last executing test programs:

23m38.346187586s ago: executing program 32 (id=321):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
r1 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r1, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)

18m18.184752908s ago: executing program 0 (id=1491):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x5c399000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_MMIO(0x0, 0x20, &(0x7f0000000100)="64be365de974de7ab149b947a8218d12625b0c29c0496e90", 0x0, 0x18)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x64, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x64}}, 0x0)

18m16.930692081s ago: executing program 0 (id=1496):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x1018}, './file0\x00'})

18m13.001707169s ago: executing program 33 (id=1471):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r0, 0x0, 0x0, 0x20004041, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x13}, 0x7}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r1)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0xf34)
syz_emit_ethernet(0x0, 0x0, 0x0)
setitimer(0x2, &(0x7f0000000180)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000000300)=""/102392, 0x18ff8)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="090000000000000000000200000014000180050002"], 0x28}}, 0x0)

18m12.668176553s ago: executing program 0 (id=1503):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r1})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x2, r1, 0x0, &(0x7f0000000800)="e200e743f60cba1335bad8075c67c2a666c492f56b95b9ac03424eb972866b35db7042a0e161eb677623441dff54154f9b6cc2306a63038110298587db632012fc06f51dc603ed4cc4e3e1e707e6c5d5fd3fec24ffa0fe9af2c8715fc216e73976f388f309b1fc81648b2ce6c133326325c04010972abb2353d86421329950ab8bb9e4f3c549d28e8033052764f40211ca34f639f1e3ff49f591f7a62eba08796105cac579836a662719fce4d149192777336396e49d2a6a1ea35cccd8e756e6e23f960930d4e306be6765b9933789c1c4ae58035e78d7c8a160afccdf842ffdefe2cbd698e78c4be5ddb75a2a30ac0ff16a2528fdd3e71aa6fd6031c85f1707ac1a6e5d037ba0823a94f56e10ecadcf72563f578bb9d4071450c667eec895351a921205dfdfa4e0e505bddf426331c4273ae9f83d4f6e51dfb6ab515da9634152fd1387d6af51be964da15b35cf7b621a3355914496a6ea006e4f103eb08721986eac1d26210a13c8af12e4c62a3bea34e6a74f2a1e46296ae96218f94438e33648b233317c931b360ea0ccb12ba8d39308aff449a701c844ac848ffaf7cfd9ca6a1e1a6ef2e55e2505fda8989684392398cbeb74202ba97d22e6ed43ca109fc4c6b0499cafb6a38fa86df3623ce71d3579b857bfdcaddd4eddf7442134377017d404a9828937ae11e411b1f2f33b5ba2c35c5d4db5747e0df7b571b7c15ced43fc7393d9cb585af46cd7b5dd43bdef4c70c27bc21a4c5c80e6d4c6f96d14b8b6cc81c715ad887ba31ec9f5cd1a87951f27fd7af0c00b11b760abfd6dce3211a5ee63ebe69376ea4e50474f3b2f83b78edd55e1a2e77c0ae798e8a47fdfe55e6202764c9dffaadba4d975ab770156eee52b6418b2e0cd0d561668846a3260175b778788b01585bc4daf06616c0e94d350f8781c9635fda345bb967c2fd13ea5da882676f836f3c5ac25938b76c0cdcd19b68e1dbb6c8cd8279765c0be7fd0fa2cac8cd49c71a28f35aa09a821752d356005d7487457d20a7cf3c99f8db3e773d7196c7da1926b2e1154055b39234601a50d0ef68c82d22c3f088b3f6cfa6c9c616c88d5e1b81c9b970adc86bbd1e9d421a7935731033576fd5038b09c3429a02fe379f250a6210ac3e69f67fd832ed9670ecfe040ec762adc52eba87afc177778ebfe96617d0cf1ef6ebad62e19de247bcb1660beceae1de7ae820fae53372fd1fd3b585c4269b69edc07f9902daf58b5a25901057206be2b6a4063730d367081f83143f756c1b31214f6abe89cf78751456fc4d81f666572f800640bd04fe6d0637f4fcbe8f494f0e617cb4baa3459d82f196a0c9e20f433fb36d23bfee1663bc6d4b53fc5805488397b2beafa6a04e1d3fbb6f3e39a0c7997c202ec5959637e123808c4077308181cbf7acb36867a7b860eb624a25aafda95e3ff5308fd106cc3287ce872e1f8323db124d6f03490352d57fcf60c619abe7ef81f51cb70ae9bd2f02f06e8a7c41e6b439bec84515f1ae83b39cffe8370e8bb2bc09c35f346ad6cb7526a779b870fed04dd9cb658ba3ad4484c4cd6fb19e9a4e071978a072120ee5fef2b1728a289bf645f536c4284a09479fd73a89eea9d72a30066a5e56524366a6faf8eeda9ddf5600e7efba256987f73210403687813be1263791bad9c76b43056574f09b4b5ba473b938e87dec42544223648f2db2cd98a96ab3109975b4f7bb769b77ac5cda8a6aed392ecc7919fdf86950dd2d66bf1bee55e4a11c57b685caccc799fe7bb80f92f10802ca95cf72fcf3dc2aab8c4af99ef4c09db6103a1fd06ec186706d56d2059bf20d517c7fae1e3e8744b088f97fe6fa4a6ea603cc201f46e989c9644c72619957f01d0b3721a6586d8f223b7e80ad14ed4f728798766dccb3a2c94c4ed1764e4e2369953bb6244d43ca4db909a2d70d80953ba26c3aa2a0468719323c52a9b43815f29c8b44691f3618d26f2c26f00937d0d72671987c9a495b262d13cdaa183957e4d74f417aa5c25b8c9fcc99ddb0b96721a419715d59f10f557e7cd94407d573f28688d15ef24066cf06337c9f68ecbbd59dcff7ea064a0ff91b833d31bc35a8abe3ab55181297075a62f0e0b19bb0a036dc0c3e3d7dd57c0e4ea629ca78255d2620aeb2c35cb32de12e0bce404ff6067fc0cdc46fab731569b9edb7ae59a8162b4901d0c0aa50d0d9a010b405c57a18611dd9cb020a969c9d3410bc3e8690eabcb343879f5d709a5162e06c91372eee37fe3eb7bdf6cf9e10b407763d507d54e73af873d8b7e25e9062aa7ed6a6de2f3a35c7c374bb6b535d61841bf04600c9988e77dc0a13765022f121be57b66b330fbfbb9e34d799a25ac91365d5c84e5dc275aa25256c827059b1dfcfd76d677db2cba2b468121f7acc7b700a639916350adef8ae361ab9b2adefbc73f2ccb84796017c77d41064ca8f6afc7971d62d14f5eed55fdf248038b9c035c3439c1a9c0aff4a424000f1619539b901c8a155d619bec33e4e7da45d0d3a2fcc515c22ff149173b428484d5e794cc27f77892863e2b2250fe7d43aa0d837529722616a318be030cd476c11fd2db42a8b913ee446818b1bc22452d7b3f35c400f121337bd4273490e4456e77f161962735da949f973f7612bab9a117b2a6bad967b0dfe2365115ac8e2aa3e52cbe744a01ac8b43f9bb9d3d6020c001bdc56e16b063ab4b6dd64be9722e39d4fc46f739357afa6884e36d161e6a266cbedd959b07ac307c0e55afc17e1e91f4bcca893461e2580d102fe71c701bbec5d23d62e5707f42e41e767099b5e7c91c2e4ea4266282ae2aae41145e5871a294729bb91fc82a9a7044b677751fa187fb655dd9defdb7cf3ff734a30c4e8025c8e0151c386b27208878a2", 0x800, 0x9})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
close_range(r2, 0xffffffffffffffff, 0x0)

18m11.531963928s ago: executing program 0 (id=1506):
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x2, 0x38)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x2406c014, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000400), 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$TCSETSW(r4, 0x5453, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xeb5, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)

18m9.943837502s ago: executing program 0 (id=1508):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x200ec2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = eventfd(0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f0000000140), 0x10)
r2 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679d, 0x400, 0x2000006, 0x3ce}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r1, 0x0, &(0x7f0000000240)="144024aeae8b2b5d63f7449a372e1406d4defe495b5744eed6801d1d51e1d3fcdcf25bdf4a5f2ef4b45d6898757795c858f0c3d4b26bd644", 0x38, 0x2400c0c7, 0x1})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240)=r0)

18m1.926837189s ago: executing program 0 (id=1522):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
ioctl$KVM_TDX_FINALIZE_VM(r0, 0xc008aeba, &(0x7f0000000040))
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1414310abc1f409f5293bf08dfff3a00010025bd7000fcff070000"], 0x14}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, 0x0, 0x9590f6cc3ea35512)
sendto(r1, &(0x7f0000000000), 0x0, 0x4000080, 0x0, 0x0)
r8 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0x22780, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f0000000240)={'ni_at_a2150\x00', [0xb013, 0x2f, 0x10000, 0xdd7, 0x88d7, 0x8f, 0x6, 0x8012, 0x1006, 0xc0000000, 0x10000005, 0x1, 0x10000009, 0x0, 0x800007, 0xfdfffffd, 0x8, 0x6, 0x9, 0x8e, 0x4, 0xffffffff, 0x7, 0xb, 0x4, 0x1, 0xb0c4, 0x800, 0x20004, 0x400002, 0x22]})

17m50.190386803s ago: executing program 34 (id=1518):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x12, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000000)={0x5})
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)={'#! ', './file0', [{}, {0x20, '#! '}]}, 0x10)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
setresuid(0xee01, 0xee00, 0x0)
ioctl$VT_RESIZEX(r3, 0x4b71, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000080)=0x200000000)
r5 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
syz_usb_control_io$uac1(r5, 0x0, &(0x7f0000000540)={0x24, &(0x7f0000000840)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_open_procfs(0x0, 0x0)
r7 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)
preadv(r6, &(0x7f00000001c0)=[{0x0}], 0x1, 0x205b, 0x100)
syz_usb_connect$uac1(0x2, 0xa3, 0x0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

17m46.340474953s ago: executing program 35 (id=1522):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
ioctl$KVM_TDX_FINALIZE_VM(r0, 0xc008aeba, &(0x7f0000000040))
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1414310abc1f409f5293bf08dfff3a00010025bd7000fcff070000"], 0x14}}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, 0x0, 0x9590f6cc3ea35512)
sendto(r1, &(0x7f0000000000), 0x0, 0x4000080, 0x0, 0x0)
r8 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0x22780, 0x0)
ioctl$COMEDI_DEVCONFIG(r8, 0x40946400, &(0x7f0000000240)={'ni_at_a2150\x00', [0xb013, 0x2f, 0x10000, 0xdd7, 0x88d7, 0x8f, 0x6, 0x8012, 0x1006, 0xc0000000, 0x10000005, 0x1, 0x10000009, 0x0, 0x800007, 0xfdfffffd, 0x8, 0x6, 0x9, 0x8e, 0x4, 0xffffffff, 0x7, 0xb, 0x4, 0x1, 0xb0c4, 0x800, 0x20004, 0x400002, 0x22]})

12m39.686964018s ago: executing program 3 (id=2506):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x58, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x44, 0x1, [@m_sample={0x40, 0x1, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x526}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x58}}, 0x0)

12m39.222585153s ago: executing program 3 (id=2508):
unshare(0x2000600)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$phonet(0x23, 0x2, 0x1)
r0 = syz_io_uring_setup(0x6440, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(r1, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x3, 0x1, 0x0, 0x7ff})
r3 = memfd_create(&(0x7f0000001340)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9\xd6\x1c\x1b*\x9a!?\x7f\xa5\xad\x9a,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%<\x00\x00\x00\x00\x00\x00\x00\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19>\xf3\xa5:\'X\x81C\x12\'\xd9\xb8\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodHd]\xae\xc8W(\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00C=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{&\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa6E\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+\x02\x00\x00\x00\x00\x00\x00\x00\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x03\x00\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8aQ\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F91 ^x\x85\x80[\xa3B\n#!\xc2R\xdd\xf4)\xba\x1e\xfb6U\xabc\xda\x9a)\xc3\x9a\x06\xc5\xccP)\xdf.\xa7-\x84\xdf8\xbf\xfc1^}B\xee\xccR/z\x1e\xe8\x1e\x99\x99\n\xf4u\xd4\xbd^L\xb2j\xda\x02\x1e\x10\xc8\xad\xbd_OI\xb1\xe8y\x003\a\x06\x92\x8e\n\x8b\xf3\xd4G\x85\xbd\x1a\x81+3\x99jq\xd1\xacK^\xef\xb6!8\xcd?\x1e\\\x16W2\xbd4$zn\xa9\x7f\x9dE\xaf\x0f\xdb\xe0\xfa\x10\xc3\xb2\xf8\x80\x8c\xec$\xda\x16\xc8\xfbAF\x85\xca\v\xee\x12\xcf\x10\x06\xa6\x9a(\x1a\x86\x9c', 0x1)
write$binfmt_misc(r3, &(0x7f0000000180)="e502", 0x2)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='.'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

12m38.263576284s ago: executing program 3 (id=2510):
r0 = syz_usb_connect$sierra_net(0x5, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000040)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$inet(0x2, 0x5, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x101, 0x0)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
r7 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x80, 0x0)
write$proc_mixer(r6, &(0x7f0000000200)=ANY=[@ANYBLOB="4441474954414c310a4241535320274344204361707475726520537769746368272030303030303030303030303030303030303030300a494741494e0a07ebbc5599"], 0x3d)
dup3(r7, r6, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

12m34.708490081s ago: executing program 3 (id=2517):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x58, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x44, 0x1, [@m_sample={0x40, 0x1, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x526}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x58}}, 0x0)

12m26.421520928s ago: executing program 3 (id=2526):
r0 = syz_usb_connect$sierra_net(0x5, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000040)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$inet(0x2, 0x5, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x101, 0x0)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
r7 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x80, 0x0)
write$proc_mixer(r6, &(0x7f0000000200)=ANY=[@ANYBLOB="4441474954414c310a4241535320274344204361707475726520537769746368272030303030303030303030303030303030303030300a494741494e0a07ebbc5599"], 0x3d)
dup3(r7, r6, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

12m22.704988706s ago: executing program 3 (id=2533):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x3)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0])
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r2, &(0x7f0000004100)={0x2020}, 0x2020)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="400000001000090600"/18, @ANYRES32=0x0, @ANYBLOB="a7ffa88800000000200012800900010069706970000000fa0f000280040013000500090000000008f33a5798cb485f3a9776f093ab3e544599d87862ad961fa67f7215b55c42d37b9a100eb2ec063287898534c013c8f11d376156badd398f094e0e3b0cae09b813a27158392211de2312f2526854a5a004cb08dad59319ee0f21d26b"], 0x40}}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r6=>0x0})
socket(0x400000000010, 0x3, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
read$FUSE(r7, &(0x7f0000002640)={0x2020}, 0x2020)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4800000010000104000000000007000000000000", @ANYRES32=r6, @ANYBLOB="3f00000006020400280012800b0001006272696467650000180002800c002e0003000000030000000500070008"], 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, 0x0, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_udp(0x2, 0x2, 0x0)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040)="11da3cf44b1a8c3d8a39ccbd630e8ef9170ccf07ef1800322de53ae3b183ee66", 0x20)

12m7.185141024s ago: executing program 36 (id=2533):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x3)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0])
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r2, &(0x7f0000004100)={0x2020}, 0x2020)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="400000001000090600"/18, @ANYRES32=0x0, @ANYBLOB="a7ffa88800000000200012800900010069706970000000fa0f000280040013000500090000000008f33a5798cb485f3a9776f093ab3e544599d87862ad961fa67f7215b55c42d37b9a100eb2ec063287898534c013c8f11d376156badd398f094e0e3b0cae09b813a27158392211de2312f2526854a5a004cb08dad59319ee0f21d26b"], 0x40}}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r6=>0x0})
socket(0x400000000010, 0x3, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
read$FUSE(r7, &(0x7f0000002640)={0x2020}, 0x2020)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4800000010000104000000000007000000000000", @ANYRES32=r6, @ANYBLOB="3f00000006020400280012800b0001006272696467650000180002800c002e0003000000030000000500070008"], 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, 0x0, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_udp(0x2, 0x2, 0x0)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000040)="11da3cf44b1a8c3d8a39ccbd630e8ef9170ccf07ef1800322de53ae3b183ee66", 0x20)

5m36.738795149s ago: executing program 6 (id=3332):
r0 = syz_usb_connect$sierra_net(0x5, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000040)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$inet(0x2, 0x5, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x101, 0x0)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
r7 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x80, 0x0)
write$proc_mixer(r6, &(0x7f0000000200)=ANY=[], 0x3d)
dup3(r7, r6, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

5m34.875285402s ago: executing program 6 (id=3335):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0900000006000000080000000800000042000000", @ANYRES32, @ANYBLOB="0000000000000000199f000000000000000700004f738599803a0e934ee902648301e771a6daca881fe05a9c1ade6b8607a5d2c7fbc9b96f2b106835729c12b94c8fd07e137c9c62b85587335fe2440561a1631558b661f12c601e0411c269d940e090d14894391becfd47c4379ee7fe9c012448054bcc12814a4e9a8f387573b6627e3845a2c8c7e48badb26c9eb6afb59124823a3a", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r0}, 0x38)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@delpolicy={0x50, 0x27, 0x1, 0x0, 0xfffffffb, {{@in6=@ipv4={'\x00', '\xff\xff', @empty}, @in6=@private0, 0x0, 0xfffd, 0xfff9, 0x0, 0x0, 0x20, 0x0, 0x5c}, 0x6e6bb9, 0x2}}, 0x50}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card3/oss_mixer\x00', 0x82082, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000300), 0x0, 0x0)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r6, &(0x7f0000000180), 0x10)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000440)={0x1, 0x0, [{0x400000f4, 0x0, 0x80000000806cd}]})
io_setup(0x9, &(0x7f0000000240)=<r10=>0x0)
io_submit(r10, 0x1, &(0x7f0000000100)=[&(0x7f00000000c0)={0x400000, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f0000000200)="0500000093c21faf16da39de706f646800580f02000000003f420f000000000000580f02000000003f420f00000000000029ffffff000000", 0x20000238}])

