420
[  384.332439][ T8516]  ? ksys_write+0x22a/0x250
[  384.332463][ T8516]  ? __pfx_ksys_write+0x10/0x10
[  384.332479][ T8516]  ? rcu_is_watching+0x15/0xb0
[  384.332507][ T8516]  __x64_sys_sendto+0xde/0x100
[  384.332541][ T8516]  do_syscall_64+0xfa/0x3b0
[  384.332566][ T8516]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.332585][ T8516]  ? asm_common_interrupt+0x26/0x40
[  384.332603][ T8516]  ? clear_bhb_loop+0x60/0xb0
[  384.332629][ T8516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.332649][ T8516] RIP: 0033:0x7fa15178ebe9
[  384.332669][ T8516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  384.332686][ T8516] RSP: 002b:00007fa15264c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  384.332709][ T8516] RAX: ffffffffffffffda RBX: 00007fa1519b5fa0 RCX: 00007fa15178ebe9
[  384.332723][ T8516] RDX: 0000000000034000 RSI: 0000200000000100 RDI: 0000000000000003
[  384.332736][ T8516] RBP: 00007fa15264c090 R08: 00002000000000c0 R09: 0000000000000010
[  384.332749][ T8516] R10: 00000000040048c4 R11: 0000000000000246 R12: 0000000000000002
[  384.332761][ T8516] R13: 00007fa1519b6038 R14: 00007fa1519b5fa0 R15: 00007ffdfde458a8
[  384.332796][ T8516]  </TASK>
[  386.471366][ T8213] 8021q: adding VLAN 0 to HW filter on device batadv0
[  386.480817][ T5925] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  386.674270][ T5925] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  386.674305][ T5925] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  386.674386][ T5925] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  386.674411][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.735648][ T8213] veth0_vlan: entered promiscuous mode
[  386.912473][ T8213] veth1_vlan: entered promiscuous mode
[  386.952490][ T5925] usb 1-1: usb_control_msg returned -32
[  386.952550][ T5925] usbtmc 1-1:16.0: can't read capabilities
[  387.632033][ T8562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.632913][ T8562] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.641425][ T8562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.643590][ T8562] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.650370][ T8562] usbtmc 1-1:16.0: usbtmc_ioctl_request failed -32
[  387.657049][ T8561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.659497][ T8561] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.657894][ T8213] veth0_macvtap: entered promiscuous mode
[  388.675248][ T8213] veth1_macvtap: entered promiscuous mode
[  388.696816][ T8213] batman_adv: batadv0: Interface activated: batadv_slave_0
[  388.723469][ T8213] batman_adv: batadv0: Interface activated: batadv_slave_1
[  388.731137][ T8213] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  388.731215][ T8213] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  388.731244][ T8213] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  388.731272][ T8213] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  389.370533][ T3506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  389.389724][ T3506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  389.571791][   T24] usb 1-1: USB disconnect, device number 9
[  389.596280][ T3506] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  389.690522][ T3506] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  390.108473][ T8581] netlink: 'syz.2.523': attribute type 10 has an invalid length.
[  390.116624][ T8581] netlink: 40 bytes leftover after parsing attributes in process `syz.2.523'.
[  390.182793][ T8581] team0: Port device geneve0 added
[  390.250128][ T5882] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  390.419809][ T5882] usb 5-1: unable to get BOS descriptor or descriptor too short
[  390.638010][ T5882] usb 5-1: not running at top speed; connect to a high speed hub
[  390.652963][ T5882] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  390.662720][ T5882] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  390.674854][ T5882] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  390.695955][ T5882] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 8193, setting to 64
[  390.880868][ T5882] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  390.942881][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.998550][ T5882] usb 5-1: Product: syz
[  391.028919][ T5882] usb 5-1: Manufacturer: syz
[  391.145457][ T5882] usb 5-1: SerialNumber: syz
[  391.771811][ T8603] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  391.827764][ T8603] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  392.137164][ T5882] usb 5-1: 0:2 : does not exist
[  393.259299][ T5882] usb 5-1: USB disconnect, device number 8
[  393.775874][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  394.454821][ T8631] syz.0.608: attempt to access beyond end of device
[  394.454821][ T8631] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  394.529654][ T8631] EXT4-fs (nbd0): unable to read superblock
[  399.820354][ T8708] binder: 8705:8708 ioctl c0306201 2000000001c0 returned -22
[  403.229571][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  403.229585][   T30] audit: type=1326 audit(1755770507.693:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8741 comm="syz.0.633" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cbdb8ebe9 code=0x0
[  404.809190][   T51] Bluetooth: hci2: unexpected event for opcode 0x2031
[  406.252090][ T8780] syz.4.639: attempt to access beyond end of device
[  406.252090][ T8780] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  406.374988][ T8780] EXT4-fs (nbd4): unable to read superblock
[  407.710548][ T8801] netlink: 48 bytes leftover after parsing attributes in process `syz.1.644'.
[  407.866983][ T8804] netlink: 8 bytes leftover after parsing attributes in process `syz.4.645'.
[  416.552419][ T8865] binder: 8863:8865 ioctl c0306201 2000000001c0 returned -22
[  417.688940][   T30] audit: type=1326 audit(1755770522.152:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8862 comm="syz.3.659" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff69398ebe9 code=0x0
[  422.280386][ T8890] netlink: 'syz.2.665': attribute type 29 has an invalid length.
[  422.300912][ T8890] netlink: 'syz.2.665': attribute type 29 has an invalid length.
[  426.859977][   T30] audit: type=1326 audit(1755770531.321:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8921 comm="syz.1.674" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f74b658ebe9 code=0x0
[  428.076330][ T8917] mmap: syz.3.671 (8917): VmData 25833472 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  428.104478][ T8935] overlayfs: conflicting options: userxattr,redirect_dir=on
[  428.364349][  T978] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  428.884645][  T978] usb 3-1: config 252 has an invalid interface number: 107 but max is 0
[  428.897168][  T978] usb 3-1: config 252 has no interface number 0
[  428.908451][  T978] usb 3-1: config 252 interface 107 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  428.934369][  T978] usb 3-1: config 252 interface 107 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  428.977992][  T978] usb 3-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=d7.67
[  428.997611][  T978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.042887][  T978] usb 3-1: Product: syz
[  429.051277][  T978] usb 3-1: Manufacturer: syz
[  429.056451][  T978] usb 3-1: SerialNumber: syz
[  430.027924][ T8959] netlink: 'syz.0.681': attribute type 10 has an invalid length.
[  430.036786][ T8959] netlink: 40 bytes leftover after parsing attributes in process `syz.0.681'.
[  430.058988][ T8959] batman_adv: batadv0: Adding interface: virt_wifi0
[  430.065881][ T8959] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  430.092637][ T8959] batman_adv: batadv0: Interface activated: virt_wifi0
[  431.406700][ T8982] netlink: 8 bytes leftover after parsing attributes in process `syz.1.687'.
[  432.231582][ T8993] vxcan1: entered allmulticast mode
[  432.253220][   T24] usb 3-1: USB disconnect, device number 7
[  432.345899][ T8995] vxcan1: left allmulticast mode
[  432.959822][ T9004] fuse: Bad value for 'user_id'
[  432.964980][ T9004] fuse: Bad value for 'user_id'
[  434.603672][ T9016] bridge1: entered promiscuous mode
[  434.609203][ T9016] bridge1: entered allmulticast mode
[  436.457401][ T9038] netlink: 12 bytes leftover after parsing attributes in process `syz.1.698'.
[  440.321351][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  443.369328][ T9108] tmpfs: Bad value for 'mpol'
[  446.395704][ T9130] netlink: 44 bytes leftover after parsing attributes in process `syz.1.723'.
[  447.123312][ T9127] syz.3.724 (9127) used obsolete PPPIOCDETACH ioctl
[  447.264307][ T9144] syz.0.726: attempt to access beyond end of device
[  447.264307][ T9144] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  447.277720][ T9144] syz.0.726: attempt to access beyond end of device
[  447.277720][ T9144] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0
[  447.290726][ T9144] Mount JFS Failure: -5
[  448.381995][ T9147] netlink: 4 bytes leftover after parsing attributes in process `syz.4.729'.
[  448.391191][ T9147] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  448.522305][ T9153] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  448.529977][ T9147] batman_adv: batadv0: Removing interface: batadv_slave_0
[  448.585198][ T9153] cramfs: wrong magic
[  451.041569][ T9182] syz.2.735: attempt to access beyond end of device
[  451.041569][ T9182] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  451.056534][ T9182] syz.2.735: attempt to access beyond end of device
[  451.056534][ T9182] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0
[  451.070341][ T9182] Mount JFS Failure: -5
[  451.616583][ T9184] Bluetooth: MGMT ver 1.23
[  453.589946][ T9221] binder_alloc: 9213: binder_alloc_buf, no vma
[  455.477796][ T9237] FAULT_INJECTION: forcing a failure.
[  455.477796][ T9237] name failslab, interval 1, probability 0, space 0, times 0
[  455.559061][ T9237] CPU: 1 UID: 0 PID: 9237 Comm: syz.2.755 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  455.559090][ T9237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  455.559101][ T9237] Call Trace:
[  455.559108][ T9237]  <TASK>
[  455.559117][ T9237]  dump_stack_lvl+0x189/0x250
[  455.559145][ T9237]  ? __pfx____ratelimit+0x10/0x10
[  455.559168][ T9237]  ? __pfx_dump_stack_lvl+0x10/0x10
[  455.559190][ T9237]  ? __pfx__printk+0x10/0x10
[  455.559223][ T9237]  ? __pfx___might_resched+0x10/0x10
[  455.559245][ T9237]  ? fs_reclaim_acquire+0x7d/0x100
[  455.559274][ T9237]  should_fail_ex+0x414/0x560
[  455.559302][ T9237]  should_failslab+0xa8/0x100
[  455.559327][ T9237]  __kmalloc_noprof+0xcb/0x4f0
[  455.559344][ T9237]  ? kfree+0x4d/0x440
[  455.559369][ T9237]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  455.559406][ T9237]  tomoyo_realpath_from_path+0xe3/0x5d0
[  455.559432][ T9237]  ? tomoyo_domain+0xda/0x130
[  455.559463][ T9237]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  455.559483][ T9237]  tomoyo_path_number_perm+0x1e8/0x5a0
[  455.559507][ T9237]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  455.559547][ T9237]  ? __lock_acquire+0xab9/0xd20
[  455.559589][ T9237]  ? __fget_files+0x2a/0x420
[  455.559615][ T9237]  ? __fget_files+0x2a/0x420
[  455.559636][ T9237]  ? __fget_files+0x3a0/0x420
[  455.559656][ T9237]  ? __fget_files+0x2a/0x420
[  455.559683][ T9237]  security_file_ioctl+0xcb/0x2d0
[  455.559709][ T9237]  __se_sys_ioctl+0x47/0x170
[  455.559748][ T9237]  do_syscall_64+0xfa/0x3b0
[  455.559769][ T9237]  ? lockdep_hardirqs_on+0x9c/0x150
[  455.559790][ T9237]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.559824][ T9237]  ? clear_bhb_loop+0x60/0xb0
[  455.559848][ T9237]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.559866][ T9237] RIP: 0033:0x7fd081d8ebe9
[  455.559883][ T9237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.559897][ T9237] RSP: 002b:00007fd07fff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  455.559912][ T9237] RAX: ffffffffffffffda RBX: 00007fd081fb5fa0 RCX: 00007fd081d8ebe9
[  455.559921][ T9237] RDX: 0000200000000100 RSI: 000000004008ae89 RDI: 0000000000000005
[  455.559929][ T9237] RBP: 00007fd07fff6090 R08: 0000000000000000 R09: 0000000000000000
[  455.559936][ T9237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  455.559942][ T9237] R13: 00007fd081fb6038 R14: 00007fd081fb5fa0 R15: 00007ffd08f625c8
[  455.559962][ T9237]  </TASK>
[  456.083058][ T9237] ERROR: Out of memory at tomoyo_realpath_from_path.
[  456.477204][  T978] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  456.646872][  T978] usb 1-1: Using ep0 maxpacket: 32
[  456.653902][  T978] usb 1-1: config 0 has no interfaces?
[  456.662107][  T978] usb 1-1: New USB device found, idVendor=0105, idProduct=145f, bcdDevice=be.36
[  456.743606][  T978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.796839][  T978] usb 1-1: Product: syz
[  456.823581][  T978] usb 1-1: Manufacturer: syz
[  456.866857][  T978] usb 1-1: SerialNumber: syz
[  456.895357][  T978] usb 1-1: config 0 descriptor??
[  457.170288][  T978] usb 1-1: USB disconnect, device number 10
[  457.279771][ T9255] netlink: 68 bytes leftover after parsing attributes in process `syz.3.761'.
[  457.477197][ T5912] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  458.096892][ T5912] usb 3-1: Using ep0 maxpacket: 8
[  458.110371][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  458.293253][ T5912] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  458.470129][ T5912] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  458.638463][ T5912] usb 3-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  458.725553][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.848087][ T5912] usb 3-1: config 0 descriptor??
[  459.549902][ T5912] logitech 0003:046D:C293.0006: unknown main item tag 0x0
[  459.571968][ T5912] logitech 0003:046D:C293.0006: unknown main item tag 0x0
[  459.590950][ T5912] logitech 0003:046D:C293.0006: unknown main item tag 0x0
[  459.614463][ T5912] logitech 0003:046D:C293.0006: unknown main item tag 0x0
[  459.655695][ T5912] logitech 0003:046D:C293.0006: hidraw0: USB HID v0.00 Device [HID 046d:c293] on usb-dummy_hcd.2-1/input0
[  459.682615][ T5912] logitech 0003:046D:C293.0006: no inputs found
[  459.837657][ T9249] openvswitch: netlink: IP tunnel dst address not specified
[  460.667792][ T5912] usb 3-1: USB disconnect, device number 8
[  463.779204][   T30] audit: type=1326 audit(1755771021.228:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9294 comm="syz.2.773" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd081d8ebe9 code=0x0
[  465.981827][ T9312] binder: BINDER_SET_CONTEXT_MGR already set
[  465.988210][ T9312] binder: 9310:9312 ioctl 4018620d 200000000040 returned -16
[  466.001842][ T9312] binder: 9310:9312 ioctl c0306201 2000000001c0 returned -22
[  467.926270][ T9323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.782'.