5m28.168254926s ago: executing program 6 (id=3380):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x54, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x54}}, 0x0)

5m26.66697023s ago: executing program 6 (id=3385):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
r2 = fcntl$dupfd(r1, 0x406, r1)
recvmmsg$unix(r2, &(0x7f0000001a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10041, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="f70747cbc9a32b8a8c13a5d13bed25558e50cf8fa60f9f20c159ebc22f44b65827eac029de48c4633aa264a97dfe9852a78b8501271ec1003f7eb7980d6ea0764294e2edfea5b43c2c4182270f9bdb9931a2f5f171f31ee9bcf46a507dd7afde55533773c3e7e7fe2d721703b9d0eb6d8e5e3c1311f18d7d5f1d8e7ac649fdef9487ff14ac24008720d9f4d9bf274794987ff29c179b13a3cf5007d2b84b727a1b97a276d9b2e21878e0039cb140f4e001fbc4780d302510930e6ada099c455a516538f64e9a0c5b2f"], 0xcc}, 0x1, 0x0, 0x0, 0xc800}, 0x800)

5m25.071695741s ago: executing program 6 (id=3390):
r0 = syz_io_uring_setup(0x5ce, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f00000001c0)=0x10)
bind$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x82e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00', <r6=>0x0})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000340)={{0x1, 0x1, 0x18, <r7=>r0, {0x1}}, './file0\x00'})
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5a}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003880)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c9f4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75055df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83766b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b556381768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42ddd5f393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8dc0d472672286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8455029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a82a6ef09d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b420e74c6bcdf1ed0b306141a83bf1268e954ad069257fbfaa1a7ea582badc1a7f2a5b0965f3535872d85c0bc3a233a3ea85df6a8ed76f0f803d54b7bef77d8ea71621f8a78dd17c3b58c5c7476ed6191acbb949e77f7cac81c543f7751e5e1000"/4545], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f00000006c0)=ANY=[@ANYRES32=r8, @ANYRES32=r8, @ANYBLOB="2f00000000000000000000003a3aaa340ae2b2da01f0adc24944844f1db1bc0127fbc4f9e955f8cdea505051e46313ce63aae9d73bbfc1e2fa10d8c7620d008e97d87adbd289e87682e3fbc72badded1c1f0ab047f3ca28189b370c749c6d654e5b6ea3bf343fb3c5524bd4d9310b898ee87c03c1e561b825d68e278dac04185960271c58f38dd8ca8b8ceb91e40cd366c5b51fc147437ae9197981b91f1612feb07", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
getsockname$packet(r7, &(0x7f00000005c0)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000600)=0x14)
socket$key(0xf, 0x3, 0x2)
setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r11 = syz_usb_connect$uac1(0x0, 0x96, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902840003010000000904000000010100000a2401000000020102072405000000000c24020106020604800e05090904010000010200000904010101010200000905010908000000000725010100000009040200000102000009040201"], 0x0)
syz_usb_control_io$uac1(r11, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000001040)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io(r11, &(0x7f00000021c0)={0x2c, 0x0, &(0x7f00000002c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44c}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r11, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x5, 0xfff, 0xfffffffe, 0x180, r5, 0xaa, '\x00', r10, 0xffffffffffffffff, 0x5, 0x1, 0x3, 0x3}, 0x50)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000780)=ANY=[@ANYRES32=r8, @ANYRES32=r9, @ANYBLOB="2f0000001420000004000000", @ANYRES32, @ANYBLOB="f7d66b48af1e2feccd22b8263073cbed8ef0fa2a7bfa613d8283525950f026f235d0289c8e31f54f05a4d00c1916d15ac009", @ANYRES64=0x0], 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1f, 0x15, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@cb_func={0x18, 0x1, 0x4, 0x0, 0xffffffffffffffff}, @alu={0x4, 0x0, 0x1, 0xa, 0x6, 0x0, 0x8}, @jmp={0x5, 0x1, 0x3, 0x9, 0x1, 0xffffffffffffffc0}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000001c0)='GPL\x00', 0x3, 0xa2, &(0x7f0000000240)=""/162, 0x40f00, 0x40, '\x00', r6, @fallback=0x14, r7, 0x8, &(0x7f0000000380)={0x3, 0x5}, 0x8, 0x10, &(0x7f00000003c0)={0x4, 0x0, 0x73, 0x5}, 0x10, 0x0, r9, 0x3, 0x0, &(0x7f0000000440)=[{0x1, 0x3, 0x2, 0x2}, {0x1, 0x3, 0x8, 0xb}, {0x1, 0x1, 0x9, 0x1}], 0x10, 0x76e3}, 0x94)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

5m20.739985423s ago: executing program 6 (id=3414):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x0, 0x2, 0x0, 0x0, @msi={0x4, 0x1, 0xa, 0x100}}]})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x11, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000004000070102007000f6dbdf25037c00000400c2800c00018008000300", @ANYRES32, @ANYBLOB="040008"], 0x28}, 0x1, 0x0, 0x0, 0x4c090}, 0xc000)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000002c0)={0x0, 0x1})

5m4.593464683s ago: executing program 37 (id=3414):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x0, 0x2, 0x0, 0x0, @msi={0x4, 0x1, 0xa, 0x100}}]})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x11, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000004000070102007000f6dbdf25037c00000400c2800c00018008000300", @ANYRES32, @ANYBLOB="040008"], 0x28}, 0x1, 0x0, 0x0, 0x4c090}, 0xc000)
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000002c0)={0x0, 0x1})

3m58.301514349s ago: executing program 2 (id=3750):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000007cc38af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e00000095"], &(0x7f0000000840)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3m57.790943495s ago: executing program 2 (id=3753):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000000000000000000000001850000002c00000095000000000000004495e980d4ab43a654dbda1289491fde9751ca443daaa97c18e213"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x801, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42004}, [@IFLA_XDP={0x1c, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8, 0x8, r1}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x11}, @IFLA_XDP_FD={0x8, 0x1, r1}]}, @IFLA_GROUP={0x8}]}, 0x44}}, 0x4)
r2 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000000)={'ip_vti0\x00', &(0x7f0000000400)=@ethtool_regs={0x7}})

3m49.40020866s ago: executing program 2 (id=3772):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000007cc38af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e00000095"], &(0x7f0000000840)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3m49.28415901s ago: executing program 2 (id=3773):
syz_usb_connect$sierra_net(0x5, 0x0, 0x0, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x101, 0x0)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x80, 0x0)
write$proc_mixer(r4, &(0x7f0000000200)=ANY=[@ANYBLOB="4441474954414c310a4241535320274344204361707475726520537769746368272030303030303030303030303030303030303030300a494741494e0a07ebbc5599"], 0x3d)
dup3(r5, r4, 0x0)

3m45.658377778s ago: executing program 2 (id=3780):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
getsockopt(0xffffffffffffffff, 0x1, 0x9, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$unix(0x1, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r6=>0x0})
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r7, &(0x7f0000000180), 0x10)
sendmsg$can_bcm(r7, &(0x7f0000000480)={0x0, 0x16, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d7fe68ca7e4d5d5bdbe70000", @ANYRES64=r1, @ANYRES64=0x0, @ANYRES64=r6, @ANYRES64=r5, @ANYBLOB="3bf81bb9e9"], 0x20000600}}, 0x0)
sendmsg$sock(r7, &(0x7f0000001940)={&(0x7f00000002c0)=@sco={0x1f, @none}, 0x80, &(0x7f0000000000), 0x5, &(0x7f00000008c0)=[@timestamping={{0x14}}], 0x18}, 0x0)
ioctl$VIDIOC_S_CROP(r1, 0x4014563c, &(0x7f0000000380)={0x2, {0x8002, 0x7fffffff, 0xfffffffe, 0x10}})
r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r8, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x5)
ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x0, 0x4, 0x0, 0x0, @msi={0x0, 0x8002, 0x2, 0x1}}]})
socket$inet6_sctp(0xa, 0x1, 0x84)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r9, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x480, @dev={0xac, 0x14, 0x14, 0xb}}})
ioctl$sock_inet_SIOCSIFADDR(r9, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffe}})
ioctl$sock_inet_SIOCSIFADDR(r9, 0x8916, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x4e21, @empty}})
ioctl$KVM_IRQ_LINE_STATUS(r8, 0xc008ae67, &(0x7f00000000c0)={0x0, 0x401})

3m41.802924637s ago: executing program 2 (id=3783):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYRES16], 0x0)
r1 = socket$kcm(0x29, 0x2, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000001080)=0xc, 0x4)
r2 = syz_open_procfs(0x0, &(0x7f0000001300)='net/kcm\x00')
read$char_usb(r2, &(0x7f0000000040)=""/4109, 0x100d)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000")
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/vlan/vlan0\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r4, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'})
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000001018610f4205ae06d6c010203010902"], 0x0)
readv(r3, &(0x7f0000000280)=[{&(0x7f00000001c0)=""/17, 0x11}], 0x1)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000100)={0x3, 0x2})
r7 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x1c9c82, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x4, 0x0)
close(0x3)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
ioctl$sock_SIOCGIFBR(r8, 0x8940, &(0x7f0000000140)=@get={0x1, &(0x7f00000000c0)=""/126, 0xeaa})
syz_usb_connect$cdc_ncm(0x1, 0xa9, &(0x7f0000000780)=ANY=[@ANYBLOB="12010003020000602505a1a44000010203010902970002010550050904000001020d00000a2406000183e00a071b052400f2000d240f01070000004a0001000c06241a0400180c241b04000700100ecc670305240101000c241b0900040009f0f9ff02072414ff7f59580c241b010124a100e39f8b0f37fbcbe9060009058103100009080b0904010000020d00000904010102020d00000905820210004b028009050302200005070b"], &(0x7f0000000700)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x110, 0x0, 0x24, 0x8, 0x20, 0xd4}, 0x6c, &(0x7f00000001c0)={0x5, 0xf, 0x6c, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x9b, "9ef1681fa6c0437e9272a5577b4f3a20"}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "082124ab7c0be3cb68e4c8dc6e426327"}, @ssp_cap={0x24, 0x10, 0xa, 0xf7, 0x6, 0x6, 0xf, 0xff5e, [0xff0000, 0xffff30, 0x3f00, 0xf0, 0x7f55e224d3f5e62e, 0xc0]}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "b0eefc4fec0d6bfa062a35aa99b1e1e6"}, @ext_cap={0x7, 0x10, 0x2, 0x16, 0x8, 0xd, 0x200}]}, 0x7, [{0xa0, &(0x7f0000000300)=@string={0xa0, 0x3, "c249f363eced4c1c04590b01de30a075feda2df6c83c039fb0f89479f297bc8584e5a13035043ab591a0ab43b254f1cd0739e2b76c2d9f74bdfde985516ef3e77fcf10041b364fd2fe700b59b05eb6a87049eee32a0f67930cf492a67fadb9da6ad016c9bb3090e57c8b4c49396bfffd41bfaf615322153dea92eb091cd8a133a83ec5ef5d077ecba0e38dc1c17a1bdcfe04c82203835858f8aac568f024"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x420}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x411}}, {0x64, &(0x7f0000000440)=@string={0x64, 0x3, "92f82eff760b80486851eba33c7fe34728df4893bd64389be9a5c9b83f791ec4aaf488aeba6f3eb45779098236d027b6a09155a2404f3a62a94b84b6ca05a1f460b4d8c3e333545fc449e4dd5ecc78fed82fd0832f4b9339c68ffc8fe99230309022"}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0xc07}}, {0xee, &(0x7f0000000500)=@string={0xee, 0x3, "2126bb250ac593fc5cd05d274b2d0378445a7c8561f2280557b9b4d49bcfd5a26fcc77eef6a3fd4fa225a63ed213ea124728baf36572f6f81c6a46a8100cd719f3f8a31ed619d57d8a1a7d1ca10dc522c6a5b505c7bd0ea97393c644a706dd0a7148ffbb6869cbaf04abc85373699388cf45619db0c67ff31962096f592c13a7060592aa3c1b997065e85360348e9288c0ff3fd9271069599c22c1b86eec9605257bad50126ae9db8d45a47d7ccc730a59aa0bec9a4bb50623f2271d93f7be70a54d1813c14efe866e784ecc0cac688b815ad7ced5ec78a5b4b84715ff8cc595a3c51a4749ae19188634839b"}}, {0xc2, &(0x7f0000000600)=@string={0xc2, 0x3, "b447047ae0b4cfbb196e6b6a9d8d0ccc65278ff81e5ee6150844383b1543436908af32469e4afe4f0042850b2082923c1ac97d288813b4edae1ad87538bf587c944eabec3e4fe7063a7a5e1a0a597c516f2a7d3d59d6e3e668864a011b0db54a946da2f804109db98dba2e143686b7ba832a39ea68ed43adad4857e5524a905e621506f44a2138dda42085515cefe5f6c22ce16cc0cb9a2a683407e06485c406bcad03f42afec480cc7b6055c63411367ad9a9aa3eda24892d073e43bb36d071"}}]})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

3m25.543625762s ago: executing program 38 (id=3783):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYRES16], 0x0)
r1 = socket$kcm(0x29, 0x2, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000001080)=0xc, 0x4)
r2 = syz_open_procfs(0x0, &(0x7f0000001300)='net/kcm\x00')
read$char_usb(r2, &(0x7f0000000040)=""/4109, 0x100d)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000")
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='net/vlan/vlan0\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r4, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'})
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000001018610f4205ae06d6c010203010902"], 0x0)
readv(r3, &(0x7f0000000280)=[{&(0x7f00000001c0)=""/17, 0x11}], 0x1)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000100)={0x3, 0x2})
r7 = openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x1c9c82, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x4, 0x0)
close(0x3)
r8 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r8, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
ioctl$sock_SIOCGIFBR(r8, 0x8940, &(0x7f0000000140)=@get={0x1, &(0x7f00000000c0)=""/126, 0xeaa})
syz_usb_connect$cdc_ncm(0x1, 0xa9, &(0x7f0000000780)=ANY=[@ANYBLOB="12010003020000602505a1a44000010203010902970002010550050904000001020d00000a2406000183e00a071b052400f2000d240f01070000004a0001000c06241a0400180c241b04000700100ecc670305240101000c241b0900040009f0f9ff02072414ff7f59580c241b010124a100e39f8b0f37fbcbe9060009058103100009080b0904010000020d00000904010102020d00000905820210004b028009050302200005070b"], &(0x7f0000000700)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x110, 0x0, 0x24, 0x8, 0x20, 0xd4}, 0x6c, &(0x7f00000001c0)={0x5, 0xf, 0x6c, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x9b, "9ef1681fa6c0437e9272a5577b4f3a20"}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "082124ab7c0be3cb68e4c8dc6e426327"}, @ssp_cap={0x24, 0x10, 0xa, 0xf7, 0x6, 0x6, 0xf, 0xff5e, [0xff0000, 0xffff30, 0x3f00, 0xf0, 0x7f55e224d3f5e62e, 0xc0]}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "b0eefc4fec0d6bfa062a35aa99b1e1e6"}, @ext_cap={0x7, 0x10, 0x2, 0x16, 0x8, 0xd, 0x200}]}, 0x7, [{0xa0, &(0x7f0000000300)=@string={0xa0, 0x3, "c249f363eced4c1c04590b01de30a075feda2df6c83c039fb0f89479f297bc8584e5a13035043ab591a0ab43b254f1cd0739e2b76c2d9f74bdfde985516ef3e77fcf10041b364fd2fe700b59b05eb6a87049eee32a0f67930cf492a67fadb9da6ad016c9bb3090e57c8b4c49396bfffd41bfaf615322153dea92eb091cd8a133a83ec5ef5d077ecba0e38dc1c17a1bdcfe04c82203835858f8aac568f024"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x420}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x411}}, {0x64, &(0x7f0000000440)=@string={0x64, 0x3, "92f82eff760b80486851eba33c7fe34728df4893bd64389be9a5c9b83f791ec4aaf488aeba6f3eb45779098236d027b6a09155a2404f3a62a94b84b6ca05a1f460b4d8c3e333545fc449e4dd5ecc78fed82fd0832f4b9339c68ffc8fe99230309022"}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0xc07}}, {0xee, &(0x7f0000000500)=@string={0xee, 0x3, "2126bb250ac593fc5cd05d274b2d0378445a7c8561f2280557b9b4d49bcfd5a26fcc77eef6a3fd4fa225a63ed213ea124728baf36572f6f81c6a46a8100cd719f3f8a31ed619d57d8a1a7d1ca10dc522c6a5b505c7bd0ea97393c644a706dd0a7148ffbb6869cbaf04abc85373699388cf45619db0c67ff31962096f592c13a7060592aa3c1b997065e85360348e9288c0ff3fd9271069599c22c1b86eec9605257bad50126ae9db8d45a47d7ccc730a59aa0bec9a4bb50623f2271d93f7be70a54d1813c14efe866e784ecc0cac688b815ad7ced5ec78a5b4b84715ff8cc595a3c51a4749ae19188634839b"}}, {0xc2, &(0x7f0000000600)=@string={0xc2, 0x3, "b447047ae0b4cfbb196e6b6a9d8d0ccc65278ff81e5ee6150844383b1543436908af32469e4afe4f0042850b2082923c1ac97d288813b4edae1ad87538bf587c944eabec3e4fe7063a7a5e1a0a597c516f2a7d3d59d6e3e668864a011b0db54a946da2f804109db98dba2e143686b7ba832a39ea68ed43adad4857e5524a905e621506f44a2138dda42085515cefe5f6c22ce16cc0cb9a2a683407e06485c406bcad03f42afec480cc7b6055c63411367ad9a9aa3eda24892d073e43bb36d071"}}]})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