[  467.935232][ T9323] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  467.942843][ T9323] batman_adv: batadv0: Removing interface: batadv_slave_0
[  468.018193][ T9323] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  468.026854][ T9323] batman_adv: batadv0: Removing interface: batadv_slave_1
[  471.500258][ T9359] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  472.834434][ T9371] befs: (nbd4): No write support. Marking filesystem read-only
[  472.844847][ T9371] syz.4.797: attempt to access beyond end of device
[  472.844847][ T9371] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[  472.858005][ T9371] befs: (nbd4): unable to read superblock
[  476.364567][ T5912] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  476.656925][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  476.712891][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  476.741067][ T5912] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  476.764385][ T5912] usb 5-1: New USB device found, idVendor=1532, idProduct=011d, bcdDevice= 0.00
[  476.781684][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.801019][ T5912] usb 5-1: config 0 descriptor??
[  477.045578][ T5912] hid-rmi 0003:1532:011D.0007: unknown main item tag 0x0
[  477.065992][ T5912] hid-rmi 0003:1532:011D.0007: unknown main item tag 0x2
[  477.085915][ T5912] hid-rmi 0003:1532:011D.0007: item fetching failed at offset 3/4
[  477.109463][ T5912] hid-rmi 0003:1532:011D.0007: parse failed
[  477.123362][ T5912] hid-rmi 0003:1532:011D.0007: probe with driver hid-rmi failed with error -22
[  477.230043][ T5912] usb 5-1: USB disconnect, device number 9
[  477.478348][ T9428] netlink: 24 bytes leftover after parsing attributes in process `syz.2.813'.
[  480.673676][ T9458] netlink: 'syz.0.821': attribute type 4 has an invalid length.
[  480.934072][ T9459] vlan2: entered promiscuous mode
[  480.939487][ T9459] dummy0: entered promiscuous mode
[  480.950261][ T9459] vlan2: entered allmulticast mode
[  480.955620][ T9459] dummy0: entered allmulticast mode
[  481.866915][   T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  482.212629][ T9472] netlink: 8 bytes leftover after parsing attributes in process `syz.4.824'.
[  482.849846][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  482.891825][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  482.987114][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  483.016889][   T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  483.026127][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.065789][   T24] usb 4-1: config 0 descriptor??
[  483.737646][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  484.243124][   T24] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  485.029382][ T9466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  485.047943][ T9466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  485.067647][ T9491] random: crng reseeded on system resumption
[  486.297332][   T10] usb 4-1: reset high-speed USB device number 13 using dummy_hcd
[  487.154646][ T9500] /dev/nullb0: Can't lookup blockdev
[  487.442512][ T9508] bond_slave_0: entered promiscuous mode
[  487.448575][ T9508] bond_slave_1: entered promiscuous mode
[  487.477175][ T9508] vlan2: entered promiscuous mode
[  487.516325][ T9495] Restarting kernel threads ...
[  487.517268][ T9508] bond0: entered promiscuous mode
[  487.532585][ T9495] Done restarting kernel threads.
[  487.669589][ T9516] binder: BINDER_SET_CONTEXT_MGR already set
[  487.675768][ T9516] binder: 9512:9516 ioctl 4018620d 200000000040 returned -16
[  488.020394][ T5911] usb 4-1: USB disconnect, device number 13
[  489.201777][ T9534] netlink: 8 bytes leftover after parsing attributes in process `syz.1.842'.
[  489.210894][ T9534] netlink: 8 bytes leftover after parsing attributes in process `syz.1.842'.
[  489.336977][ T5911] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  489.668479][ T5911] usb 1-1: Using ep0 maxpacket: 16
[  490.020747][ T5911] usb 1-1: unable to get BOS descriptor or descriptor too short
[  490.099362][ T5911] usb 1-1: config 9 has an invalid interface number: 48 but max is 0
[  490.119274][ T5911] usb 1-1: config 9 has no interface number 0
[  490.139591][ T5911] usb 1-1: config 9 interface 48 has no altsetting 0
[  490.173931][ T5911] usb 1-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=f3.7b
[  490.188598][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.226836][ T5911] usb 1-1: Product: syz
[  490.231183][ T5911] usb 1-1: Manufacturer: syz
[  490.235834][ T5911] usb 1-1: SerialNumber: syz
[  490.305677][ T9547] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  490.320262][ T9547] overlayfs: missing 'lowerdir'
[  490.529481][ T5911] gspca_main: vc032x-2.14.0 probing 0ac8:c301
[  490.703895][ T9550] block device autoloading is deprecated and will be removed.
[  491.326990][ T5911] gspca_vc032x: reg_w err -110
[  491.331857][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.346818][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.352185][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.364566][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.379950][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.385329][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.420125][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.425591][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.456894][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.462268][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.487375][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.492880][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.501165][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.506537][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.514153][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.521224][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.526600][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.532726][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.538451][ T5911] gspca_vc032x: I2c Bus Busy Wait 00
[  491.544075][ T5911] gspca_vc032x: Unknown sensor...
[  491.681682][ T5911] vc032x 1-1:9.48: probe with driver vc032x failed with error -22
[  491.697829][ T9549] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  491.712063][ T9549] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  492.535762][   T24] usb 1-1: USB disconnect, device number 11
[  494.855931][ T9586] netlink: 'syz.2.859': attribute type 83 has an invalid length.
[  495.976938][   T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  496.236982][   T10] usb 3-1: Using ep0 maxpacket: 16
[  496.262951][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  496.284147][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  496.406144][   T10] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  496.434415][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.465543][   T10] usb 3-1: Product: syz
[  496.501334][   T10] usb 3-1: Manufacturer: syz
[  496.510384][   T10] usb 3-1: SerialNumber: syz
[  497.847237][   T10] usb 3-1: 0:2 : does not exist
[  497.911828][   T10] usb 3-1: USB disconnect, device number 9
[  498.051972][ T8905] udevd[8905]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  501.760787][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  502.078691][ T9648] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  504.466858][ T5955] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  505.259913][ T5955] usb 5-1: Using ep0 maxpacket: 8
[  505.335753][ T5955] usb 5-1: unable to get BOS descriptor or descriptor too short
[  505.529171][ T5955] usb 5-1: config 4 interface 0 has no altsetting 0
[  505.561540][ T5955] usb 5-1: string descriptor 0 read error: -22
[  505.577096][ T5955] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  505.586535][ T5955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.490758][ T5955] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  506.608348][ T5955] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  506.659094][ T5955] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  506.963600][ T5955] usb 5-1: media controller created
[  507.174753][ T5955] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  507.192102][ T9701] syz.1.893: attempt to access beyond end of device
[  507.192102][ T9701] loop3: rw=2048, sector=0, nr_sectors = 8 limit=0
[  507.205541][ T9701] SQUASHFS error: Failed to read block 0x0: -5
[  507.909028][ T5955] zl10353_read_register: readreg error (reg=127, ret==0)
[  509.616943][ T5955] usb 5-1: USB disconnect, device number 10
[  510.122345][ T9726] syz.3.897: attempt to access beyond end of device
[  510.122345][ T9726] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  510.138559][ T9726] syz.3.897: attempt to access beyond end of device
[  510.138559][ T9726] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0
[  510.152247][ T9726] Mount JFS Failure: -5
[  514.750695][ T9749] sd 0:0:1:0: device reset
[  519.850959][ T9801] netlink: 4 bytes leftover after parsing attributes in process `syz.2.922'.
[  520.027987][ T9806] netlink: 2384 bytes leftover after parsing attributes in process `syz.4.924'.
[  520.067095][   T30] audit: type=1326 audit(1755771077.498:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9804 comm="syz.0.923" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cbdb8ebe9 code=0x0
[  521.941727][ T9815] netlink: 8 bytes leftover after parsing attributes in process `syz.4.925'.