3m16.766673851s ago: executing program 8 (id=3822):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001c80)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244ce7ebfc75b5b0f4e4309ebcdac5f7a860c000c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05af3a60d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba949609d40b47ec331ccba3ce8f530ffff19a6471bf5abc742d9cbcfb964b13831034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c23595bf88f78f00000000008f02712c3d8fc4e2b4507ec874eb2b630000d4f4e91f0000002c33df871a8e782339bc424d1bafe5725c8a404724f8a4f1cda7997b65954f74097579b91da309b887af2c85c2d9ab09b506000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb78183e7e68de9dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200400000004000cbefd9a6bb70f60eb9c01dd2fc79a957c84f2369dcd548b3d360c4b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f04ff00009de2323f927355408f573c4797d3fa9709495a3b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e75fa39643adac1322c87ca253ff27b1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2df636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e2076234e8000000000000009f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de85573d12986d6d74e71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d55185ab18f1045384501adabb20f7b0e15ff07f1744e2341b59034959a1289ba6e243668e671d305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aafc91fbb4c256409e54daefbb107c381fa729ff5f3907ac5a33b444bb769b7730f5e129438a5214f722096d2986334c25e454474f92e65828b018174a9f4738b8c71fbdead06ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf1cf84393e549fb06a2e609768222f6b9d6ed1dd38e6131ba0a3723b0a4262b7023c22039b9002589a379ed4c6267965af78b861bd335312538cec97966b8973d4e299d9802264d06e40ae118e0d242d1128dcedeb44030df12ef68ffce8d141e8960ef790fb0078215d65856eb55db8cbcb060000000d988374e45451a694ffe38a1d03912b31c98d42e1a1bda1290de1a499a5d6849914c1787cc341fff44fec5c1c439a0f79427a19bd7fa51d1b0311e074e81aff993b5b3459553ecece78d4c1541c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a7d72fcdb0a11993d54d97a23754ac838674dbb93c0ad345715be4a13678b01edf76d8a9236558fea2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f532639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483be1920efcb413798c2b636243e0a37262ca47dfeefa1ce69b4475d7d714ba0c636e6ae9f710411d30ef424aea00e057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8edc19ebc1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f811f7a793a70d2d6d7bfbb90d220acc687931b42d6bc83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02831b315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342f9c009adb5b2251461a1b24bb68f486e172932ecb204b4d807536a75942e1b9d6dc28ab8e19e1111dd893e8d5bc5642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841020a645d1cc9ec4eee79c290fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240ea3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f14e4055f05558ab31f339f6a4caf2ee2fd01f34dca330000000000000000000000000000000000000000000000000000000000000000000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e938e0d5fa16650f2b6ebb4b40a992a75d3c5954d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd6f7fd7f8898c70b5c65f2e28f22e98389557affbd25e185ef66a4a1ee73b2084681f880a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3940600de34de2001c8533a3766e6e4c496957908b0a12814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829504ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca15981090ded672f5af8a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd31091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a474bd163d4eda93fc49571c36b1793db8f7e6aed12a305366599f5f029a7b24558c020293ef472f00000000000000007cfbd7cc03bbfb8c698ecc137d96711100e01031aa74fad86b99eebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd004be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a773c6437be8e70ce7123603eed32ec718ca5ffc3bbc8d1ebceec1c6df2703ee93fe6055c2b27974801f2041125b7cfca18e8cc863bf2702d2df259cd0aa7a319b1f8e5ef346deaf0cadbac2f31ba418e7ba0c1cc416f549ab6464db7fc19d9c7509d601620fd8b8daf233f0e631232dd6672dd60d8c507ba9245394ad28665545132c03646e2827793621a58f92f1a7ea0a4a392e3189a4ec2232b3b4d3248e9000000985d9c2231dbea34fe5d05f0a9734983583f95a3249df4d70b7e9102d7e8f992e251ac99419c927defe7d93355f90a44ce9b82ec1c0f2c4b03fc4eb0aecaf5adc42a7198d947945adc7e3dcb9b7e7ad7b9df59278be0035f50ec344da371c2d2ec853c62e8b060eda68bf9535a7c283637eca1b985ab5fdf8305e61c0d24c0ad6f58831cf4fccf0eb589be3a14f1c0f985c68be4ec5705e86a8892484f12be24bce2dbbb6c856a52e507283f478146565217eae82589780ac8d53a887a7a43b61bc2e23affe9aad55333455fedbcbb25b2d88b2ecef26744949cd98020fe6324851d098b44ed50f0e033fd0f299e65c932e7871500f900fde1f19087d2170683b0e88cba46beb7e08aec85110bb0bb56efb7fa2fa43a69071fd32fade9000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{}, 0x0, &(0x7f00000002c0)=r0}, 0x20)
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0x2, 0x0)
r4 = syz_io_uring_setup(0x2750, 0x0, 0x0, &(0x7f0000000080)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, 0x0)
io_uring_enter(r4, 0xa3d, 0x4, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r6 = syz_open_dev$usbfs(0x0, 0x205, 0x8401)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x200002, 0x0)
fcntl$setlease(r7, 0x403, 0x0)
syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
r8 = fcntl$dupfd(r6, 0x406, r6)
ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, &(0x7f0000000300)=@urb_type_iso={0x0, {0x1}, 0xe76, 0x82, &(0x7f0000000240), 0x0, 0x200, 0x9, 0x2b, 0x77, 0x1, 0x0, [{0x55ac, 0x4, 0x3}, {0x401, 0xc1b1, 0x3}, {0x7, 0xf, 0xfffffff4}, {0x6, 0x6000, 0xff}, {0x4, 0x3, 0x4}, {0x1ff, 0x77d, 0x2}, {0x40, 0x3, 0x9}, {0x441b, 0x3557, 0x6}, {0x4, 0x7a59746b, 0x10}, {0x2, 0x9, 0x4}, {0x3ae5, 0x9ca, 0x7a16}, {0xffff, 0x800, 0x8}, {0x7, 0x9, 0x3}, {0x9, 0x5, 0x10000}, {0x9, 0x1, 0x78f9}, {0x51, 0x3, 0x2}, {0x6, 0x4}, {0x6, 0x3, 0x9}, {0x8, 0xffff8001, 0x80000001}, {0x9, 0x9, 0x2}, {0xe, 0x4, 0x5}, {0xc922, 0x1, 0xaab7}, {0x2, 0x8, 0x8}, {0x8001, 0x9, 0x10001}, {0xcc, 0x7, 0x10}, {0x7fff, 0x100, 0x7fffffff}, {0x1ff, 0x5, 0x7fffffff}, {0x80000001, 0xfffffffc, 0x101}, {0xa, 0xb, 0x5}, {0xa, 0x2, 0xde}, {0x200, 0x5, 0x5}, {0x9, 0x9, 0x80}, {0x0, 0x2, 0x8}, {0x6, 0x4, 0xffff0000}, {0x5, 0x4, 0x354}, {0x9, 0xee4, 0x4}, {0x1, 0x8, 0xecf5}, {0x5, 0xa, 0xfffffffb}, {0x7fffffff, 0x7, 0x5}, {0x1, 0xddd, 0x6}, {0x2, 0xfffffffb, 0x5}, {0x3e11, 0xe8, 0x5}, {0xfffffffc, 0x8, 0x3}]})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x20e, 0x0, 0x0, 0x0, 0x0, 0x31, 0x6000000000000000}, 0x50)

3m15.564289283s ago: executing program 8 (id=3824):
r0 = syz_open_dev$video(&(0x7f0000000180), 0xc406, 0x800)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, &(0x7f0000000000)={0x0, 0x5, 0x2007})
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000040)={0x0, 0xfffff2ab, 0x3, {0xa, @sdr={0x51424752, 0x6}}, 0x20010000})

3m15.352086485s ago: executing program 8 (id=3825):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0x5, &(0x7f0000002500)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000ffffffd40700002000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2681d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e6e83d15645aa818d92b21aa6459512f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa8666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e517232586872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000600001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736dd19363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419dfc75c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a0ea49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2ddf267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed186a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d36df524b760ab92efcce7dd1574a0730a9e015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbe4fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c63fb9450dd03985d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921bd4d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a980010000fdf278218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9d3696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f21d9d5bc27d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c30600a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86da86b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3d70001500e34ad2e1b2e64af4e37211b524e20f4ae1ba89a32bad2af9030f8add5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e90eb1fffffffffffffcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c2615318bf813e788c84409dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f11b615c87c441dc970ec896a5af6bf69b50a244bc138a1cae3d220bcff6bcb3058c6e0d1cc0da889710f33f5638f805ce602365492282863cc8092b16656dea03cd50182aabbac78a14506dcbf823bec4a5dad14c4d7353b6a55c28321647df3a85bf9fca4e18aeaf4867e6a3dbdd7a5dbe1a52bddae83fc368404a032b75649cf74d7af8e9e3e43fad643ad3e8575a2bb0507531eac5e10b631575f1360803c8f556e07f292ab66b9bcea0c2f09db289a5934a4f2f5fe5cfc52b270a4a5fa2a8de62dcaf7ef52f1fd84c55e6a0c5a365a3b4e73c4ac6fc26367f3f6c07b06a0874c039622ba2bd369b105f57099f742a000a36c2f044a5de24604f82a1f197d9a70b5a62f794f57ec02df70d459fedd6125ae41479a2661360a79e175f0add2820018d5985183ee80f681403a7d08e0e2b88d0750c90b7ed5fed6f81ce797f3b60445ce811d2b4e45005a5ea06c1fe927af06433cd3885dc954e698a7a73416c73bfab7773a6e5e14338797ce9148cda4c0bf05fb67915aeb3661e755e4e1a0ceedfe8e91ee5361ff4c7c07b422e1443a6616b6eb3c325d5687644a4c0a1d44d9dfd82896f56bdfa0790406984c123e1d37da4a9a9444485e9b1e3b6b548528989d2aecc1e7b6ee92ca19298801105ced8964e000000000000000000000000000000000000000000000000000000000003d1c031ee2fc25c7ad34283187545b1343f7ab862e66cf5bf4ba4dbf5fda31619c05ddb97199ad4d01471e9b3c7f485b1e74d0ed34201915e79d5ed229f0773ab6b38529c45b10d0796e005b6d663b942320339b9fe1d4e393b4bcb596898cde06955a345db3cb956b0e5da1c1dba7046f4d12fc65085302f333516804d9f"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0xf, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x4)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
writev(r3, &(0x7f00000009c0)=[{&(0x7f0000000400)="1e8fcce8f00c20c3713b0c220663c3b66bb174e7d57d1fe72dbb0d27d9cbe1ec30047462375528c2c005a0ccd366c1ab0b8e5e0d788c178dbbdea330a90fa9e7c51a1aaf175a9d59559f29c09ff5e337e791be17c1ef703647852fe9e1b3ab3e6cd1c3b84b92c9822e232e0052c33bec0c49ee12b56b36e6c5be956e7791334289cd58966289930fe24f617b6c", 0x8d}, {&(0x7f0000000640)="146d7d1fe23f2a38218e567b79d540f9855f11c272611653b571eaa7f1ae51d8da60a58cf2d3edc698914eaa6fb32bf9bab8b33a", 0x34}], 0x2)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0)
ioctl$sock_ifreq(r2, 0x8931, &(0x7f00000000c0)={'ip6gre0\x00', @ifru_names='veth0_to_batadv\x00'})
ioctl$VIDIOC_S_FBUF(r1, 0x402c560b, &(0x7f0000000100)={0x22, 0x50, 0x0, {0x5, 0x8000, 0x3631564e, 0x4, 0x20000000, 0x0, 0x0, 0x7cf7}})
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x84, &(0x7f00000000c0)={0x0, @in={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, &(0x7f0000000040)=0x90)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
syz_emit_ethernet(0x96, &(0x7f0000000280)={@local, @empty, @void, {@ipv6={0x86dd, @generic={0xe, 0x6, "983233", 0x60, 0x0, 0x1, @dev={0xfe, 0x80, '\x00', 0x1e}, @private2={0xfc, 0x2, '\x00', 0x1}, {[@hopopts={0x2b, 0xa, '\x00', [@ra={0x5, 0x2, 0x2}, @generic={0x1, 0x49, "fa80f16734353fd7a3dc1406d78bff3db47b6766530cfe422b483319cf32423c4f18795ef85d1868373c0cf330ea42419a2926ac473e446dddcc553c2e180775274390a6c832d7b992"}, @pad1]}]}}}}}, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000040), 0x100000001, 0x20f00)
ioctl$BLKIOOPT(r6, 0x1279, &(0x7f0000000080))
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000200)=ANY=[@ANYBLOB="d595280e8c079c0447c142ab7400a0430a280152eb57d4361dc19eda178f05c843d146e38f64365467e57f886fa49779199970d53037a0bf44684e18d099cc510ac580f9770a8e66795641bba329ca1e8665544697b336b441c4c897826d1be1df2baae1a762e299103baf04c074508c4418d1ccd00d0117a54a10b01fb663d26fdeb6ebbc795fa5703666cce99af2fde16c2edb9ce088a897d2aa1c52f110df77535846745af989270abb45b823887facc62a8b60946cb993c4", @ANYRES16=r5, @ANYBLOB="070600000000000000002d0000000c00050000000000000000000a0001007770616e30000000e5fd2f000500000005002e001900000005002b000200000033002f0010000000"], 0x44}, 0x1, 0x0, 0x0, 0x4000001}, 0x40000)

3m14.413452008s ago: executing program 8 (id=3830):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
socket$packet(0x11, 0x2, 0x300)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
write$tun(r1, &(0x7f0000004b80)={@val={0xa}, @void, @eth={@multicast, @remote, @void, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00 \x00', 0x64, 0x11, 0xff, @empty, @mcast2, {[], {0x4f19, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x4, 0xea, "954819110bcf22796f6cb28be9a1224c000be94660dd39d2cb40f22ff59e284c", "9432ca693246dd965f2232f1884e12b4", {"984b5769ec3117e138db720f57b59775", "08cb0087a738e17dda00000d00"}}}}}}}}}, 0x9e)

3m10.917129133s ago: executing program 8 (id=3834):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000280)={0x1, 0x0, [{0x3, 0x5, 0x0, 0x0, @adapter={0x5, 0x7fffffffffffffff, 0x8000000000000001, 0x80, 0x3}}]})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
r2 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x805, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$kcm(0x29, 0x2, 0x0)
recvmmsg(r3, &(0x7f0000000940)=[{{0x0, 0x0, 0x0}, 0x6}], 0x31680, 0x40000000, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYRESDEC=r2, @ANYRES64, @ANYRESDEC=r2, @ANYRESDEC=r2, @ANYRES64=r2, @ANYBLOB="8b63d068207d2a937fd83dad06f6ce2a123952711112580db45c30653cec666cff1aa0a2b1f7759a0c0e43d38c6b50b1ca364fb8d74949ea09bff396564be0f9115d50c74f7f7369cc842fd14c34c1c2d9420bf583e7d2006fbd7a5a7341c71a1991d08daff958918907f448b870d54aafd0a591c5806fa821348bb49cb1c706cb1b192f6bf34423"], &(0x7f0000000180)='GPL\x00', 0x14, 0xde, &(0x7f0000003e40)=""/222, 0x40f00, 0x78}, 0x94)

3m8.911116009s ago: executing program 8 (id=3838):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='pids.current\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x20)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
unshare(0x20000400)
ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = fsopen(&(0x7f0000000080)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
quotactl_fd$Q_SETINFO(0xffffffffffffffff, 0xffffffff80000601, 0x0, &(0x7f0000000300)={0x5, 0x2, 0x1, 0x1})
ioctl$VHOST_GET_FEATURES(0xffffffffffffffff, 0x4008af25, 0x0)
r3 = fsopen(0x0, 0x1)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)

2m52.850016516s ago: executing program 39 (id=3838):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='pids.current\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x20)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
unshare(0x20000400)
ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = fsopen(&(0x7f0000000080)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
quotactl_fd$Q_SETINFO(0xffffffffffffffff, 0xffffffff80000601, 0x0, &(0x7f0000000300)={0x5, 0x2, 0x1, 0x1})
ioctl$VHOST_GET_FEATURES(0xffffffffffffffff, 0x4008af25, 0x0)
r3 = fsopen(0x0, 0x1)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)

24.537471338s ago: executing program 5 (id=4122):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000280)=[@in={0x2, 0x4e24, @private=0xa010100}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r2=>0x0]}, &(0x7f0000000240)=0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x2004c889)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
r6 = getpid()
r7 = syz_pidfd_open(r6, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00')
preadv(r8, 0x0, 0x0, 0x0, 0xfffffffd)
connect$inet6(r8, 0x0, 0x0)
sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, 0x0, 0x4004080)
ioctl$VIDIOC_QBUF(r7, 0xc058ff0b, &(0x7f0000000200)=@mmap={0x1, 0x1, 0x4, 0x10, 0x200, {}, {0x3, 0x8, 0xe, 0x9f, 0x0, 0x7b, "c16599e2"}, 0xabdb, 0x1, {}, 0xbaa})
sendmsg$inet_sctp(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)=[{0x0}, {&(0x7f0000000340)='[', 0x1}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x24, 0x200000b, r2}}], 0x20, 0x2400e044}, 0x0)