[  524.878113][ T9841] loop6: detected capacity change from 0 to 524287999
[  524.887903][ T9841] Buffer I/O error on dev loop6, logical block 0, async page read
[  524.896108][ T9841] Buffer I/O error on dev loop6, logical block 0, async page read
[  524.904322][ T9841] Buffer I/O error on dev loop6, logical block 0, async page read
[  524.916580][ T9841] Buffer I/O error on dev loop6, logical block 0, async page read
[  524.924662][ T9841] Buffer I/O error on dev loop6, logical block 0, async page read
[  524.932688][ T9841] Buffer I/O error on dev loop6, logical block 0, async page read
[  524.941620][ T9841] Buffer I/O error on dev loop6, logical block 0, async page read
[  524.949637][ T9841] Buffer I/O error on dev loop6, logical block 0, async page read
[  524.957861][ T9841] ldm_validate_partition_table(): Disk read failed.
[  524.965561][ T9841] Buffer I/O error on dev loop6, logical block 0, async page read
[  524.973591][ T9841] Buffer I/O error on dev loop6, logical block 0, async page read
[  524.981686][ T9841] Dev loop6: unable to read RDB block 0
[  524.988304][ T9841]  loop6: unable to read partition table
[  524.994178][ T9841] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  525.213577][ T9846] xt_TPROXY: Can be used only with -p tcp or -p udp
[  526.033836][   T30] audit: type=1326 audit(1755771083.498:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9848 comm="syz.0.936" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cbdb8ebe9 code=0x0
[  527.206626][ T9867] netlink: 8 bytes leftover after parsing attributes in process `syz.4.941'.
[  528.631822][ T5882] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  528.876958][ T5882] usb 4-1: Using ep0 maxpacket: 32
[  528.977354][ T5882] usb 4-1: unable to get BOS descriptor or descriptor too short
[  529.091993][ T5882] usb 4-1: config 14 has an invalid interface number: 115 but max is 0
[  529.184761][ T5882] usb 4-1: config 14 has no interface number 0
[  529.227914][ T5882] usb 4-1: config 14 interface 115 has no altsetting 0
[  529.269489][ T5882] usb 4-1: New USB device found, idVendor=04e2, idProduct=1420, bcdDevice= 2.73
[  529.298940][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.544436][ T5882] usb 4-1: Product: syz
[  529.550283][ T5882] usb 4-1: Manufacturer: syz
[  529.555013][ T5882] usb 4-1: SerialNumber: syz
[  529.845130][ T5882] xr_serial 4-1:14.115: More than one union descriptor, skipping ...
[  529.909743][ T5882] usb 4-1: USB disconnect, device number 14
[  532.956852][   T30] audit: type=1326 audit(1755771090.418:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9903 comm="syz.3.951" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff69398ebe9 code=0x0
[  535.335637][ T9920] x_tables: duplicate underflow at hook 4
[  535.884243][ T9932] netlink: 4 bytes leftover after parsing attributes in process `syz.0.959'.
[  535.893560][ T9932] batman_adv: batadv0: Removing interface: batadv_slave_0
[  536.411034][ T9932] batman_adv: batadv0: Removing interface: batadv_slave_1
[  536.493664][ T9932] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  536.514786][ T9932] batman_adv: batadv0: Removing interface: virt_wifi0
[  536.762855][ T9935] fuse: Unknown parameter 'r	'
[  538.184502][ T5851] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  538.191634][ T5851] Bluetooth: hci0: command 0x0406 tx timeout
[  538.227490][ T9947] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  538.258233][ T9947] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  538.270893][ T9947] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  538.318863][ T9947] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  538.329063][ T9947] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  540.613861][ T9943] chnl_net:caif_netlink_parms(): no params data found
[  540.797449][ T9929] Bluetooth: hci5: command tx timeout
[  540.987257][ T9943] bridge0: port 1(bridge_slave_0) entered blocking state
[  540.994865][ T9943] bridge0: port 1(bridge_slave_0) entered disabled state
[  541.002913][ T9943] bridge_slave_0: entered allmulticast mode
[  541.011855][ T9943] bridge_slave_0: entered promiscuous mode
[  541.022415][ T9943] bridge0: port 2(bridge_slave_1) entered blocking state
[  541.030380][ T9943] bridge0: port 2(bridge_slave_1) entered disabled state
[  541.039865][ T9943] bridge_slave_1: entered allmulticast mode
[  541.049064][ T9943] bridge_slave_1: entered promiscuous mode
[  541.140896][ T9943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  541.178904][ T9943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  541.228110][  T978] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  541.463858][  T978] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  541.678004][  T978] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  541.806466][  T978] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  541.860623][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  541.927216][  T978] usb 1-1: SerialNumber: syz
[  542.047768][ T9943] team0: Port device team_slave_0 added
[  542.085919][ T9943] team0: Port device team_slave_1 added
[  542.158274][  T978] usb 1-1: 0:2 : does not exist
[  542.193179][  T978] usb 1-1: USB disconnect, device number 12
[  542.293880][ T8905] udevd[8905]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  542.329816][ T9943] batman_adv: batadv0: Adding interface: batadv_slave_0
[  542.354527][ T9943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  542.424679][ T9943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  542.480317][ T9943] batman_adv: batadv0: Adding interface: batadv_slave_1
[  542.640338][ T9943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  542.670408][ T9943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  542.872098][ T9943] hsr_slave_0: entered promiscuous mode
[  542.886878][ T9929] Bluetooth: hci5: command tx timeout
[  542.897282][ T9943] hsr_slave_1: entered promiscuous mode
[  542.968298][ T9943] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  543.129674][ T9943] Cannot create hsr debugfs directory
[  544.059458][   T30] audit: type=1326 audit(1755771101.528:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10012 comm="syz.1.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74b658ebe9 code=0x7fc00000
[  544.456878][ T9943] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  544.475820][ T9943] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  544.493650][ T9943] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  544.510360][ T9943] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  544.597283][ T5882] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  544.759798][T10027] netlink: 8 bytes leftover after parsing attributes in process `syz.4.981'.
[  544.807290][ T5882] usb 1-1: config index 0 descriptor too short (expected 548, got 36)
[  544.836794][   T30] audit: type=1326 audit(1755771102.288:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10012 comm="syz.1.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f74b658ebe9 code=0x7fc00000
[  544.859247][ T5882] usb 1-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  544.877305][ T5882] usb 1-1: config 5 has 0 interfaces, different from the descriptor's value: 9
[  544.913265][ T5882] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice= 0.ec
[  544.948657][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.957522][ T9929] Bluetooth: hci5: command tx timeout
[  544.966266][ T9943] 8021q: adding VLAN 0 to HW filter on device bond0
[  544.984487][ T5882] usb 1-1: Product: syz
[  545.001779][ T5882] usb 1-1: Manufacturer: syz
[  545.019606][ T5882] usb 1-1: SerialNumber: syz
[  545.055824][ T9943] 8021q: adding VLAN 0 to HW filter on device team0
[  545.144551][ T3506] bridge0: port 1(bridge_slave_0) entered blocking state
[  545.151795][ T3506] bridge0: port 1(bridge_slave_0) entered forwarding state
[  545.186233][ T3506] bridge0: port 2(bridge_slave_1) entered blocking state
[  545.193482][ T3506] bridge0: port 2(bridge_slave_1) entered forwarding state
[  545.619229][ T5882] usb 1-1: USB disconnect, device number 13
[  546.945225][ T9943] 8021q: adding VLAN 0 to HW filter on device batadv0
[  547.047199][ T9929] Bluetooth: hci5: command tx timeout
[  550.595126][T10080] netlink: 32 bytes leftover after parsing attributes in process `syz.3.991'.