22.765069606s ago: executing program 5 (id=4123):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0xc99, 0x4)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000007c0)={0x2, &(0x7f0000000780)=[{0xa4, 0x0, 0x10, 0x7fffffff}, {0x6, 0xc8, 0x2, 0x4}]})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
syz_emit_ethernet(0x34e, &(0x7f0000000100)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00cd04", 0x318, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x5, 0xa, "a78c000005dc8080a2030003004003493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000005000020000026000400"}, {0x2, 0x18, "fe906d26efe39393fe08f73eabc57d7b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e464a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea468000000000054740a5d4901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2bce9ac946a3f0e2bc4000091394c02bcfbbb7d71138537d68e2d2c6393a9f3cc271a9ff09a48b5b303f4f0"}, {0xe, 0x7, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x0, 0xc, "5e14ccb44d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d180600aa89c8f267d76ece1c9f6ae2e1eb3d8bf9c6ab2642c4808298e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c"}]}}}}}}, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f0000000c40)={0x2000000b})
pselect6(0x40, &(0x7f0000000100)={0x0, 0x4000000000000000, 0x0, 0x0, 0x800, 0x1fffffffc, 0x100000}, 0x0, &(0x7f0000000240)={0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_hsr\x00', <r4=>0x0})
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0xa, 0x0, 0x0)
sendto$packet(r0, &(0x7f0000000280)="0b031260feffffff02005400f6", 0xd, 0x0, &(0x7f0000000140)={0x11, 0x86dd, r4}, 0x14)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r8)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x20, r9, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xea}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20040000)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000480)={0x48, r9, 0x200, 0x70bd26, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x34, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010100}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1d}}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)

19.506854613s ago: executing program 5 (id=4128):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000001c0)={0x0, 0x0, 0x80800, 0x0, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000200)={0x20000000, 0x2, 0x100000001})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x802, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x2, 0x4, 0x0, 0x0, 0x2, 0x0, 0x70bd29}, 0x10}}, 0x0)
setsockopt$inet6_opts(r5, 0x29, 0x37, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x32, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "d57e190d001e6e1d16c1711bbd8adbf65bd846957b378a02340c68117aa1b390", "b0b4e2d8157cddfb9792c8e37bafb99e319950347e93f4d34870ee24c0ea06d56270e45c8d3e7d708161ba81dd33c54b", "01acae6f69ea1443db8d53af54944d4894a87f20c65bfb8e0c8cfb67", {"38f5e54b3dc7c070b4d66f0f9565df74", "d2653a13d554fee0e7be27c873db314d"}}}}}}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r8, 0xc0106407, &(0x7f00000000c0)={0x1, 0x6, 0x81, 0xfffffffb})

16.962355863s ago: executing program 5 (id=4130):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x68, 0x2c, 0xe27, 0xfffffff9, 0x0, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {}, {0x5, 0xa}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x3f}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x68}}, 0x20040054) (fail_nth: 2)

15.603737488s ago: executing program 5 (id=4133):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x44}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
r2 = dup(r0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x111, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f0000000200)={0x4, 0xffffffffffffffbb, 0xfa00, {0xffffffffffffffff, 0x200004}}, 0x10)

12.212199008s ago: executing program 1 (id=4139):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000ac0)={0x0, {{0xa, 0x0, 0x400100, @mcast1={0xff, 0x7}, 0x400000}}, {{0xa, 0x4e22, 0x0, @remote}}}, 0x108)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000100)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36)

10.781895038s ago: executing program 9 (id=4141):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x11, 0x4, 0x4, 0x2}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x15, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) (fail_nth: 2)

10.608876538s ago: executing program 7 (id=4142):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000240), 0x2)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x454500, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = msgget$private(0x0, 0x193)
msgsnd(r5, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x183000, 0x0)
ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000002c0))
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r6=>0xffffffffffffffff, {0xe1, 0x7}}, './file0\x00'})
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x20})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_RULE_USERDATA={0x4}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x5}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0xc000}}], {0x14}}, 0xc4}, 0x1, 0x0, 0x0, 0x20000010}, 0x0)
r8 = syz_open_dev$cec(&(0x7f0000000200), 0xffffffffffffffff, 0x4ae60)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000080)=""/167)
ioctl$CEC_ADAP_S_LOG_ADDRS(r8, 0xc05c6104, &(0x7f0000000000)={'\x00\f\x00', 0x0, 0x5, 0x0, 0x3ff, 0x9, "00000000020000000000002100", "89402001", "0600", "00000004", ["fdffffff84a438dfc5d5c410", "d78cb8b0211a83a012ff0bff", "0000efffff0400", "00000000000400"]})

10.516545993s ago: executing program 1 (id=4143):
r0 = syz_usb_connect$sierra_net(0x5, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
socket$inet(0x2, 0x5, 0x0)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x101, 0x0)
r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x80, 0x0)
dup3(r6, r5, 0x0)

10.233132373s ago: executing program 9 (id=4144):
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000001400), 0x101)
r1 = epoll_create(0xff9)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x2}) (fail_nth: 2)

9.467889072s ago: executing program 4 (id=4145):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000009240)={{{@in6=@private1, @in6=@remote, 0x4e24, 0x9, 0x4e22, 0xb, 0x2, 0xa0, 0x80, 0x29}, {0x0, 0x100003, 0x7, 0x6, 0x10000, 0x60000000, 0xe04d, 0x2}, {0x6, 0x1, 0x9}, 0x3ff, 0x6e6bb2, 0x2, 0x0, 0x1, 0x2}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d5, 0x33}, 0xd, @in=@local, 0x3505, 0x0, 0x1, 0xff, 0x1, 0x8, 0x10001}}, 0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r3, 0x1, &(0x7f0000000180)=0x3)
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r6 = socket(0x10, 0x800000000080002, 0x9)
setsockopt$sock_attach_bpf(r6, 0x1, 0x34, &(0x7f00000000c0), 0x4)
r7 = socket$inet6(0xa, 0x3, 0x26)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@mcast1, @in=@private=0xa010101, 0x4e20, 0x0, 0x4e22, 0x0, 0xa, 0x0, 0x20}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0xfffffffffffffffc, 0x1}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x1}, {{@in6=@rand_addr=' \x01\x00', 0x800, 0x33}, 0xa, @in=@multicast1, 0x3506, 0x4, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8)
r8 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
r9 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
r10 = dup3(r8, r9, 0x0)
ioctl$MON_IOCX_MFETCH(r10, 0xc0109207, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000600)=0x9, 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x43}}], 0x10)
listen(r0, 0x7)

9.256516043s ago: executing program 7 (id=4146):
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)

9.095796908s ago: executing program 7 (id=4147):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000000)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120410007f"], 0x48)
ioctl$PPPIOCSDEBUG(r1, 0x40047440, 0x0)
pipe2$9p(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r6=>0x0})
r7 = syz_open_procfs(0x0, &(0x7f0000000380)='map_files\x00')
getdents64(r7, &(0x7f00000001c0)=""/151, 0x18)
getdents(r7, &(0x7f0000000000)=""/163, 0xa3)
getsockopt$CAN_RAW_JOIN_FILTERS(r7, 0x65, 0x6, &(0x7f0000000440), &(0x7f0000000480)=0x4)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a00)={0x30, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_TX_RATES={0x4}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x1, 0x4}]}]}]}]}, 0x30}}, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x20420)
r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='oom_adj\x00')
write$binfmt_format(r9, &(0x7f0000000040)='0\x00', 0x2)
write$sndseq(r8, &(0x7f00000002c0)=[{0x2, 0x5, 0x2, 0x2, @tick=0x4, {0x9, 0xfe}, {0x9, 0x5}, @note={0x6, 0x13, 0x7, 0x3, 0x401}}, {0x5, 0x1, 0x0, 0x2, @tick=0x92, {0x4, 0x3}, {0x6a, 0x9}, @ext={0xd4, &(0x7f0000000140)="4a5cb8404fc216ea723e1ded10d5d0c3310c06fd8e9ae981df71b2b9d3fa9c1daef87cd9f011424c8493289a657a0ef67d624d8bdcb4c4849b9f3266978c0283ca8f2c0f58d1e61521c83626e58c0ebb154dae9f221144c23d32e0492a91e327fe742df1f54344f13f9f9fe0075c5c43f94a28073a930afa11ddef653739a790a5672a6b09ec85d24a0af05ff451a5e27ee04822dc5e74ad3ef66caef6e2e0abe9bc17a39c260693e1e9601d2f612e9c5242fcabb91a9e25c2115ad7b46f0d3637799e74631893fa11b1389808cb22989359be27"}}, {0x8, 0xc5, 0x2, 0x8, @time={0x5, 0x1000}, {0xb0, 0xc}, {0x6, 0x9}, @control={0xa, 0x5, 0x1}}, {0x5, 0x1, 0x7, 0x2, @tick=0x5, {0x9, 0x3}, {0xf, 0x7}, @raw32={[0x4, 0xfffffffe, 0x6]}}, {0x36, 0x6, 0x4, 0x7, @tick=0x1ff, {0x3, 0x3}, {0x2, 0xc}, @result={0x0, 0x9}}, {0x2, 0xf7, 0x2, 0x6, @time={0x5, 0xd}, {0x8, 0x49}, {0x0, 0x80}, @time=@tick=0xa00}], 0xa8)
r10 = socket$kcm(0x29, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000540)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1})
r11 = dup(r3)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x2c)
ioctl$KVM_IRQ_LINE_STATUS(r12, 0xc008ae67, &(0x7f0000000380)={0xff, 0x100})
close_range(r2, 0xffffffffffffffff, 0x2)
syncfs(r11)
getsockname$packet(r11, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r11, &(0x7f0000009b40)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYRES32=r10], 0x78}, 0x1, 0x0, 0x0, 0x4000001}, 0xc040)

7.788915819s ago: executing program 4 (id=4148):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000d00), r0)
sendmsg$NFC_CMD_DEP_LINK_UP(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000dc0)={0x24, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_COMM_MODE={0x5, 0xa, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x800)

7.684521447s ago: executing program 9 (id=4149):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000001c0)={0x0, 0x0, 0x80800, 0x0, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000200)={0x20000000, 0x2, 0x100000001})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x802, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x2, 0x4, 0x0, 0x0, 0x2, 0x0, 0x70bd29}, 0x10}}, 0x0)
connect$inet6(r5, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x32, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "d57e190d001e6e1d16c1711bbd8adbf65bd846957b378a02340c68117aa1b390", "b0b4e2d8157cddfb9792c8e37bafb99e319950347e93f4d34870ee24c0ea06d56270e45c8d3e7d708161ba81dd33c54b", "01acae6f69ea1443db8d53af54944d4894a87f20c65bfb8e0c8cfb67", {"38f5e54b3dc7c070b4d66f0f9565df74", "d2653a13d554fee0e7be27c873db314d"}}}}}}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r8, 0xc0106407, &(0x7f00000000c0)={0x1, 0x6, 0x81, 0xfffffffb})

7.594629793s ago: executing program 4 (id=4150):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000040)=@x86={0x6, 0x0, 0x8, 0x0, 0x4, 0x8, 0x6, 0xb, 0x83, 0xe, 0x5, 0xa, 0x0, 0x101, 0x29, 0x0, 0x0, 0x0, 0x3, '\x00', 0xff, 0x100000d})

6.519700317s ago: executing program 7 (id=4151):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0xc99, 0x4)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000007c0)={0x2, &(0x7f0000000780)=[{0xa4, 0x0, 0x10, 0x7fffffff}, {0x6, 0xc8, 0x2, 0x4}]})
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
syz_emit_ethernet(0x34e, &(0x7f0000000100)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00cd04", 0x318, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x5, 0xa, "a78c000005dc8080a2030003004003493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000005000020000026000400"}, {0x2, 0x18, "fe906d26efe39393fe08f73eabc57d7b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e464a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea468000000000054740a5d4901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2bce9ac946a3f0e2bc4000091394c02bcfbbb7d71138537d68e2d2c6393a9f3cc271a9ff09a48b5b303f4f0"}, {0xe, 0x7, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x0, 0xc, "5e14ccb44d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d180600aa89c8f267d76ece1c9f6ae2e1eb3d8bf9c6ab2642c4808298e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c"}]}}}}}}, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f0000000c40)={0x2000000b})
pselect6(0x40, &(0x7f0000000100)={0x0, 0x4000000000000000, 0x0, 0x0, 0x800, 0x1fffffffc, 0x100000}, 0x0, &(0x7f0000000240)={0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_hsr\x00', <r4=>0x0})
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0xa, 0x0, 0x0)
sendto$packet(r0, &(0x7f0000000280)="0b031260feffffff02005400f6", 0xd, 0x0, &(0x7f0000000140)={0x11, 0x86dd, r4}, 0x14)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r9)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x20, r10, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xea}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20040000)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000480)={0x48, r10, 0x200, 0x70bd26, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x34, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010100}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1d}}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)

6.410374486s ago: executing program 9 (id=4152):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x20008b}, 0x0)
clock_settime(0xfffffffb, &(0x7f0000000140)={0x77359400})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000900), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000440)={0x44, r1, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'nicvf0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x1, 0x0}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}]}, 0x44}, 0x1, 0x0, 0x0, 0x4062}, 0x0)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vga_arbiter(r2, &(0x7f0000000080)=@target={'target ', {'PCI:', '0', ':', '8', ':', '9', '.', '15'}}, 0x14)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2412000001002000008c20000800034000"], 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="1c000000010401010000000000000000010004000500010001"], 0x1c}, 0x1, 0x0, 0x0, 0x60000081}, 0x800)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000e80)=ANY=[@ANYBLOB="28000000010401"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x400c000)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000080)='ntfs3\x00', 0x200000, 0x0)

5.694765505s ago: executing program 4 (id=4153):
socket$caif_seqpacket(0x25, 0x5, 0x1)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000180)={0x23800000, &(0x7f0000000040)=<r0=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, 0x0)
io_submit(0x0, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r0, 0x0}])

5.647979666s ago: executing program 1 (id=4154):
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000000)={0x80000000, 0x0, '\x00', {0x0, @bt={0xb, 0x80000001, 0x0, 0x1, 0x8001, 0x99, 0x400, 0x9, 0x7, 0x4, 0x400, 0x2, 0x8, 0x5, 0x4, 0x1, {0xfffff801}, 0x5, 0x7}}}) (async)
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000000)={0x80000000, 0x0, '\x00', {0x0, @bt={0xb, 0x80000001, 0x0, 0x1, 0x8001, 0x99, 0x400, 0x9, 0x7, 0x4, 0x400, 0x2, 0x8, 0x5, 0x4, 0x1, {0xfffff801}, 0x5, 0x7}}})
getpid() (async)
r1 = getpid()
ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f00000000c0)={0xfffffff7, 0x48524742, 0x1, @stepwise={0x10, 0x81, 0xfffffff9, 0xb, 0x6, 0xd}})
capset(&(0x7f0000000100)={0x19980330, r1}, &(0x7f0000000140)={0x9, 0x5, 0x4, 0x2, 0x5, 0x5})
ptrace$ARCH_SET_CPUID(0x1e, r1, 0x0, 0x1012) (async)
ptrace$ARCH_SET_CPUID(0x1e, r1, 0x0, 0x1012)
syz_open_dev$sndctrl(&(0x7f0000000180), 0x378, 0x0) (async)
r2 = syz_open_dev$sndctrl(&(0x7f0000000180), 0x378, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000200)={{0x6, 0x6, 0x8d2f, 0x3, 'syz1\x00'}, 0x6, 0x20, 0x9, r1, 0x6, 0x0, 'syz1\x00', &(0x7f00000001c0)=['\x00', '\x00', '\x00', '$,\x00', '\x00', '*\xff@\'(\'\x00'], 0xe}) (async)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000200)={{0x6, 0x6, 0x8d2f, 0x3, 'syz1\x00'}, 0x6, 0x20, 0x9, r1, 0x6, 0x0, 'syz1\x00', &(0x7f00000001c0)=['\x00', '\x00', '\x00', '$,\x00', '\x00', '*\xff@\'(\'\x00'], 0xe})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0xb4, 0x0, &(0x7f00000004c0)=[@exit_looper, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000340)={@fd={0x66642a85, 0x0, r2}, @fda={0x66646185, 0x1, 0x2, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000003c0)={0x0, 0x18, 0x38}}}, @exit_looper, @acquire, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000400)={@flat=@weak_handle={0x77682a85, 0x1100, 0x1}, @flat=@weak_binder={0x77622a85, 0x1101, 0x2}, @fda={0x66646185, 0xa, 0x0, 0x3d}}, &(0x7f0000000480)={0x0, 0x18, 0x30}}, 0x40}, @increfs={0x40046304, 0x2}, @decrefs, @enter_looper], 0xb6, 0x0, &(0x7f0000000580)="e6628154ed84d646546e7a1078ec5d90684ab90d4f82a38cf38e1fe4fd73f5d9ffd41d7a21ba80028cfb04447f10f7993bf40342fbd28b24880b12444c43598a539accb054ce1568a1db9ff60b50198aa0b642336b41c2f0ce14e5784a7941c83ec03f2b9f1a819250eec9ebf730b29db5014fa48af5331b1e9c041640ab84ca1c95cc6f6e4d6d61042ef6e498eff751b8e83df7b122bf4d371b728af664298000020fac2e8599ed0a45d3fb482a2852e0a4f44a0024"}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0xb4, 0x0, &(0x7f00000004c0)=[@exit_looper, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000340)={@fd={0x66642a85, 0x0, r2}, @fda={0x66646185, 0x1, 0x2, 0x2f}, @fd={0x66642a85, 0x0, r0}}, &(0x7f00000003c0)={0x0, 0x18, 0x38}}}, @exit_looper, @acquire, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000400)={@flat=@weak_handle={0x77682a85, 0x1100, 0x1}, @flat=@weak_binder={0x77622a85, 0x1101, 0x2}, @fda={0x66646185, 0xa, 0x0, 0x3d}}, &(0x7f0000000480)={0x0, 0x18, 0x30}}, 0x40}, @increfs={0x40046304, 0x2}, @decrefs, @enter_looper], 0xb6, 0x0, &(0x7f0000000580)="e6628154ed84d646546e7a1078ec5d90684ab90d4f82a38cf38e1fe4fd73f5d9ffd41d7a21ba80028cfb04447f10f7993bf40342fbd28b24880b12444c43598a539accb054ce1568a1db9ff60b50198aa0b642336b41c2f0ce14e5784a7941c83ec03f2b9f1a819250eec9ebf730b29db5014fa48af5331b1e9c041640ab84ca1c95cc6f6e4d6d61042ef6e498eff751b8e83df7b122bf4d371b728af664298000020fac2e8599ed0a45d3fb482a2852e0a4f44a0024"})
fsetxattr$security_ima(r0, &(0x7f0000000680), &(0x7f00000006c0)=@md5={0x1, "82236ae54707d2b3e50834fe3c8fc9a6"}, 0x11, 0x3)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r2, 0x40049366, &(0x7f0000000700)=0x2)
migrate_pages(r1, 0x9, &(0x7f0000000740)=0xcb, &(0x7f0000000780)=0x8000000000000000)
openat$vmci(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000800)={'erspan0\x00', 0x1})
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r3, 0x10f, 0x88)
ptrace$setopts(0x4200, r1, 0xaaf4, 0x1)
write$sndseq(r0, 0xfffffffffffffffd, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000840)={{0x1, 0x1, 0x18, <r4=>r2, {0x9}}, './file0\x00'})
socket$tipc(0x1e, 0x5, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_FILTER(r5, 0x0, 0x2, &(0x7f0000000880)={0x10000, [0x5, 0x1], 0x6}, 0x10)
recvfrom$rxrpc(r0, &(0x7f00000008c0)=""/184, 0xb8, 0x2, &(0x7f0000000980)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e20, 0x1, @loopback, 0x6}}, 0x24) (async)
recvfrom$rxrpc(r0, &(0x7f00000008c0)=""/184, 0xb8, 0x2, &(0x7f0000000980)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e20, 0x1, @loopback, 0x6}}, 0x24)
mmap(&(0x7f0000ff6000/0x9000)=nil, 0x9000, 0x200000d, 0x810, r2, 0x9afb8000)
epoll_pwait(r0, &(0x7f00000009c0)=[{}, {}, {}], 0x3, 0x1, &(0x7f0000000a00), 0x8)
write$P9_RSETATTR(r0, &(0x7f0000000a40)={0x7, 0x1b, 0x2}, 0x7)
recvfrom$netrom(r4, &(0x7f0000000a80)=""/201, 0xc9, 0x2040, &(0x7f0000000b80)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @bcast]}, 0x48)
bind$can_raw(r0, &(0x7f0000000c00), 0x10) (async)
bind$can_raw(r0, &(0x7f0000000c00), 0x10)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000c40)='./file0\x00', 0x440200, 0x86)
mknodat$loop(r6, &(0x7f0000000c80)='./file0\x00', 0x8, 0x1) (async)
mknodat$loop(r6, &(0x7f0000000c80)='./file0\x00', 0x8, 0x1)