[  550.888010][ T9943] veth0_vlan: entered promiscuous mode
[  550.970799][ T9943] veth1_vlan: entered promiscuous mode
[  551.041231][T10082] 9pnet_fd: Insufficient options for proto=fd
[  551.059498][T10082] overlayfs: failed to clone upperpath
[  551.096163][ T9943] veth0_macvtap: entered promiscuous mode
[  551.116265][ T9943] veth1_macvtap: entered promiscuous mode
[  551.143671][ T9943] batman_adv: batadv0: Interface activated: batadv_slave_0
[  551.157821][ T9943] batman_adv: batadv0: Interface activated: batadv_slave_1
[  551.185059][ T9943] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  551.199514][ T9943] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  551.216362][ T9943] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  551.225714][ T9943] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  551.286878][ T5925] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  551.337572][ T5960] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  551.368068][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  551.381729][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  551.453287][ T5925] usb 4-1: Using ep0 maxpacket: 16
[  551.458832][ T3506] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  551.466674][ T3506] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  551.483236][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  551.496892][ T5960] usb 5-1: Using ep0 maxpacket: 8
[  551.498081][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  551.512068][ T5960] usb 5-1: unable to get BOS descriptor or descriptor too short
[  551.514134][ T5960] usb 5-1: config 4 has an invalid interface number: 147 but max is 0
[  551.544397][ T5960] usb 5-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[  551.557665][ T5925] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  551.570037][ T5960] usb 5-1: config 4 has no interface number 0
[  551.578995][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.592401][ T5960] usb 5-1: string descriptor 0 read error: -22
[  551.607024][ T5960] usb 5-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  551.612854][ T5925] usb 4-1: config 0 descriptor??
[  551.645234][ T5960] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.689147][ T5960] usb 5-1: Found UVC 0.02 device <unnamed> (04f2:b746)
[  551.727101][ T5960] usb 5-1: No valid video chain found.
[  551.895131][ T5960] usb 5-1: USB disconnect, device number 11
[  552.069052][ T5925] input: HID 05ac:8241 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:05AC:8241.0009/input/input11
[  552.181567][ T5925] appleir 0003:05AC:8241.0009: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0
[  553.736896][   T10] usb 4-1: reset high-speed USB device number 15 using dummy_hcd
[  554.526592][T10131] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1004'.
[  554.535799][T10131] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  554.543687][T10131] batman_adv: batadv0: Removing interface: batadv_slave_0
[  554.561607][ T9947] Bluetooth: hci0: command 0x0406 tx timeout
[  554.573266][ T9929] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  554.822688][ T5911] usb 4-1: USB disconnect, device number 15
[  554.848218][T10131] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  554.856157][T10131] batman_adv: batadv0: Removing interface: batadv_slave_1
[  555.933173][T10145] bridge1: entered allmulticast mode
[  556.331925][T10158] Context (ID=0x0) not attached to queue pair (handle=0x0:0x9)
[  556.736983][T10165] netlink: 'syz.3.1011': attribute type 10 has an invalid length.
[  556.745038][T10165] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1011'.
[  563.268445][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  574.036874][ T5925] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  574.315977][T10343] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1067'.
[  574.327184][T10343] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  574.338200][T10343] batman_adv: batadv0: Removing interface: batadv_slave_1
[  574.488704][ T5925] usb 1-1: Using ep0 maxpacket: 32
[  574.682897][ T5925] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[  574.709831][ T5925] usb 1-1: config 0 has no interface number 0
[  574.716042][ T5925] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  574.763927][ T5925] usb 1-1: config 0 interface 85 has no altsetting 0
[  574.794180][ T5925] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  574.823179][ T5925] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  575.317036][ T5925] usb 1-1: Product: syz
[  575.326844][ T5925] usb 1-1: Manufacturer: syz
[  575.338676][ T5925] usb 1-1: SerialNumber: syz
[  575.348757][ T5925] usb 1-1: config 0 descriptor??
[  576.027335][ T5925] appletouch 1-1:0.85: Geyser mode initialized.
[  576.048542][ T5925] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input12
[  576.250563][T10333] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1062'.
[  576.300434][   T10] usb 1-1: USB disconnect, device number 14
[  576.354342][   T10] appletouch 1-1:0.85: input: appletouch disconnected
[  576.977553][   T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  577.136836][   T10] usb 5-1: Using ep0 maxpacket: 16
[  577.156197][   T10] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  577.183487][   T10] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  577.212182][   T10] usb 5-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  577.241313][   T10] usb 5-1: config 0 interface 0 has no altsetting 0
[  577.258489][   T10] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  577.281482][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.329967][   T10] usb 5-1: config 0 descriptor??
[  577.511742][T10382] --map-set only usable from mangle table
[  577.563435][T10382] 9pnet_fd: Insufficient options for proto=fd
[  578.708896][   T10] usbhid 5-1:0.0: can't add hid device: -71
[  578.716886][   T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  578.787981][   T10] usb 5-1: USB disconnect, device number 12
[  580.324955][T10409] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1082'.
[  580.706546][T10409] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  580.719385][T10409] overlayfs: failed to set xattr on upper
[  580.739925][T10409] overlayfs: ...falling back to redirect_dir=nofollow.
[  580.771026][T10409] overlayfs: ...falling back to index=off.
[  580.809337][T10409] overlayfs: ...falling back to uuid=null.
[  580.822553][T10409] overlayfs: ...falling back to xino=off.
[  582.157002][ T9929] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  582.163498][ T9929] Bluetooth: hci0: command 0x0406 tx timeout
[  585.881257][T10458] syz.4.1096: attempt to access beyond end of device
[  585.881257][T10458] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  585.912556][T10458] EXT4-fs (nbd4): unable to read superblock
[  586.304440][T10462] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1097'.
[  586.316423][T10462] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  586.324737][T10462] batman_adv: batadv0: Removing interface: batadv_slave_0
[  586.625079][T10462] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  586.633796][T10462] batman_adv: batadv0: Removing interface: batadv_slave_1
[  587.550631][ T9947] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  587.553159][ T9929] Bluetooth: hci0: command 0x0406 tx timeout
[  587.613282][T10479] syz.3.1101: attempt to access beyond end of device
[  587.613282][T10479] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  588.434115][T10479] EXT4-fs (nbd3): unable to read superblock
[  594.675392][T10544] syz.0.1120: attempt to access beyond end of device
[  594.675392][T10544] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  594.762953][T10544] EXT4-fs (nbd0): unable to read superblock
[  596.796895][ T9947] Bluetooth: hci0: command 0x0406 tx timeout
[  596.868467][ T9929] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  597.198131][T10572] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1130'.
[  597.528817][T10575] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1131'.
[  599.655225][T10603] syz.5.1136: attempt to access beyond end of device
[  599.655225][T10603] nbd5: rw=4096, sector=2, nr_sectors = 2 limit=0
[  599.718370][T10603] EXT4-fs (nbd5): unable to read superblock
[  600.500369][T10620] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1142'.
[  601.827811][T10635] syz.3.1144: attempt to access beyond end of device
[  601.827811][T10635] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  601.926994][T10635] EXT4-fs (nbd3): unable to read superblock
[  602.455403][T10644] --map-set only usable from mangle table
[  602.793440][T10647] syz.4.1148: attempt to access beyond end of device
[  602.793440][T10647] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  602.807803][T10647] syz.4.1148: attempt to access beyond end of device
[  602.807803][T10647] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0
[  602.821726][T10647] Mount JFS Failure: -5
[  604.010000][T10663] 9pnet_fd: Insufficient options for proto=fd
[  607.166755][T10691] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1158'.