5.432638293s ago: executing program 9 (id=4155):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x1000, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6(0xa, 0x2, 0x1000)
openat$tun(0xffffffffffffff9c, 0x0, 0x214202, 0x0)
write$smackfs_netlabel(0xffffffffffffffff, 0x0, 0x59)
sendto$inet6(r4, 0x0, 0x0, 0x49, &(0x7f0000000240)={0xa, 0x4e24, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$sock_int(r4, 0x1, 0x2f, &(0x7f0000000200), 0x4)
shutdown(r4, 0x0)
recvmmsg(r4, &(0x7f0000008880), 0x45b, 0x44000102, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
accept$alg(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_int(r5, 0x29, 0x17, &(0x7f0000000080)=0x5819, 0x4)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file5\x00', 0x82c0, 0x101)
r7 = fanotify_init(0xf00, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@call={0x85, 0x0, 0x0, 0xce}]}, &(0x7f0000000080)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x42}, 0x94)
fanotify_mark(r7, 0x105, 0x5000003a, r6, 0x0)
fanotify_mark(r7, 0x451, 0x8, r6, 0x0)
close(0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x10, 0xf, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x408b08ae}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)

5.303391641s ago: executing program 1 (id=4156):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000400100004112200a4e2000001"], 0x48)
r1 = syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000280)={0x8, 0x1, 0x2, {0x4, @meta={0xa130d1c, 0x4cdf2b85, 0xd4d7, 0x2894, 0x2481a59b}}, 0x80000000}) (async)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000280)={0x8, 0x1, 0x2, {0x4, @meta={0xa130d1c, 0x4cdf2b85, 0xd4d7, 0x2894, 0x2481a59b}}, 0x80000000})
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, r0}, 0x38)

3.628266348s ago: executing program 4 (id=4157):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace(0x10, r1)
setrlimit(0x40000000000008, &(0x7f0000000000))
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)

3.565697015s ago: executing program 9 (id=4158):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8080c61)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000009240)={{{@in6=@private1, @in6=@remote, 0x4e24, 0x9, 0x4e22, 0xb, 0x2, 0xa0, 0x80, 0x29}, {0x0, 0x100003, 0x7, 0x6, 0x10000, 0x60000000, 0xe04d, 0x2}, {0x6, 0x1, 0x9}, 0x3ff, 0x6e6bb2, 0x2, 0x0, 0x1, 0x2}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4d5, 0x33}, 0xd, @in=@local, 0x3505, 0x0, 0x1, 0xff, 0x1, 0x8, 0x10001}}, 0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r3, 0x1, &(0x7f0000000180)=0x3)
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r6 = socket(0x10, 0x800000000080002, 0x9)
setsockopt$sock_attach_bpf(r6, 0x1, 0x34, &(0x7f00000000c0), 0x4)
r7 = socket$inet6(0xa, 0x3, 0x26)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@mcast1, @in=@private=0xa010101, 0x4e20, 0x0, 0x4e22, 0x0, 0xa, 0x0, 0x20}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x0, 0xfffffffffffffffc, 0x1}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x1}, {{@in6=@rand_addr=' \x01\x00', 0x800, 0x33}, 0xa, @in=@multicast1, 0x3506, 0x4, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8)
r8 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
r9 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
dup3(r8, r9, 0x0)
sendmmsg(r7, &(0x7f0000000480), 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000600)=0x9, 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x43}}], 0x10)
listen(r0, 0x7)

3.498980356s ago: executing program 5 (id=4159):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000040)={0x6a, 0x0, 0x0, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, 0xffffffffffffffff, 0xcc935000)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r3, r3, 0x0, 0x2000fb)
pipe(&(0x7f0000019480)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendto$ax25(r4, &(0x7f0000000140)="781a1ed8635a541ee2e53354e99dac31ad04f02bd1bb769e74f4f06fc8d74f0bb40145d1b3425e8e7c6c14316892be4423bdc112a13edaa80c89e4fdfea5c9a24fdfe8cc19d84ad8fbbf774db5cd69b5aec037225e78a903afe19eddb9fb780b1260b5937f965668d0156df74af296a75faf1bfca7905cb60916e40488281af808ce1f7abd5c32a780483262e5ff3c302349f5c4fc19af7169ea2767ad1174ef9d2d5af17bb90c649468b540b20eef", 0xaf, 0x810, &(0x7f0000000000)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x8}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
r5 = socket$inet6(0xa, 0x0, 0x5)
setsockopt$inet6_int(r5, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4)
bind$inet6(r5, &(0x7f0000f5dfe4)={0xa, 0x4e23, 0x10000000, @rand_addr=' \x01\x00', 0x2}, 0x1c)
connect$unix(r4, 0x0, 0x0)

2.108860814s ago: executing program 4 (id=4160):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SOUND_MIXER_WRITE_VOLUME(r0, 0xc0044d06, &(0x7f00000000c0)=0x39) (fail_nth: 2)

1.464256668s ago: executing program 1 (id=4161):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x60, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x24, 0x11, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_SREG={0x8, 0x7, 0x1, 0x0, 0x15}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x88}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

1.46275633s ago: executing program 7 (id=4162):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000001c0)={0x0, 0x0, 0x80800, 0x0, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000200)={0x20000000, 0x2, 0x100000001})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x802, 0x0)
socket$key(0xf, 0x3, 0x2)
setsockopt$inet6_opts(r5, 0x29, 0x37, 0x0, 0x0)
connect$inet6(r5, &(0x7f0000000240)={0xa, 0x6e23, 0x2, @mcast1, 0x9}, 0x1c)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x32, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "d57e190d001e6e1d16c1711bbd8adbf65bd846957b378a02340c68117aa1b390", "b0b4e2d8157cddfb9792c8e37bafb99e319950347e93f4d34870ee24c0ea06d56270e45c8d3e7d708161ba81dd33c54b", "01acae6f69ea1443db8d53af54944d4894a87f20c65bfb8e0c8cfb67", {"38f5e54b3dc7c070b4d66f0f9565df74", "d2653a13d554fee0e7be27c873db314d"}}}}}}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r7, 0xc0106407, &(0x7f00000000c0)={0x1, 0x6, 0x81, 0xfffffffb})

112.921866ms ago: executing program 1 (id=4163):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = getpid()
kcmp$KCMP_EPOLL_TFD(r2, r1, 0x7, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
bind(r0, &(0x7f0000000240)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x9a}, 0x80)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000060a010400000000000000000200006be2df98150421c87d9182b1b0f8becc001400048001006d617371000000000900010073797a300000000008000b4000000002140000001100010000000000010eb26500000000d5efb6bcf266626d9befd2cb4ca7840276fffccecac61b9fb9626b5d240e7bde30755bfaf9be55ae018a174565f7d16306141f1e9de3bbdeb002359afe01cf543e1cfda209dfac17e15544f5838d17bed5f02980810a148432c4f9778ef969cdb15a8cf6fd45564b512122cda1cbe2aa33a58a916c5f31117fe7df169fa853646641df3069c8438dd9cbd997a12f3aedc7f4c7eae8aaf7414691f7d2075aa4fc000000000000"], 0x64}, 0x1, 0x0, 0x0, 0xc000}, 0x0)

0s ago: executing program 7 (id=4164):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000940)=0x3)
poll(&(0x7f0000001300)=[{r0, 0x8000}], 0x1, 0xff)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000001400), 0x101)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x2, 0x1, &(0x7f0000000040)=""/120, &(0x7f00000002c0)=""/114, &(0x7f0000000340)=""/142, 0x8000000})
r2 = epoll_create(0xff9)
mbind(&(0x7f0000007000/0x4000)=nil, 0x4000, 0x1, &(0x7f0000000240)=0x200000100000001, 0x9, 0x0)
get_mempolicy(0x0, 0x0, 0x9, &(0x7f0000008000/0x1000)=nil, 0x3)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000)={0x2})

kernel console output (not intermixed with test programs):