[  608.729792][T10700] bridge0: entered promiscuous mode
[  608.735364][T10700] macvlan2: entered promiscuous mode
[  609.055962][T10710] syz.0.1162: attempt to access beyond end of device
[  609.055962][T10710] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  609.071155][T10710] syz.0.1162: attempt to access beyond end of device
[  609.071155][T10710] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0
[  609.084996][T10710] Mount JFS Failure: -5
[  609.954041][T10715] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1166'.
[  611.284677][T10737] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.1170'.
[  611.573063][T10743] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1172'.
[  611.739196][T10750] syz.0.1171: attempt to access beyond end of device
[  611.739196][T10750] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  611.832791][T10750] EXT4-fs (nbd0): unable to read superblock
[  614.424249][ T9947] Bluetooth: hci0: command 0x0406 tx timeout
[  614.431992][ T9929] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  615.390416][T10791] syz.5.1181: attempt to access beyond end of device
[  615.390416][T10791] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0
[  615.405633][T10791] syz.5.1181: attempt to access beyond end of device
[  615.405633][T10791] nbd5: rw=0, sector=120, nr_sectors = 8 limit=0
[  615.419393][T10791] Mount JFS Failure: -5
[  617.941629][T10811] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1186'.
[  618.826922][T10823] syz.5.1189: attempt to access beyond end of device
[  618.826922][T10823] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0
[  618.842565][T10823] syz.5.1189: attempt to access beyond end of device
[  618.842565][T10823] nbd5: rw=0, sector=120, nr_sectors = 8 limit=0
[  618.856538][T10823] Mount JFS Failure: -5
[  623.275418][T10854] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1198'.
[  624.046541][T10871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1200'.
[  624.655972][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  625.555085][T10886] capability: warning: `syz.0.1204' uses 32-bit capabilities (legacy support in use)
[  625.611026][T10886] overlayfs: upper fs does not support file handles, falling back to index=off.
[  626.193490][T10897] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1207'.
[  626.224251][T10897] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1207'.
[  627.458533][T10909] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1213'.
[  632.742392][T10962] /dev/nbd1: Can't lookup blockdev
[  636.466969][ T5911] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  636.757873][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  636.815610][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  636.829515][ T5911] usb 5-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[  636.850910][ T5911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  636.873041][ T5911] usb 5-1: config 0 descriptor??
[  636.958388][T11005] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.1239'.
[  637.467814][ T5925] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  637.654189][ T5911] usbhid 5-1:0.0: can't add hid device: -71
[  637.669145][ T5911] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  637.710702][ T5911] usb 5-1: USB disconnect, device number 13
[  637.762142][ T5925] usb 4-1: Using ep0 maxpacket: 32
[  637.799238][ T5925] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  637.841487][ T5925] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  637.900377][ T5925] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  637.930180][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  637.941393][ T5925] usb 4-1: Product: syz
[  637.945682][ T5925] usb 4-1: Manufacturer: syz
[  637.953277][ T5925] usb 4-1: SerialNumber: syz
[  637.965966][ T5925] usb 4-1: config 0 descriptor??
[  638.187367][T11008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  638.196113][T11008] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  638.208652][   T30] audit: type=1326 audit(1755771195.668:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11007 comm="syz.3.1240" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff69398ebe9 code=0x0
[  638.323072][T11030] netlink: 'syz.4.1247': attribute type 2 has an invalid length.
[  638.776885][ T5911] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  638.948571][ T5911] usb 5-1: device descriptor read/64, error -71
[  639.237265][ T5911] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  639.387011][ T5911] usb 5-1: device descriptor read/64, error -71
[  639.507365][ T5911] usb usb5-port1: attempt power cycle
[  639.937024][ T5911] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  639.991692][ T5911] usb 5-1: device descriptor read/8, error -71
[  640.213621][ T5960] usb 4-1: USB disconnect, device number 16
[  640.247942][ T5911] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  640.296350][ T5911] usb 5-1: device descriptor read/8, error -71
[  640.427069][ T5911] usb usb5-port1: unable to enumerate USB device
[  643.677099][ T9929] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  643.683631][ T9929] Bluetooth: hci0: command 0x0406 tx timeout
[  645.445582][T11124] fuse: Unknown parameter '0x000000000000000700000000000000000000'
[  646.052510][T11136] Invalid source name
[  646.085734][T11136] can0: slcan on ptm0.
[  646.418239][T11136] can0 (unregistered): slcan off ptm0.
[  648.197657][ T9947] Bluetooth: hci0: command 0x0406 tx timeout
[  648.210124][ T9929] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  649.134441][T11184] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1286'.
[  649.150619][T11183] syz.4.1287: attempt to access beyond end of device
[  649.150619][T11183] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  649.487063][T11183] EXT4-fs (nbd4): unable to read superblock
[  650.006831][   T30] audit: type=1326 audit(1755771207.468:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11189 comm="syz.0.1288" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cbdb8ebe9 code=0x0
[  650.168996][T11192] netlink: 'syz.1.1290': attribute type 10 has an invalid length.
[  650.994515][T11192] mac80211_hwsim hwsim17 wlan1: entered promiscuous mode
[  651.075093][T11192] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  653.276881][ T9929] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  653.289312][ T9929] Bluetooth: hci0: command 0x0406 tx timeout
[  655.186229][   T30] audit: type=1326 audit(1755771212.648:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11238 comm="syz.1.1301" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f74b658ebe9 code=0x0
[  656.411242][ T5960] usb 4-1: new low-speed USB device number 17 using dummy_hcd
[  656.676575][ T5960] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  656.786137][ T5960] usb 4-1: config 0 has no interface number 0
[  656.918909][ T5960] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 37389, setting to 8
[  657.119428][ T5960] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  657.256567][ T5960] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.546489][ T5960] usb 4-1: config 0 descriptor??
[  657.554930][T11247] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  657.573833][ T5960] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  658.122751][ T5960] usb 4-1: USB disconnect, device number 17
[  660.100937][T11301] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1315'.
[  660.132483][T11303] /dev/nbd1: Can't lookup blockdev
[  660.158073][T11304] Context (ID=0x0) not attached to queue pair (handle=0x0:0x9)
[  661.670617][T11316] xt_hashlimit: max too large, truncated to 1048576
[  663.291153][T11336] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1330'.
[  664.064048][T11338] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1327'.
[  664.428606][T11346] netlink: 'syz.5.1331': attribute type 1 has an invalid length.
[  669.189083][T11407] syz.0.1344: attempt to access beyond end of device
[  669.189083][T11407] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  669.563831][T11407] EXT4-fs (nbd0): unable to read superblock
[  669.988576][T11416] syz_tun: entered allmulticast mode
[  670.133235][T11416] dvmrp8: entered allmulticast mode
[  670.215777][T11413] syz_tun: left allmulticast mode
[  670.233001][T11413] dvmrp8: left allmulticast mode
[  674.073194][   T30] audit: type=1326 audit(1755771231.538:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11448 comm="syz.0.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbdb8ebe9 code=0x7ffc0000
[  674.164360][   T30] audit: type=1326 audit(1755771231.568:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11448 comm="syz.0.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f6cbdb8ebe9 code=0x7ffc0000
[  674.261954][   T30] audit: type=1326 audit(1755771231.568:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11448 comm="syz.0.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbdb8ebe9 code=0x7ffc0000
[  674.367939][   T30] audit: type=1326 audit(1755771231.568:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11448 comm="syz.0.1357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6cbdb8ebe9 code=0x7ffc0000
[  676.080193][ T9947] Bluetooth: hci0: command 0x0406 tx timeout
[  676.086585][ T9929] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  676.742078][T11490] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1366'.
[  676.889388][T11495] syz.0.1367: attempt to access beyond end of device
[  676.889388][T11495] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0
[  677.126829][T11495] EXT4-fs (nbd0): unable to read superblock
[  678.398153][   T31] INFO: task syz.2.922:9803 blocked for more than 143 seconds.
[  678.428111][   T31]       Not tainted 6.16.0-syzkaller #0
[  678.434139][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  678.885749][   T31] task:syz.2.922       state:D stack:23912 pid:9803  tgid:9800  ppid:8213   task_flags:0x400140 flags:0x00004006
[  678.899397][   T31] Call Trace:
[  678.902848][   T31]  <TASK>
[  678.906220][   T31]  __schedule+0x16aa/0x4c90
[  678.930751][   T31]  ? schedule+0x165/0x360
[  678.945035][   T31]  ? __pfx___schedule+0x10/0x10
[  678.956780][   T31]  ? schedule+0x91/0x360
[  678.965804][   T31]  schedule+0x165/0x360
[  678.985218][   T31]  schedule_timeout+0x9a/0x270
[  679.000706][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  679.020963][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  679.036618][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  679.052953][   T31]  ? wait_for_completion+0x267/0x5d0
[  679.072176][   T31]  wait_for_completion+0x2bf/0x5d0
[  679.089078][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  679.108988][   T31]  ? up_write+0x1c4/0x420
[  679.135463][   T31]  ? remove_client_context+0xc0/0x1e0
[  679.146781][   T31]  disable_device+0x1c6/0x320
[  679.151669][   T31]  ? __pfx_disable_device+0x10/0x10
[  679.166777][   T31]  __ib_unregister_device+0x2cb/0x3f0
[  679.172314][   T31]  ? __pfx_ib_device_get_by_index+0x10/0x10
[  679.199905][   T31]  ib_unregister_device_and_put+0xb8/0xf0
[  679.205902][   T31]  nldev_dellink+0x2d1/0x320
[  679.226768][   T31]  ? __pfx_nldev_dellink+0x10/0x10
[  679.232179][   T31]  ? rcu_is_watching+0x15/0xb0
[  679.257242][   T31]  ? cap_capable+0x11f/0x460
[  679.261995][   T31]  ? safesetid_security_capable+0xa9/0x1a0
[  679.279689][   T31]  ? bpf_lsm_capable+0x9/0x20
[  679.284561][   T31]  ? security_capable+0x7e/0x2e0
[  679.296741][   T31]  ? __pfx_nldev_dellink+0x10/0x10
[  679.302006][   T31]  rdma_nl_rcv+0x6ae/0x980
[  679.306540][   T31]  ? __pfx_rdma_nl_rcv+0x10/0x10
[  679.332978][   T31]  ? __lock_acquire+0xab9/0xd20
[  679.343760][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  679.358686][   T31]  ? netlink_deliver_tap+0x2e/0x1b0
[  679.368715][   T31]  netlink_unicast+0x75c/0x8e0
[  679.381542][   T31]  netlink_sendmsg+0x805/0xb30
[  679.386808][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  679.392240][   T31]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  679.416729][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[  679.422195][   T31]  __sock_sendmsg+0x21c/0x270
[  679.427156][   T31]  ____sys_sendmsg+0x505/0x830
[  679.432059][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[  679.456747][   T31]  ? import_iovec+0x74/0xa0
[  679.461424][   T31]  ___sys_sendmsg+0x21f/0x2a0
[  679.466236][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[  679.476791][   T31]  ? __fget_files+0x2a/0x420
[  679.482717][   T31]  ? __fget_files+0x3a0/0x420
[  679.496745][   T31]  __x64_sys_sendmsg+0x19b/0x260
[  679.501842][   T31]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  679.517060][   T31]  ? do_user_addr_fault+0xc8a/0x1390
[  679.522487][   T31]  ? do_syscall_64+0xbe/0x3b0
[  679.546752][   T31]  do_syscall_64+0xfa/0x3b0
[  679.551394][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  679.556791][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.562989][   T31]  ? clear_bhb_loop+0x60/0xb0
[  679.586762][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.592839][   T31] RIP: 0033:0x7fd081d8ebe9
[  679.606742][   T31] RSP: 002b:00007fd07ffd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  679.615350][   T31] RAX: ffffffffffffffda RBX: 00007fd081fb6090 RCX: 00007fd081d8ebe9
[  679.636721][   T31] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000006
[  679.644925][   T31] RBP: 00007fd081e11e19 R08: 0000000000000000 R09: 0000000000000000
[  679.666749][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  679.674923][   T31] R13: 00007fd081fb6128 R14: 00007fd081fb6090 R15: 00007ffd08f625c8
[  679.696763][   T31]  </TASK>
[  679.706802][   T31] 
[  679.706802][   T31] Showing all locks held in the system:
[  679.714898][   T31] 1 lock held by khungtaskd/31:
[  679.737603][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  679.842608][   T31] 2 locks held by getty/5595:
[  679.848699][   T31]  #0: ffff8880352c90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  679.858965][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  679.870444][   T31] 1 lock held by syz-executor/5839:
[  679.875848][   T31]  #0: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  679.889862][   T31] 4 locks held by kworker/u8:13/9173:
[  679.895827][   T31]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  679.909355][   T31]  #1: ffffc9000b997bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  679.920738][   T31]  #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[  679.931470][   T31]  #3: ffff88807a2b06d0 (&device->unregistration_lock){+.+.}-{4:4}, at: rdma_dev_change_netns+0x39/0x300
[  679.950410][   T31] 2 locks held by syz.2.922/9803:
[  679.955655][   T31]  #0: ffffffff99e3a4d8 (&rdma_nl_types[idx].sem){.+.+}-{4:4}, at: rdma_nl_rcv+0x302/0x980
[  679.977078][   T31]  #1: ffff88807a2b06d0 (&device->unregistration_lock){+.+.}-{4:4}, at: __ib_unregister_device+0x284/0x3f0
[  679.989946][   T31] 1 lock held by syz.1.1370/11503:
[  679.997352][   T31] 
[  679.999856][   T31] =============================================
[  679.999856][   T31] 
[  680.017531][   T31] NMI backtrace for cpu 1
[  680.017550][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  680.017572][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  680.017583][   T31] Call Trace:
[  680.017591][   T31]  <TASK>
[  680.017599][   T31]  dump_stack_lvl+0x189/0x250
[  680.017631][   T31]  ? __wake_up_klogd+0xd9/0x110
[  680.017661][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  680.017683][   T31]  ? __pfx__printk+0x10/0x10
[  680.017718][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  680.017778][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  680.017804][   T31]  ? _printk+0xcf/0x120
[  680.017834][   T31]  ? __pfx__printk+0x10/0x10
[  680.017862][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  680.017894][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  680.017927][   T31]  watchdog+0xfee/0x1030
[  680.017960][   T31]  ? watchdog+0x1de/0x1030