][T17529] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-105)
[ 1316.006040][T15911] Bluetooth: hci1: unexpected event for opcode 0x0000
[ 1316.159724][T17238] hsr_slave_0: entered promiscuous mode
[ 1316.163362][T17238] hsr_slave_1: entered promiscuous mode
[ 1316.183816][T17238] debugfs: 'hsr0' already exists in 'hsr'
[ 1316.183836][T17238] Cannot create hsr debugfs directory
[ 1316.232179][T17549] netlink: 16 bytes leftover after parsing attributes in process `syz.8.3619'.
[ 1316.392849][T17549] veth0: entered promiscuous mode
[ 1316.591516][T17549] bond0: entered promiscuous mode
[ 1316.592590][T17549] bond_slave_0: entered promiscuous mode
[ 1316.600337][T17549] bond_slave_1: entered promiscuous mode
[ 1316.784115][T10218] hsr_slave_0: left promiscuous mode
[ 1316.806468][T10218] hsr_slave_1: left promiscuous mode
[ 1316.807112][T10218] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1316.807128][T10218] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1316.900114][T10218] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1316.900140][T10218] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1317.143889][T10218] veth1_macvtap: left promiscuous mode
[ 1317.143949][T10218] veth0_macvtap: left promiscuous mode
[ 1317.144077][T10218] veth1_vlan: left promiscuous mode
[ 1317.144177][T10218] veth0_vlan: left promiscuous mode
[ 1321.476937][   T37] kauditd_printk_skb: 25 callbacks suppressed
[ 1321.476957][   T37] audit: type=1326 audit(1771132630.949:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17574 comm="syz.5.3630" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3e1d31bf79 code=0x0
[ 1324.379211][T15911] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[ 1324.380680][T15911] Bluetooth: hci1: Injecting HCI hardware error event
[ 1324.384354][T15911] Bluetooth: hci1: hardware error 0x00
[ 1326.341989][T10218] team0 (unregistering): Port device team_slave_1 removed
[ 1326.567788][T10218] team0 (unregistering): Port device team_slave_0 removed
[ 1326.800423][T15911] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 1327.249765][T11473] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[ 1327.442397][T11473] usb 6-1: Using ep0 maxpacket: 16
[ 1327.452523][T11473] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1327.452554][T11473] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1327.452573][T11473] usb 6-1: Product: syz
[ 1327.452581][T11473] usb 6-1: Manufacturer: syz
[ 1327.452589][T11473] usb 6-1: SerialNumber: syz
[ 1327.520497][T11473] r8152-cfgselector 6-1: Unknown version 0x0000
[ 1327.520533][T11473] r8152-cfgselector 6-1: config 0 descriptor??
[ 1328.053862][   T36] r8152-cfgselector 6-1: USB disconnect, device number 33
[ 1328.685746][T17545] bond0: left promiscuous mode
[ 1328.685763][T17545] bond_slave_0: left promiscuous mode
[ 1328.691372][T17545] bond_slave_1: left promiscuous mode
[ 1328.691787][T17545] veth0: left promiscuous mode
[ 1330.165115][T17614] FAULT_INJECTION: forcing a failure.
[ 1330.165115][T17614] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1330.165147][T17614] CPU: 0 UID: 0 PID: 17614 Comm: syz.8.3640 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1330.165168][T17614] Tainted: [L]=SOFTLOCKUP
[ 1330.165173][T17614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1330.165182][T17614] Call Trace:
[ 1330.165187][T17614]  <TASK>
[ 1330.165194][T17614]  dump_stack_lvl+0xe8/0x150
[ 1330.165220][T17614]  should_fail_ex+0x46b/0x600
[ 1330.165243][T17614]  _copy_from_user+0x2d/0xb0
[ 1330.165263][T17614]  copy_from_sockptr_offset+0x66/0xa0
[ 1330.165376][T17614]  do_tcp_getsockopt+0xa54/0x2950
[ 1330.165400][T17614]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[ 1330.165437][T17614]  ? call_rcu+0x644/0x890
[ 1330.165458][T17614]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1330.165488][T17614]  ? evict+0x95b/0xb10
[ 1330.165510][T17614]  ? __pfx_evict+0x10/0x10
[ 1330.165524][T17614]  ? rt_spin_unlock+0x160/0x200
[ 1330.165542][T17614]  ? iput+0xb25/0xe80
[ 1330.165614][T17614]  ? __mptcp_nmpc_sk+0x605/0x790
[ 1330.165677][T17614]  tcp_getsockopt+0x83/0x130
[ 1330.165693][T17614]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1330.165715][T17614]  mptcp_getsockopt+0x109f/0x1ed0
[ 1330.165762][T17614]  ? __pfx_mptcp_getsockopt+0x10/0x10
[ 1330.165778][T17614]  ? __lock_acquire+0x6b5/0x2cf0
[ 1330.165802][T17614]  ? __lock_acquire+0x6b5/0x2cf0
[ 1330.165822][T17614]  ? __lock_acquire+0x6b5/0x2cf0
[ 1330.165848][T17614]  ? unwind_next_frame+0xa5/0x23c0
[ 1330.165880][T17614]  ? unwind_next_frame+0xa5/0x23c0
[ 1330.165901][T17614]  ? is_bpf_text_address+0x26/0x2b0
[ 1330.165926][T17614]  ? __lock_acquire+0x6b5/0x2cf0
[ 1330.165947][T17614]  ? is_bpf_text_address+0x292/0x2b0
[ 1330.165969][T17614]  ? is_bpf_text_address+0x26/0x2b0
[ 1330.165986][T17614]  ? kernel_text_address+0xa5/0xe0
[ 1330.166007][T17614]  ? __kernel_text_address+0xd/0x30
[ 1330.166020][T17614]  ? unwind_get_return_address+0x4d/0x90
[ 1330.166039][T17614]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1330.166066][T17614]  ? __lock_acquire+0x6b5/0x2cf0
[ 1330.166086][T17614]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1330.166136][T17614]  ? kstrtoull+0x12f/0x1d0
[ 1330.166153][T17614]  ? kstrtouint+0x6e/0xe0
[ 1330.166170][T17614]  ? get_pid_task+0x20/0x1f0
[ 1330.166194][T17614]  ? __lock_acquire+0x6b5/0x2cf0
[ 1330.166216][T17614]  ? get_pid_task+0x20/0x1f0
[ 1330.166232][T17614]  ? get_pid_task+0x20/0x1f0
[ 1330.166257][T17614]  ? __lock_acquire+0x6b5/0x2cf0
[ 1330.166280][T17614]  ? __might_fault+0xaf/0x130
[ 1330.166298][T17614]  ? __might_fault+0xaf/0x130
[ 1330.166326][T17614]  ? sock_common_getsockopt+0x2d/0xb0
[ 1330.166344][T17614]  ? __pfx_sock_common_getsockopt+0x10/0x10
[ 1330.166364][T17614]  do_sock_getsockopt+0x2d3/0x3f0
[ 1330.166381][T17614]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1330.166396][T17614]  ? __fget_files+0x3a6/0x420
[ 1330.166415][T17614]  ? __fget_files+0x2a/0x420
[ 1330.166438][T17614]  __x64_sys_getsockopt+0x1aa/0x250
[ 1330.166460][T17614]  do_syscall_64+0x14d/0xf80
[ 1330.166478][T17614]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1330.166492][T17614]  ? trace_irq_disable+0x37/0x100
[ 1330.166505][T17614]  ? clear_bhb_loop+0x40/0x90
[ 1330.166523][T17614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1330.166537][T17614] RIP: 0033:0x7f27bd61bf79
[ 1330.166551][T17614] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1330.166564][T17614] RSP: 002b:00007f27bb86e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1330.166580][T17614] RAX: ffffffffffffffda RBX: 00007f27bd895fa0 RCX: 00007f27bd61bf79
[ 1330.166591][T17614] RDX: 000000000000001a RSI: 0000000000000006 RDI: 0000000000000003
[ 1330.166599][T17614] RBP: 00007f27bb86e090 R08: 00002000000000c0 R09: 0000000000000000
[ 1330.166609][T17614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1330.166618][T17614] R13: 00007f27bd896038 R14: 00007f27bd895fa0 R15: 00007ffc26f59bd8
[ 1330.166644][T17614]  </TASK>
[ 1332.965988][T17664] syz.9.3654 uses obsolete (PF_INET,SOCK_PACKET)
[ 1333.391003][T17679] netlink: 'syz.5.3642': attribute type 2 has an invalid length.
[ 1333.391023][T17679] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3642'.
[ 1333.513493][T17680] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3642'.
[ 1333.513514][T17680] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3642'.
[ 1333.513531][T17680] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3642'.
[ 1333.513545][T17680] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3642'.
[ 1333.833072][T17698] FAULT_INJECTION: forcing a failure.
[ 1333.833072][T17698] name failslab, interval 1, probability 0, space 0, times 0
[ 1333.833095][T17698] CPU: 0 UID: 0 PID: 17698 Comm: syz.5.3660 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1333.833110][T17698] Tainted: [L]=SOFTLOCKUP
[ 1333.833114][T17698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1333.833120][T17698] Call Trace:
[ 1333.833124][T17698]  <TASK>
[ 1333.833129][T17698]  dump_stack_lvl+0xe8/0x150
[ 1333.833149][T17698]  should_fail_ex+0x46b/0x600
[ 1333.833165][T17698]  should_failslab+0xa8/0x100
[ 1333.833179][T17698]  kmem_cache_alloc_noprof+0x87/0x680
[ 1333.833191][T17698]  ? do_getname+0x2e/0x250
[ 1333.833286][T17698]  do_getname+0x2e/0x250
[ 1333.833304][T17698]  ? getname_uflags+0x11/0x30
[ 1333.833319][T17698]  do_faccessat+0x635/0xde0
[ 1333.833349][T17698]  ? __pfx_do_faccessat+0x10/0x10
[ 1333.833371][T17698]  ? __pfx_ksys_write+0x10/0x10
[ 1333.833395][T17698]  __x64_sys_faccessat2+0x9a/0xb0
[ 1333.833416][T17698]  do_syscall_64+0x14d/0xf80
[ 1333.833438][T17698]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1333.833450][T17698]  ? trace_irq_disable+0x37/0x100
[ 1333.833458][T17698]  ? clear_bhb_loop+0x40/0x90
[ 1333.833471][T17698]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1333.833481][T17698] RIP: 0033:0x7f3e1d31bf79
[ 1333.833491][T17698] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1333.833500][T17698] RSP: 002b:00007f3e1b56e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b7
[ 1333.833511][T17698] RAX: ffffffffffffffda RBX: 00007f3e1d595fa0 RCX: 00007f3e1d31bf79
[ 1333.833519][T17698] RDX: 0000000000000004 RSI: 0000200000000280 RDI: ffffffffffffff9c
[ 1333.833526][T17698] RBP: 00007f3e1b56e090 R08: 0000000000000000 R09: 0000000000000000
[ 1333.833532][T17698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1333.833538][T17698] R13: 00007f3e1d596038 R14: 00007f3e1d595fa0 R15: 00007ffd54119be8
[ 1333.833554][T17698]  </TASK>
[ 1334.208998][T17704] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1334.546342][T17705] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1335.272887][T17238] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1335.326378][T17238] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1336.514074][T17238] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1336.615536][T17238] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1337.120290][T17238] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1337.221302][T17238] 8021q: adding VLAN 0 to HW filter on device team0
[ 1337.330272][T17238] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1337.330296][T17238] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1337.428742][ T3703] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1337.428874][ T3703] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1337.442684][ T3703] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1337.442834][ T3703] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1337.880113][T17774] lo speed is unknown, defaulting to 1000
[ 1339.154589][T17238] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1339.376497][T17238] veth0_vlan: entered promiscuous mode
[ 1339.449599][T17238] veth1_vlan: entered promiscuous mode
[ 1339.629187][T17238] veth0_macvtap: entered promiscuous mode
[ 1339.658906][T17238] veth1_macvtap: entered promiscuous mode
[ 1339.724784][T17238] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1339.767956][T17238] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1339.827614][ T9437] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.828449][ T9437] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.830290][ T9437] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.830331][ T9437] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.868913][T11471] usb 10-1: new high-speed USB device number 19 using dummy_hcd
[ 1340.038331][T11471] usb 10-1: Using ep0 maxpacket: 32
[ 1340.041938][T11471] usb 10-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[ 1340.041969][T11471] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1340.097915][T11471] usb 10-1: config 0 descriptor??
[ 1340.130777][T11471] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[ 1340.510407][T17837] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3690'.
[ 1340.669100][T11471] gspca_vc032x: reg_r err -110
[ 1340.669141][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669151][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669160][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669168][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669177][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669192][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669200][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669209][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669217][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669225][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669233][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669241][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669250][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669258][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669266][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669274][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669282][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669291][T11471] gspca_vc032x: I2c Bus Busy Wait 00
[ 1340.669303][T11471] gspca_vc032x: Unknown sensor...
[ 1340.669388][T11471] vc032x 10-1:0.0: probe with driver vc032x failed with error -22
[ 1340.771248][T11473] usb 10-1: USB disconnect, device number 19
[ 1341.093333][T17849] misc userio: No port type given on /dev/userio
[ 1341.787277][T10049] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1341.787297][T10049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1342.020000][T17871] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3705'.
[ 1342.022445][T10049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1342.022463][T10049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1342.323557][  T806] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[ 1342.441547][T17887] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1342.441573][T17887] bond0: (slave lo): Error: Device can not be enslaved while up
[ 1342.505977][  T806] usb 6-1: Using ep0 maxpacket: 32
[ 1342.787591][  T806] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1342.787618][  T806] usb 6-1: config 0 has no interface number 0
[ 1342.823639][  T806] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1342.823670][  T806] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1342.823690][  T806] usb 6-1: Product: syz
[ 1342.823704][  T806] usb 6-1: Manufacturer: syz
[ 1342.823718][  T806] usb 6-1: SerialNumber: syz
[ 1342.875653][  T806] usb 6-1: config 0 descriptor??
[ 1342.890621][  T806] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1342.890663][  T806] usb 6-1: selecting invalid altsetting 1
[ 1342.890677][  T806] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1342.987038][  T806] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1342.987492][  T806] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1342.987569][  T806] usb 6-1: media controller created
[ 1343.033198][  T806] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1343.851735][  T806] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1343.851793][  T806] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1343.853273][  T806] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1343.918371][ T5813] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1343.945415][ T5813] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1343.945846][ T5813] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1343.955816][ T5813] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1343.956488][ T5813] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1344.056335][  T806] usb 6-1: USB disconnect, device number 34
[ 1344.281689][T17907] lo speed is unknown, defaulting to 1000
[ 1344.870293][T17892] netlink: 32 bytes leftover after parsing attributes in process `syz.9.3712'.
[ 1344.870974][T17892] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1346.240044][ T5813] Bluetooth: hci4: command tx timeout
[ 1346.738899][T14993] usb 9-1: new high-speed USB device number 41 using dummy_hcd
[ 1348.160554][T14993] usb 9-1: Using ep0 maxpacket: 16
[ 1348.268593][T14993] usb 9-1: config 9 has an invalid interface number: 1 but max is 0
[ 1348.268620][T14993] usb 9-1: config 9 has no interface number 0
[ 1348.268650][T14993] usb 9-1: config 9 interface 1 has no altsetting 0
[ 1348.306129][T14993] usb 9-1: New USB device found, idVendor=19d2, idProduct=0055, bcdDevice=fb.73
[ 1348.306161][T14993] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1348.306189][T14993] usb 9-1: Product: syz
[ 1348.306204][T14993] usb 9-1: Manufacturer: syz
[ 1348.306218][T14993] usb 9-1: SerialNumber: syz
[ 1348.439182][ T5813] Bluetooth: hci4: command tx timeout
[ 1348.510631][T17969] netlink: 'syz.2.3728': attribute type 1 has an invalid length.
[ 1348.639227][T17941] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3721'.
[ 1348.794603][T10049] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1349.962608][T17979] ALSA: mixer_oss: invalid OSS volume 'DAGITAL1'
[ 1350.360103][T14993] usb 9-1: USB disconnect, device number 41
[ 1350.510539][T17987] netlink: 296 bytes leftover after parsing attributes in process `syz.9.3731'.
[ 1350.633110][T10049] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1350.652083][ T5813] Bluetooth: hci4: command tx timeout
[ 1351.606206][T10049] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1351.676399][T17907] chnl_net:caif_netlink_parms(): no params data found
[ 1352.076118][T10049] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1352.262328][T18025] mmap: syz.5.3736 (18025) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1352.890733][ T5813] Bluetooth: hci4: command tx timeout
[ 1353.279543][T18016] 8021q: VLANs not supported on sit0
[ 1353.549762][T17907] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1353.552692][T17907] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1353.552853][T17907] bridge_slave_0: entered allmulticast mode
[ 1353.572578][T17907] bridge_slave_0: entered promiscuous mode
[ 1353.585846][T17907] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1353.585959][T17907] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1353.586152][T17907] bridge_slave_1: entered allmulticast mode
[ 1353.611683][T17907] bridge_slave_1: entered promiscuous mode
[ 1353.928562][T17907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1353.936962][T17907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1354.660513][ T5807] usb 9-1: new full-speed USB device number 42 using dummy_hcd
[ 1354.822306][ T5807] usb 9-1: not running at top speed; connect to a high speed hub
[ 1354.823495][ T5807] usb 9-1: config 3 has an invalid interface number: 47 but max is 1
[ 1354.823518][ T5807] usb 9-1: config 3 has no interface number 0
[ 1354.823573][ T5807] usb 9-1: config 3 interface 1 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1354.823601][ T5807] usb 9-1: config 3 interface 1 has no altsetting 0
[ 1354.823619][ T5807] usb 9-1: config 3 interface 47 has no altsetting 0
[ 1354.828369][ T5807] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=43.bd
[ 1354.828396][ T5807] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1354.828415][ T5807] usb 9-1: Product: syz
[ 1354.828429][ T5807] usb 9-1: Manufacturer: syz
[ 1354.828443][ T5807] usb 9-1: SerialNumber: syz
[ 1355.092822][T17907] team0: Port device team_slave_0 added
[ 1355.126815][ T5807] usb 9-1: selecting invalid altsetting 0
[ 1355.184165][T17907] team0: Port device team_slave_1 added
[ 1355.475166][T17907] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1355.475178][T17907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1355.475193][T17907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1355.479608][T17907] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1355.479636][T17907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1355.479661][T17907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1355.678481][T10049] bridge_slave_1: left allmulticast mode
[ 1355.678509][T10049] bridge_slave_1: left promiscuous mode
[ 1355.678737][T10049] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1355.773240][ T5807] usb 9-1: USB disconnect, device number 42
[ 1355.832021][T10049] bridge_slave_0: left allmulticast mode
[ 1355.832047][T10049] bridge_slave_0: left promiscuous mode
[ 1355.832288][T10049] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1357.035981][T17900] udevd[17900]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:3.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1358.718250][   T37] audit: type=1326 audit(1771132665.671:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18065 comm="syz.2.3748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc810fdbf79 code=0x7ffc0000
[ 1358.718282][   T37] audit: type=1326 audit(1771132665.671:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18065 comm="syz.2.3748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc810fdbf79 code=0x7ffc0000
[ 1358.718303][   T37] audit: type=1326 audit(1771132665.774:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18065 comm="syz.2.3748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc810fdbf79 code=0x7ffc0000
[ 1358.718324][   T37] audit: type=1326 audit(1771132665.774:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18065 comm="syz.2.3748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc810fdbf79 code=0x7ffc0000
[ 1358.718345][   T37] audit: type=1326 audit(1771132665.774:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18065 comm="syz.2.3748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7fc810fdbf79 code=0x7ffc0000
[ 1358.718364][   T37] audit: type=1326 audit(1771132665.774:1630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18065 comm="syz.2.3748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc810fdbf79 code=0x7ffc0000
[ 1358.718384][   T37] audit: type=1326 audit(1771132665.774:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18065 comm="syz.2.3748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc810fdbf79 code=0x7ffc0000
[ 1358.718404][   T37] audit: type=1326 audit(1771132665.867:1632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18065 comm="syz.2.3748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc810fdbf79 code=0x7ffc0000
[ 1358.718424][   T37] audit: type=1326 audit(1771132665.867:1633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18065 comm="syz.2.3748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc810fdbf79 code=0x7ffc0000
[ 1358.718449][   T37] audit: type=1326 audit(1771132665.867:1634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18065 comm="syz.2.3748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fc810fdbf79 code=0x7ffc0000
[ 1363.392031][T10049] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1363.439454][T10049] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1363.462427][T10049] bond0 (unregistering): Released all slaves
[ 1365.955634][T10049] bond1 (unregistering): Released all slaves
[ 1366.788457][T10049] bond2 (unregistering): Released all slaves
[ 1368.678951][T10049] bond3 (unregistering): Released all slaves
[ 1368.738505][T18155] 9p: Bad value for 'wfdno'
[ 1369.114199][T14993] usb 10-1: new high-speed USB device number 20 using dummy_hcd
[ 1369.329093][T14993] usb 10-1: device descriptor read/64, error -71
[ 1369.695500][T14993] usb 10-1: new high-speed USB device number 21 using dummy_hcd
[ 1370.118621][T14993] usb 10-1: device descriptor read/64, error -71
[ 1370.238561][T14993] usb usb10-port1: attempt power cycle
[ 1370.365572][T10049] bond4 (unregistering): Released all slaves
[ 1370.599092][T18094] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1370.628406][T14993] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[ 1370.643610][T14993] usb 10-1: device descriptor read/8, error -71
[ 1370.786877][T17907] hsr_slave_0: entered promiscuous mode
[ 1370.787740][T17907] hsr_slave_1: entered promiscuous mode
[ 1370.788266][T17907] debugfs: 'hsr0' already exists in 'hsr'
[ 1370.788281][T17907] Cannot create hsr debugfs directory
[ 1370.895685][T11979] usb 9-1: new full-speed USB device number 43 using dummy_hcd
[ 1370.908091][T14993] usb 10-1: new high-speed USB device number 23 using dummy_hcd
[ 1370.923171][T14993] usb 10-1: device descriptor read/8, error -71
[ 1371.039052][T14993] usb usb10-port1: unable to enumerate USB device
[ 1371.133700][T11979] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1371.133735][T11979] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1371.133772][T11979] usb 9-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[ 1371.133795][T11979] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1371.269019][T11979] usb 9-1: config 0 descriptor??
[ 1371.728862][T11979] cougar 0003:060B:500A.000A: unknown main item tag 0x0
[ 1371.728901][T11979] cougar 0003:060B:500A.000A: unknown main item tag 0x0
[ 1371.728937][T11979] cougar 0003:060B:500A.000A: unknown main item tag 0x0
[ 1371.728960][T11979] cougar 0003:060B:500A.000A: unknown main item tag 0x0
[ 1371.728985][T11979] cougar 0003:060B:500A.000A: unknown main item tag 0x0
[ 1371.729008][T11979] cougar 0003:060B:500A.000A: unknown main item tag 0x0
[ 1371.729031][T11979] cougar 0003:060B:500A.000A: unknown main item tag 0x0
[ 1371.729057][T11979] cougar 0003:060B:500A.000A: unknown main item tag 0x0
[ 1371.729081][T11979] cougar 0003:060B:500A.000A: unknown main item tag 0x0
[ 1371.729105][T11979] cougar 0003:060B:500A.000A: unknown main item tag 0x0
[ 1371.845515][T11979] cougar 0003:060B:500A.000A: hidraw0: USB HID v80.00 Device [HID 060b:500a] on usb-dummy_hcd.8-1/input0
[ 1372.086627][   T10] usb 9-1: USB disconnect, device number 43
[ 1372.463509][   T37] kauditd_printk_skb: 56 callbacks suppressed
[ 1372.463559][   T37] audit: type=1326 audit(1771132679.393:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18183 comm="syz.5.3774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1d31bf79 code=0x7ffc0000
[ 1372.464367][   T37] audit: type=1326 audit(1771132679.393:1692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18183 comm="syz.5.3774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1d31bf79 code=0x7ffc0000
[ 1372.464627][   T37] audit: type=1326 audit(1771132679.393:1693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18183 comm="syz.5.3774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f3e1d31bf79 code=0x7ffc0000
[ 1372.465422][   T37] audit: type=1326 audit(1771132679.393:1694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18183 comm="syz.5.3774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1d31bf79 code=0x7ffc0000
[ 1372.465655][   T37] audit: type=1326 audit(1771132679.403:1695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18183 comm="syz.5.3774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1d31bf79 code=0x7ffc0000
[ 1372.466411][   T37] audit: type=1326 audit(1771132679.403:1696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18183 comm="syz.5.3774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3e1d31bf79 code=0x7ffc0000
[ 1372.466618][   T37] audit: type=1326 audit(1771132679.403:1697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18183 comm="syz.5.3774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1d31bf79 code=0x7ffc0000
[ 1372.466697][   T37] audit: type=1326 audit(1771132679.403:1698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18183 comm="syz.5.3774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1d31bf79 code=0x7ffc0000
[ 1372.467500][   T37] audit: type=1326 audit(1771132679.403:1699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18183 comm="syz.5.3774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3e1d31bf79 code=0x7ffc0000
[ 1372.467792][   T37] audit: type=1326 audit(1771132679.412:1700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18183 comm="syz.5.3774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1d31bf79 code=0x7ffc0000
[ 1373.095947][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1373.096015][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1374.182897][T18185] fido_id[18185]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[ 1378.422933][T18206] syzkaller1: entered promiscuous mode
[ 1378.422951][T18206] syzkaller1: entered allmulticast mode
[ 1378.473203][ T5813] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 1378.473234][ T5813] CPU: 0 UID: 0 PID: 5813 Comm: kworker/u9:4 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1378.473262][ T5813] Tainted: [L]=SOFTLOCKUP
[ 1378.473270][ T5813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1378.473283][ T5813] Workqueue: hci0 hci_rx_work
[ 1378.473444][ T5813] Call Trace:
[ 1378.473452][ T5813]  <TASK>
[ 1378.473461][ T5813]  dump_stack_lvl+0xe8/0x150
[ 1378.473495][ T5813]  sysfs_create_dir_ns+0x271/0x2a0
[ 1378.473556][ T5813]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1378.473581][ T5813]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1378.473606][ T5813]  ? rt_spin_unlock+0x160/0x200
[ 1378.473629][ T5813]  kobject_add_internal+0x631/0xd10
[ 1378.473725][ T5813]  kobject_add+0x163/0x240
[ 1378.473758][ T5813]  ? __pfx_kobject_add+0x10/0x10
[ 1378.473793][ T5813]  ? get_device_parent+0x370/0x3a0
[ 1378.473852][ T5813]  device_add+0x408/0xb80
[ 1378.473884][ T5813]  hci_conn_add_sysfs+0xd5/0x210
[ 1378.473966][ T5813]  le_conn_complete_evt+0xf1d/0x1430
[ 1378.474025][ T5813]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1378.474049][ T5813]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1378.474073][ T5813]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1378.474100][ T5813]  ? skb_pull_data+0xfb/0x200
[ 1378.474126][ T5813]  hci_le_conn_complete_evt+0x187/0x470
[ 1378.474153][ T5813]  hci_event_packet+0x7af/0x12c0
[ 1378.474187][ T5813]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1378.474234][ T5813]  ? __pfx_hci_event_packet+0x10/0x10
[ 1378.474258][ T5813]  ? rt_spin_unlock+0x14f/0x200
[ 1378.474287][ T5813]  ? hci_send_to_monitor+0xe2/0x590
[ 1378.474313][ T5813]  hci_rx_work+0x3ee/0x1030
[ 1378.474348][ T5813]  ? process_scheduled_works+0xa0f/0x17a0
[ 1378.474375][ T5813]  process_scheduled_works+0xaec/0x17a0
[ 1378.474427][ T5813]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1378.474455][ T5813]  ? assign_work+0x3d5/0x5e0
[ 1378.474480][ T5813]  worker_thread+0xa50/0xfc0
[ 1378.474536][ T5813]  kthread+0x388/0x470
[ 1378.474561][ T5813]  ? __pfx_worker_thread+0x10/0x10
[ 1378.474581][ T5813]  ? __pfx_kthread+0x10/0x10
[ 1378.474607][ T5813]  ret_from_fork+0x51e/0xb90
[ 1378.474649][ T5813]  ? __pfx_ret_from_fork+0x10/0x10
[ 1378.474671][ T5813]  ? __switch_to+0xc7d/0x1400
[ 1378.474702][ T5813]  ? __pfx_kthread+0x10/0x10
[ 1378.474730][ T5813]  ret_from_fork_asm+0x1a/0x30
[ 1378.474776][ T5813]  </TASK>
[ 1378.474869][ T5813] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1378.474907][ T5813] Bluetooth: hci0: failed to register connection device
[ 1378.475284][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.475368][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.475448][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.475537][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.475620][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.475699][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.475776][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.475853][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.475927][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.476005][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.476083][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.476164][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.476244][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.476322][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.476396][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.486074][T15911] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.489479][T15911] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.489931][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.490078][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.491416][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.493499][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.493673][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.493811][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.493946][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.494080][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.494222][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.494376][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.494588][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.494724][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.494858][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.494992][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.495126][ T5813] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 1378.735714][T11979] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[ 1379.311910][T11979] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1379.311938][T11979] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1379.311955][T11979] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1379.312001][T11979] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1379.316254][T11979] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1379.316283][T11979] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1379.316302][T11979] usb 3-1: Product: syz
[ 1379.316315][T11979] usb 3-1: Manufacturer: syz
[ 1380.161020][T11979] cdc_wdm 3-1:1.0: skipping garbage
[ 1380.161039][T11979] cdc_wdm 3-1:1.0: skipping garbage
[ 1380.240871][T11979] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[ 1380.240979][T11979] cdc_wdm 3-1:1.0: Unknown control protocol
[ 1380.720324][T10049] hsr_slave_0: left promiscuous mode
[ 1380.764148][T10049] hsr_slave_1: left promiscuous mode
[ 1380.764707][T10049] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1380.764723][T10049] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1380.837089][T10049] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1380.837108][T10049] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1381.086310][T10049] veth1_macvtap: left promiscuous mode
[ 1381.086397][T10049] veth0_macvtap: left promiscuous mode
[ 1381.086529][T10049] veth1_vlan: left promiscuous mode
[ 1381.086618][T10049] veth0_vlan: left promiscuous mode
[ 1381.127014][T18261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1381.127327][T18261] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1381.252747][T18263] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1381.253462][T18263] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1381.295285][    C1] cdc_wdm 3-1:1.0: Unexpected error -71
[ 1381.297226][   T10] usb 3-1: USB disconnect, device number 7
[ 1381.297439][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[ 1381.297567][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[ 1381.297584][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1382.962624][T18252] ALSA: mixer_oss: invalid OSS volume 'DAGITAL1'
[ 1386.064622][T18305] FAULT_INJECTION: forcing a failure.
[ 1386.064622][T18305] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1386.064659][T18305] CPU: 0 UID: 0 PID: 18305 Comm: syz.9.3797 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1386.064684][T18305] Tainted: [L]=SOFTLOCKUP
[ 1386.064690][T18305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1386.064701][T18305] Call Trace:
[ 1386.064708][T18305]  <TASK>
[ 1386.064716][T18305]  dump_stack_lvl+0xe8/0x150
[ 1386.064746][T18305]  should_fail_ex+0x46b/0x600
[ 1386.064773][T18305]  _copy_from_user+0x2d/0xb0
[ 1386.064797][T18305]  generic_map_update_batch+0x69a/0x990
[ 1386.064830][T18305]  ? __pfx_generic_map_update_batch+0x10/0x10
[ 1386.064852][T18305]  ? __fget_files+0x2a/0x420
[ 1386.064883][T18305]  ? __pfx_generic_map_update_batch+0x10/0x10
[ 1386.064903][T18305]  bpf_map_do_batch+0x3a7/0x630
[ 1386.064927][T18305]  __sys_bpf+0x7c1/0x950
[ 1386.064952][T18305]  ? __pfx___sys_bpf+0x10/0x10
[ 1386.064973][T18305]  ? rt_mutex_slowunlock+0x1cb/0x300
[ 1386.065008][T18305]  ? ksys_write+0x248/0x270
[ 1386.065028][T18305]  ? __pfx_ksys_write+0x10/0x10
[ 1386.065053][T18305]  __x64_sys_bpf+0x7c/0x90
[ 1386.065076][T18305]  do_syscall_64+0x14d/0xf80
[ 1386.065098][T18305]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1386.065116][T18305]  ? trace_irq_disable+0x37/0x100
[ 1386.065132][T18305]  ? clear_bhb_loop+0x40/0x90
[ 1386.065153][T18305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1386.065171][T18305] RIP: 0033:0x7f311429bf79
[ 1386.065187][T18305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1386.065204][T18305] RSP: 002b:00007f31124ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1386.065224][T18305] RAX: ffffffffffffffda RBX: 00007f3114515fa0 RCX: 00007f311429bf79
[ 1386.065238][T18305] RDX: 0000000000000038 RSI: 0000200000000400 RDI: 000000000000001a
[ 1386.065250][T18305] RBP: 00007f31124ee090 R08: 0000000000000000 R09: 0000000000000000
[ 1386.065261][T18305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1386.065273][T18305] R13: 00007f3114516038 R14: 00007f3114515fa0 R15: 00007fff0a819e68
[ 1386.065303][T18305]  </TASK>
[ 1386.289164][T18307] ucma_write: process 427 (syz.9.3798) changed security contexts after opening file descriptor, this is not allowed.
[ 1391.412370][T18322] ALSA: mixer_oss: invalid OSS volume 'DAGITAL1'
[ 1392.088994][T10049] team0 (unregistering): Port device team_slave_1 removed
[ 1392.386795][T10049] team0 (unregistering): Port device team_slave_0 removed
[ 1394.226427][   T10] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[ 1394.365401][   T10] usb 10-1: device descriptor read/64, error -71
[ 1394.653488][   T10] usb 10-1: new high-speed USB device number 25 using dummy_hcd
[ 1394.779375][T15911] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1394.805418][   T10] usb 10-1: device descriptor read/64, error -71
[ 1394.806320][T15911] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1394.809931][T15911] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1394.836058][T15911] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1394.840671][T15911] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1394.921611][   T10] usb usb10-port1: attempt power cycle
[ 1395.284877][   T10] usb 10-1: new high-speed USB device number 26 using dummy_hcd
[ 1395.330288][   T10] usb 10-1: device descriptor read/8, error -71
[ 1395.605532][   T10] usb 10-1: new high-speed USB device number 27 using dummy_hcd
[ 1395.634096][   T10] usb 10-1: device descriptor read/8, error -71
[ 1395.745529][   T10] usb usb10-port1: unable to enumerate USB device
[ 1397.316354][T18352] ALSA: mixer_oss: invalid OSS volume 'DAGITAL1'
[ 1398.045628][T15911] Bluetooth: hci2: command tx timeout
[ 1398.414364][T18343] lo speed is unknown, defaulting to 1000
[ 1399.573330][T18360] netlink: 260 bytes leftover after parsing attributes in process `syz.9.3815'.
[ 1399.755160][T18366] netlink: 35 bytes leftover after parsing attributes in process `syz.9.3818'.
[ 1400.960155][T18377] netlink: 'syz.9.3820': attribute type 2 has an invalid length.
[ 1401.699104][T15911] Bluetooth: hci2: command tx timeout
[ 1404.490883][T15911] Bluetooth: hci2: command tx timeout
[ 1404.778838][T11980] IPVS: starting estimator thread 0...
[ 1404.780144][T18406] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[ 1404.884979][T18410] IPVS: using max 11 ests per chain, 26400 per kthread
[ 1404.885057][T18407] syzkaller0: entered promiscuous mode
[ 1404.885075][T18407] syzkaller0: entered allmulticast mode
[ 1405.252258][T18425] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3826'.
[ 1406.179017][T18343] chnl_net:caif_netlink_parms(): no params data found
[ 1407.170923][T15911] Bluetooth: hci2: command tx timeout
[ 1408.409005][ T5813] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1408.415990][ T5813] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1408.416839][ T5813] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1408.418654][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1408.422879][ T5813] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1408.682814][T10049] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1410.651919][T10049] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1410.690244][T15911] Bluetooth: hci3: command tx timeout
[ 1410.721475][T18476] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1411.283799][T10049] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1411.359117][T18343] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1411.359186][T18343] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1411.359339][T18343] bridge_slave_0: entered allmulticast mode
[ 1411.361801][T18343] bridge_slave_0: entered promiscuous mode
[ 1411.387547][T18461] lo speed is unknown, defaulting to 1000
[ 1411.390310][T18343] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1411.390495][T18343] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1411.390703][T18343] bridge_slave_1: entered allmulticast mode
[ 1411.396270][T18343] bridge_slave_1: entered promiscuous mode
[ 1420.972822][T15911] Bluetooth: hci3: command tx timeout
[ 1421.161241][T10049] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1421.329945][T18343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1421.404450][T18343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1422.635473][T18343] team0: Port device team_slave_0 added
[ 1422.699694][T18343] team0: Port device team_slave_1 added
[ 1422.915092][T18343] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1422.915107][T18343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1422.915125][T18343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1422.926899][T18343] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1422.926916][T18343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1422.926940][T18343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1423.176666][ T5813] Bluetooth: hci3: command tx timeout
[ 1423.237419][T18343] hsr_slave_0: entered promiscuous mode
[ 1423.239590][T18343] hsr_slave_1: entered promiscuous mode
[ 1423.284407][T10049] bridge_slave_1: left allmulticast mode
[ 1423.284432][T10049] bridge_slave_1: left promiscuous mode
[ 1423.284656][T10049] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1423.371535][T10049] bridge_slave_0: left allmulticast mode
[ 1423.371564][T10049] bridge_slave_0: left promiscuous mode
[ 1423.371722][T10049] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1425.533066][ T5813] Bluetooth: hci3: command tx timeout
[ 1425.571331][ T5813] Bluetooth: hci0: command 0x0406 tx timeout
[ 1427.553250][T15911] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1427.568017][T15911] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1427.568903][T15911] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1427.573151][T15911] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1427.573916][T15911] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1427.840518][T10049] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1427.902389][T10049] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1427.946786][T10049] bond0 (unregistering): Released all slaves
[ 1428.875286][T14993] usb 10-1: new high-speed USB device number 28 using dummy_hcd
[ 1429.539806][T14993] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[ 1429.539835][T14993] usb 10-1: config 0 has no interface number 0
[ 1429.544750][T14993] usb 10-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[ 1429.544780][T14993] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1429.544801][T14993] usb 10-1: Product: syz
[ 1429.544815][T14993] usb 10-1: Manufacturer: syz
[ 1429.544828][T14993] usb 10-1: SerialNumber: syz
[ 1429.597410][T14993] usb 10-1: config 0 descriptor??