[  680.017996][   T31]  kthread+0x70e/0x8a0
[  680.018027][   T31]  ? __pfx_watchdog+0x10/0x10
[  680.018055][   T31]  ? __pfx_kthread+0x10/0x10
[  680.018084][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  680.018103][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  680.018122][   T31]  ? __pfx_kthread+0x10/0x10
[  680.018148][   T31]  ret_from_fork+0x3fc/0x770
[  680.018172][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  680.018199][   T31]  ? __switch_to_asm+0x39/0x70
[  680.018221][   T31]  ? __switch_to_asm+0x33/0x70
[  680.018243][   T31]  ? __pfx_kthread+0x10/0x10
[  680.018270][   T31]  ret_from_fork_asm+0x1a/0x30
[  680.018312][   T31]  </TASK>
[  680.018369][   T31] Sending NMI from CPU 1 to CPUs 0:
[  680.179115][    C0] NMI backtrace for cpu 0
[  680.179133][    C0] CPU: 0 UID: 0 PID: 11503 Comm: syz.1.1370 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  680.179154][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  680.179164][    C0] RIP: 0010:unwind_next_frame+0x655/0x2390
[  680.179187][    C0] Code: 0f 84 5b 10 00 00 48 83 c7 10 e9 73 01 00 00 83 fb 04 0f 84 7b 01 00 00 83 fb 05 0f 85 36 0c 00 00 48 8b 44 24 58 80 3c 28 00 <74> 11 4c 89 ff e8 61 5c ad 00 48 8b 34 24 48 8b 54 24 08 4d 8b 27
[  680.179201][    C0] RSP: 0018:ffffc900104af478 EFLAGS: 00000246
[  680.179217][    C0] RAX: 1ffff92002095eb0 RBX: 0000000000000005 RCX: ffffffff8fd8949c
[  680.179230][    C0] RDX: ffffffff90663690 RSI: ffffffff90663694 RDI: ffffffff8be1b9e0
[  680.179242][    C0] RBP: dffffc0000000000 R08: 0000000000000001 R09: ffffffff8172aae5
[  680.179253][    C0] R10: ffffc900104af598 R11: ffffffff81acfd40 R12: ffffffff90663695
[  680.179264][    C0] R13: ffffc900104af598 R14: ffffc900104af548 R15: ffffc900104af580
[  680.179276][    C0] FS:  00007f74b73646c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
[  680.179291][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  680.179302][    C0] CR2: 00007f6cbdd812f8 CR3: 000000005ca7c000 CR4: 00000000003526f0
[  680.179319][    C0] DR0: fffffffffffffff1 DR1: 64cd6b2aec9cee78 DR2: 0000000000000000
[  680.179330][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  680.179341][    C0] Call Trace:
[  680.179347][    C0]  <TASK>
[  680.179356][    C0]  ? unwind_next_frame+0xa5/0x2390
[  680.179374][    C0]  ? io_submit_sqes+0xc31/0x1c50
[  680.179399][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  680.179419][    C0]  arch_stack_walk+0x11c/0x150
[  680.179439][    C0]  ? io_submit_sqes+0xc31/0x1c50
[  680.179462][    C0]  stack_trace_save+0x9c/0xe0
[  680.179481][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  680.179505][    C0]  kasan_save_track+0x3e/0x80
[  680.179526][    C0]  ? kasan_save_track+0x3e/0x80
[  680.179546][    C0]  ? __kasan_slab_alloc+0x6c/0x80
[  680.179559][    C0]  ? kmem_cache_alloc_bulk_noprof+0x4e0/0x790
[  680.179576][    C0]  ? __io_alloc_req_refill+0x9d/0x280
[  680.179592][    C0]  ? io_submit_sqes+0xc31/0x1c50
[  680.179638][    C0]  __kasan_slab_alloc+0x6c/0x80
[  680.179656][    C0]  kmem_cache_alloc_bulk_noprof+0x4e0/0x790
[  680.179676][    C0]  ? kmem_cache_alloc_bulk_noprof+0xfa/0x790
[  680.179692][    C0]  ? percpu_ref_put_many+0x22/0x240
[  680.179712][    C0]  __io_alloc_req_refill+0x9d/0x280
[  680.179730][    C0]  ? __pfx___io_alloc_req_refill+0x10/0x10
[  680.179763][    C0]  io_submit_sqes+0xc31/0x1c50
[  680.179802][    C0]  __se_sys_io_uring_enter+0x2df/0x2b20
[  680.179819][    C0]  ? __pfx_futex_wait+0x10/0x10
[  680.179846][    C0]  ? __mm_populate+0x308/0x380
[  680.179869][    C0]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  680.179883][    C0]  ? do_futex+0x333/0x420
[  680.179900][    C0]  ? up_write+0x1c4/0x420
[  680.179920][    C0]  ? __pfx_do_futex+0x10/0x10
[  680.179937][    C0]  ? vm_mmap_pgoff+0x3f0/0x4c0
[  680.179961][    C0]  ? __se_sys_futex+0x36f/0x400
[  680.179984][    C0]  ? rcu_is_watching+0x15/0xb0
[  680.180003][    C0]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  680.180020][    C0]  do_syscall_64+0xfa/0x3b0
[  680.180036][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  680.180052][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.180068][    C0]  ? clear_bhb_loop+0x60/0xb0
[  680.180086][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.180100][    C0] RIP: 0033:0x7f74b658ebe9
[  680.180115][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.180128][    C0] RSP: 002b:00007f74b7364038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  680.180144][    C0] RAX: ffffffffffffffda RBX: 00007f74b67b5fa0 RCX: 00007f74b658ebe9
[  680.180156][    C0] RDX: 0000000000000000 RSI: 00000000000047f6 RDI: 0000000000000003
[  680.180167][    C0] RBP: 00007f74b6611e19 R08: 0000000000000000 R09: 0000000000000000
[  680.180177][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  680.180187][    C0] R13: 00007f74b67b6038 R14: 00007f74b67b5fa0 R15: 00007ffddcb07768
[  680.180207][    C0]  </TASK>
[  680.192492][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  680.192513][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  680.192536][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  680.192548][   T31] Call Trace:
[  680.192556][   T31]  <TASK>
[  680.192566][   T31]  dump_stack_lvl+0x99/0x250
[  680.192590][   T31]  ? __asan_memcpy+0x40/0x70
[  680.192617][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  680.192643][   T31]  ? __pfx__printk+0x10/0x10
[  680.192679][   T31]  panic+0x2db/0x790
[  680.192704][   T31]  ? __pfx_panic+0x10/0x10
[  680.192722][   T31]  ? __pfx_delay_tsc+0x10/0x10
[  680.192746][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  680.192771][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  680.192798][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  680.192830][   T31]  watchdog+0x102d/0x1030
[  680.192859][   T31]  ? watchdog+0x1de/0x1030
[  680.192892][   T31]  kthread+0x70e/0x8a0
[  680.192919][   T31]  ? __pfx_watchdog+0x10/0x10
[  680.192943][   T31]  ? __pfx_kthread+0x10/0x10
[  680.192969][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  680.192987][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  680.193013][   T31]  ? __pfx_kthread+0x10/0x10
[  680.193038][   T31]  ret_from_fork+0x3fc/0x770
[  680.193059][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  680.193083][   T31]  ? __switch_to_asm+0x39/0x70
[  680.193104][   T31]  ? __switch_to_asm+0x33/0x70
[  680.193124][   T31]  ? __pfx_kthread+0x10/0x10
[  680.193148][   T31]  ret_from_fork_asm+0x1a/0x30
[  680.193184][   T31]  </TASK>
[  680.740908][   T31] Kernel Offset: disabled
[  680.745321][   T31] Rebooting in 86400 seconds..