[ 1430.198638][T15911] Bluetooth: hci4: command tx timeout
[ 1432.413920][T15911] Bluetooth: hci4: command tx timeout
[ 1432.557898][T18574] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3860'.
[ 1432.587465][T18461] chnl_net:caif_netlink_parms(): no params data found
[ 1432.626515][T18574] bond0: entered promiscuous mode
[ 1432.626536][T18574] bond_slave_0: entered promiscuous mode
[ 1432.626740][T18574] bond_slave_1: entered promiscuous mode
[ 1432.626932][T18574] bond0: entered allmulticast mode
[ 1432.626946][T18574] bond_slave_0: entered allmulticast mode
[ 1432.654484][T18574] bond_slave_1: entered allmulticast mode
[ 1434.252615][T11471] usb 10-1: USB disconnect, device number 28
[ 1435.585215][T15911] Bluetooth: hci4: command tx timeout
[ 1435.636151][T18554] lo speed is unknown, defaulting to 1000
[ 1435.925455][T18461] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1435.925631][T18461] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1435.925763][T18461] bridge_slave_0: entered allmulticast mode
[ 1435.928017][T18461] bridge_slave_0: entered promiscuous mode
[ 1436.134107][T10049] hsr_slave_0: left promiscuous mode
[ 1436.176889][T10049] hsr_slave_1: left promiscuous mode
[ 1436.177904][T10049] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1436.177929][T10049] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1436.459440][T10049] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1436.459468][T10049] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1436.759365][T10049] veth1_macvtap: left promiscuous mode
[ 1436.759464][T10049] veth0_macvtap: left promiscuous mode
[ 1436.759707][T10049] veth1_vlan: left promiscuous mode
[ 1436.759777][T10049] veth0_vlan: left promiscuous mode
[ 1437.524705][T18620] siw: device registration error -23
[ 1437.812799][T15911] Bluetooth: hci4: command tx timeout
[ 1438.854348][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1438.854417][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1440.840650][T10049] team0 (unregistering): Port device team_slave_1 removed
[ 1441.063832][T10049] team0 (unregistering): Port device team_slave_0 removed
[ 1443.140238][T18623] lo speed is unknown, defaulting to 1000
[ 1443.222185][T18461] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1443.222318][T18461] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1443.222532][T18461] bridge_slave_1: entered allmulticast mode
[ 1443.297763][T18461] bridge_slave_1: entered promiscuous mode
[ 1443.468418][T18631] netlink: 'syz.9.3874': attribute type 5 has an invalid length.
[ 1443.540666][T18633] binder: 18632:18633 ioctl c00c6211 ffffffffffffffff returned -14
[ 1443.592399][T18461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1443.707791][T18461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1443.905859][T11979] usb 10-1: new high-speed USB device number 29 using dummy_hcd
[ 1444.029955][T18461] team0: Port device team_slave_0 added
[ 1444.076748][T11979] usb 10-1: Using ep0 maxpacket: 16
[ 1444.081308][T11979] usb 10-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[ 1444.081337][T11979] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1444.081357][T11979] usb 10-1: Product: syz
[ 1444.081371][T11979] usb 10-1: Manufacturer: syz
[ 1444.081385][T11979] usb 10-1: SerialNumber: syz
[ 1444.086687][T11979] usb 10-1: config 0 descriptor??
[ 1444.247501][T11979] visor 10-1:0.0: Sony Clie 3.5 converter detected
[ 1445.481970][T11979] usb 10-1: clie_3_5_startup: get config number failed: -71
[ 1445.482126][T11979] visor 10-1:0.0: probe with driver visor failed with error -71
[ 1445.536114][T11979] usb 10-1: USB disconnect, device number 29
[ 1445.597105][T18461] team0: Port device team_slave_1 added
[ 1446.271832][T18461] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1446.271850][T18461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1446.271873][T18461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1446.362139][T18461] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1446.362156][T18461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1446.362181][T18461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1446.824831][T18672] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3880'.
[ 1449.402990][T18686] FAULT_INJECTION: forcing a failure.
[ 1449.402990][T18686] name failslab, interval 1, probability 0, space 0, times 0
[ 1449.403027][T18686] CPU: 0 UID: 0 PID: 18686 Comm: syz.9.3885 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1449.403053][T18686] Tainted: [L]=SOFTLOCKUP
[ 1449.403060][T18686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1449.403070][T18686] Call Trace:
[ 1449.403077][T18686]  <TASK>
[ 1449.403086][T18686]  dump_stack_lvl+0xe8/0x150
[ 1449.403116][T18686]  should_fail_ex+0x46b/0x600
[ 1449.403143][T18686]  should_failslab+0xa8/0x100
[ 1449.403166][T18686]  kmem_cache_alloc_noprof+0x87/0x680
[ 1449.403187][T18686]  ? skb_clone+0x212/0x3a0
[ 1449.403211][T18686]  skb_clone+0x212/0x3a0
[ 1449.403226][T18686]  ? nfnetlink_rcv+0x4b0/0x27b0
[ 1449.403249][T18686]  nfnetlink_rcv+0x4e2/0x27b0
[ 1449.403271][T18686]  ? __local_bh_enable_ip+0x1ae/0x2b0
[ 1449.403292][T18686]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1449.403319][T18686]  ? __dev_queue_xmit+0x1eba/0x3990
[ 1449.403358][T18686]  ? netlink_unicast+0x805/0x9f0
[ 1449.403377][T18686]  ? ____sys_sendmsg+0xa4e/0xac0
[ 1449.403412][T18686]  ? __dev_queue_xmit+0x27d/0x3990
[ 1449.403432][T18686]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1449.403466][T18686]  ? ref_tracker_free+0x673/0x820
[ 1449.403486][T18686]  ? __copy_skb_header+0xa3/0x4a0
[ 1449.403505][T18686]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1449.403524][T18686]  ? __skb_clone+0x63/0x7a0
[ 1449.403546][T18686]  ? __skb_clone+0x483/0x7a0
[ 1449.403570][T18686]  ? skb_clone+0x246/0x3a0
[ 1449.403591][T18686]  ? __netlink_deliver_tap+0x807/0x850
[ 1449.403612][T18686]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1449.403649][T18686]  netlink_unicast+0x831/0x9f0
[ 1449.403677][T18686]  ? __pfx_netlink_unicast+0x10/0x10
[ 1449.403696][T18686]  ? __alloc_skb+0x193/0x390
[ 1449.403719][T18686]  ? netlink_sendmsg+0x650/0xb40
[ 1449.403738][T18686]  ? skb_put+0x11b/0x210
[ 1449.403764][T18686]  netlink_sendmsg+0x813/0xb40
[ 1449.403794][T18686]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1449.403822][T18686]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1449.403846][T18686]  ____sys_sendmsg+0xa4e/0xac0
[ 1449.403862][T18686]  ? __might_fault+0xaf/0x130
[ 1449.403888][T18686]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1449.403915][T18686]  ? import_iovec+0x73/0xa0
[ 1449.403942][T18686]  ___sys_sendmsg+0x2a5/0x360
[ 1449.403958][T18686]  ? __lock_acquire+0x6b5/0x2cf0
[ 1449.403985][T18686]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1449.404035][T18686]  ? __fget_files+0x2a/0x420
[ 1449.404055][T18686]  ? __fget_files+0x3a6/0x420
[ 1449.404086][T18686]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1449.404107][T18686]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1449.404134][T18686]  ? __pfx_ksys_write+0x10/0x10
[ 1449.404163][T18686]  do_syscall_64+0x14d/0xf80
[ 1449.404184][T18686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1449.404202][T18686]  ? trace_irq_disable+0x37/0x100
[ 1449.404217][T18686]  ? clear_bhb_loop+0x40/0x90
[ 1449.404238][T18686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1449.404256][T18686] RIP: 0033:0x7f311429bf79
[ 1449.404272][T18686] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1449.404288][T18686] RSP: 002b:00007f31124ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1449.404308][T18686] RAX: ffffffffffffffda RBX: 00007f3114515fa0 RCX: 00007f311429bf79
[ 1449.404321][T18686] RDX: 0000000024000000 RSI: 0000200000009b40 RDI: 0000000000000003
[ 1449.404333][T18686] RBP: 00007f31124ee090 R08: 0000000000000000 R09: 0000000000000000
[ 1449.404345][T18686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1449.404355][T18686] R13: 00007f3114516038 R14: 00007f3114515fa0 R15: 00007fff0a819e68
[ 1449.404385][T18686]  </TASK>
[ 1449.450950][T18461] hsr_slave_0: entered promiscuous mode
[ 1449.452220][T18461] hsr_slave_1: entered promiscuous mode
[ 1449.453100][T18461] debugfs: 'hsr0' already exists in 'hsr'
[ 1449.453122][T18461] Cannot create hsr debugfs directory
[ 1449.907966][T18554] chnl_net:caif_netlink_parms(): no params data found
[ 1450.770827][T18554] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1450.770948][T18554] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1450.771164][T18554] bridge_slave_0: entered allmulticast mode
[ 1450.781057][T18554] bridge_slave_0: entered promiscuous mode
[ 1450.993726][T14993] usb 10-1: new high-speed USB device number 30 using dummy_hcd
[ 1451.063259][T18554] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1451.063379][T18554] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1451.063616][T18554] bridge_slave_1: entered allmulticast mode
[ 1451.066178][T18554] bridge_slave_1: entered promiscuous mode
[ 1451.357466][T14993] usb 10-1: Using ep0 maxpacket: 32
[ 1452.041841][T14993] usb 10-1: config 4 has an invalid interface number: 128 but max is 0
[ 1452.041870][T14993] usb 10-1: config 4 has no interface number 0
[ 1452.041914][T14993] usb 10-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1452.041941][T14993] usb 10-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1452.041978][T14993] usb 10-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1452.042001][T14993] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1452.129480][T14993] hub 10-1:4.128: USB hub found
[ 1452.329331][T18554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1452.401120][T18723] binder: 18704:18723 ioctl 4018620d 0 returned -22
[ 1452.404438][T18554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1452.424442][T14993] hub 10-1:4.128: 2 ports detected
[ 1452.424500][T14993] hub 10-1:4.128: Using single TT (err -22)
[ 1452.503868][T18554] team0: Port device team_slave_0 added
[ 1452.528625][T18554] team0: Port device team_slave_1 added
[ 1452.652219][T14993] hub 10-1:4.128: hub_hub_status failed (err = -71)
[ 1452.652249][T14993] hub 10-1:4.128: config failed, can't get hub status (err -71)
[ 1452.705316][T14993] usb 10-1: USB disconnect, device number 30
[ 1452.744047][T18343] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1452.786216][T18554] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1452.786233][T18554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1452.786259][T18554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1452.792473][T18343] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1452.862123][T18554] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1452.862140][T18554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1452.862167][T18554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1452.923711][T18343] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1452.964425][T18343] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1454.189567][T18746] nft_compat: unsupported protocol 0
[ 1454.360024][T18751] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[ 1454.470492][T18554] hsr_slave_0: entered promiscuous mode
[ 1454.473181][T18554] hsr_slave_1: entered promiscuous mode
[ 1454.476993][T18554] debugfs: 'hsr0' already exists in 'hsr'
[ 1454.477020][T18554] Cannot create hsr debugfs directory
[ 1455.469790][T10049] bridge_slave_1: left allmulticast mode
[ 1455.469820][T10049] bridge_slave_1: left promiscuous mode
[ 1455.470154][T10049] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1455.553095][T10049] bridge_slave_0: left allmulticast mode
[ 1455.553124][T10049] bridge_slave_0: left promiscuous mode
[ 1455.553372][T10049] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1455.565453][   T37] kauditd_printk_skb: 31 callbacks suppressed
[ 1455.565470][   T37] audit: type=1326 audit(1771132757.256:1732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18771 comm="syz.5.3892" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3e1d31bf79 code=0x0
[ 1457.772914][T10049] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1457.900714][T10049] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1457.967023][T10049] bond0 (unregistering): Released all slaves
[ 1459.250703][T18789] ALSA: mixer_oss: invalid OSS volume 'DAGITAL1'
[ 1459.295974][T10049] hsr_slave_0: left promiscuous mode
[ 1459.345784][T10049] hsr_slave_1: left promiscuous mode
[ 1459.346676][T10049] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1459.348547][T18801] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3902'.
[ 1460.292629][T10049] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1460.659560][ T5813] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1460.714689][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1460.716051][ T5813] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1460.739557][ T5813] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1460.753114][ T5813] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1461.173330][T10049] team0 (unregistering): Port device team_slave_1 removed
[ 1462.660485][T10049] team0 (unregistering): Port device team_slave_0 removed
[ 1462.945912][ T5813] Bluetooth: hci1: command tx timeout
[ 1463.985325][T18807] lo speed is unknown, defaulting to 1000
[ 1465.105595][T11471] usb 10-1: new high-speed USB device number 31 using dummy_hcd
[ 1465.171914][ T5813] Bluetooth: hci1: command tx timeout
[ 1465.272447][T11471] usb 10-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1465.272479][T11471] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1465.272500][T11471] usb 10-1: Product: syz
[ 1465.272515][T11471] usb 10-1: Manufacturer: syz
[ 1465.272529][T11471] usb 10-1: SerialNumber: syz
[ 1465.278609][T11471] usb 10-1: config 0 descriptor??
[ 1465.285565][T11471] i2c-tiny-usb 10-1:0.0: version 6d.cc found at bus 010 address 031
[ 1465.715051][T11471]  (null): failure reading functionality
[ 1465.722409][T11471] i2c i2c-1: failure reading functionality
[ 1465.762228][T11471] i2c i2c-1: connected i2c-tiny-usb device
[ 1465.779714][T11471] usb 10-1: USB disconnect, device number 31
[ 1467.393043][ T5813] Bluetooth: hci1: command tx timeout
[ 1468.437743][T18865] ALSA: mixer_oss: invalid OSS volume 'DAGITAL1'
[ 1469.967112][ T5813] Bluetooth: hci1: command tx timeout
[ 1470.042510][T18807] chnl_net:caif_netlink_parms(): no params data found
[ 1470.743022][T18881] tmpfs: Bad value for 'mpol'
[ 1470.828533][T18883] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3915'.
[ 1471.938815][T18883] bond0: left promiscuous mode
[ 1471.938838][T18883] bond_slave_0: left promiscuous mode
[ 1471.939061][T18883] bond_slave_1: left promiscuous mode
[ 1471.939266][T18883] bond0: left allmulticast mode
[ 1471.939280][T18883] bond_slave_0: left allmulticast mode
[ 1471.939297][T18883] bond_slave_1: left allmulticast mode
[ 1472.432217][T15911] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1472.457099][T15911] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1472.457701][T15911] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1472.475254][T15911] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1472.478321][T15911] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1473.107962][T18807] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1473.108056][T18807] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1473.108231][T18807] bridge_slave_0: entered allmulticast mode
[ 1473.111827][T18807] bridge_slave_0: entered promiscuous mode
[ 1473.166702][T18807] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1473.166824][T18807] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1473.167053][T18807] bridge_slave_1: entered allmulticast mode
[ 1473.171948][T18807] bridge_slave_1: entered promiscuous mode
[ 1476.622927][ T5813] Bluetooth: hci2: command tx timeout
[ 1477.073932][T18807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1477.095403][T18807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1477.103109][T18896] lo speed is unknown, defaulting to 1000
[ 1478.962960][ T5813] Bluetooth: hci2: command tx timeout
[ 1480.452507][T18807] team0: Port device team_slave_0 added
[ 1480.570540][T18807] team0: Port device team_slave_1 added
[ 1480.793866][T18807] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1480.793883][T18807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1480.793909][T18807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1480.877912][T18807] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1480.877928][T18807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1480.877953][T18807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1480.943028][T18554] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1481.073181][T18554] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1481.114314][T18554] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1481.172891][ T5813] Bluetooth: hci2: command tx timeout
[ 1481.201532][T10049] bridge_slave_1: left allmulticast mode
[ 1481.201561][T10049] bridge_slave_1: left promiscuous mode
[ 1481.201896][T10049] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1481.273860][T10049] bridge_slave_0: left allmulticast mode
[ 1481.273890][T10049] bridge_slave_0: left promiscuous mode
[ 1481.274147][T10049] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1483.391323][ T5813] Bluetooth: hci2: command tx timeout
[ 1484.317746][T10049] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1484.714949][T10049] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1485.979492][T10049] bond0 (unregistering): Released all slaves
[ 1486.016883][T18554] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1486.242328][T18807] hsr_slave_0: entered promiscuous mode
[ 1486.243659][T18807] hsr_slave_1: entered promiscuous mode
[ 1486.244615][T18807] debugfs: 'hsr0' already exists in 'hsr'
[ 1486.244640][T18807] Cannot create hsr debugfs directory
[ 1490.623926][T10049] hsr_slave_0: left promiscuous mode
[ 1490.736167][T18973] netlink: 12 bytes leftover after parsing attributes in process `syz.9.3932'.
[ 1490.736304][T18973] netlink: 60 bytes leftover after parsing attributes in process `syz.9.3932'.
[ 1491.427218][T10049] hsr_slave_1: left promiscuous mode
[ 1491.428119][T10049] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1491.612908][T10049] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1491.862934][T15911] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1491.884439][T15911] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1491.894688][T15911] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1491.905149][T15911] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1491.917420][T15911] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1492.270005][T11979] usb 10-1: new high-speed USB device number 32 using dummy_hcd
[ 1492.458668][T11979] usb 10-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1492.458698][T11979] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1492.458716][T11979] usb 10-1: Product: syz
[ 1492.458729][T11979] usb 10-1: Manufacturer: syz
[ 1492.458741][T11979] usb 10-1: SerialNumber: syz
[ 1492.525334][T11979] usb 10-1: config 0 descriptor??
[ 1494.146061][ T5813] Bluetooth: hci5: unexpected event for opcode 0x0419
[ 1494.147451][T11979] usb 10-1: Firmware version (0.0) predates our first public release.
[ 1494.147475][T11979] usb 10-1: Please update to version 0.2 or newer
[ 1494.162927][ T5813] Bluetooth: hci3: command tx timeout
[ 1494.259619][T10049] team0 (unregistering): Port device team_slave_1 removed
[ 1494.444314][T10049] team0 (unregistering): Port device team_slave_0 removed
[ 1496.603078][ T5813] Bluetooth: hci3: command tx timeout
[ 1496.831047][T11979] usb 10-1: USB disconnect, device number 32
[ 1497.024326][T19012] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3942'.
[ 1497.648426][T18896] chnl_net:caif_netlink_parms(): no params data found
[ 1497.681214][T18979] lo speed is unknown, defaulting to 1000
[ 1499.196368][ T5813] Bluetooth: hci3: command tx timeout
[ 1499.669865][T19025] netlink: 71 bytes leftover after parsing attributes in process `syz.5.3947'.
[ 1501.173025][T18896] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1501.173222][T18896] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1501.173468][T18896] bridge_slave_0: entered allmulticast mode
[ 1501.177224][T18896] bridge_slave_0: entered promiscuous mode
[ 1501.198150][T18896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1501.198274][T18896] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1501.198499][T18896] bridge_slave_1: entered allmulticast mode
[ 1501.202299][T18896] bridge_slave_1: entered promiscuous mode
[ 1501.320537][T18896] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1501.346860][ T5813] Bluetooth: hci3: command tx timeout
[ 1502.128271][T18896] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1503.580798][T11979] usb 10-1: new high-speed USB device number 33 using dummy_hcd
[ 1503.664645][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1503.664732][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1503.693402][T18896] team0: Port device team_slave_0 added
[ 1503.737501][T18896] team0: Port device team_slave_1 added
[ 1503.770835][T11979] usb 10-1: Using ep0 maxpacket: 32
[ 1503.772983][T11979] usb 10-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1503.775177][T11979] usb 10-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1503.778193][T11979] usb 10-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1503.778220][T11979] usb 10-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[ 1503.778241][T11979] usb 10-1: Product: syz
[ 1503.778255][T11979] usb 10-1: Manufacturer: syz
[ 1503.835226][T11979] hub 10-1:4.0: USB hub found
[ 1504.086836][T11979] hub 10-1:4.0: 2 ports detected
[ 1504.319486][T11979] hub 10-1:4.0: hub_hub_status failed (err = -71)
[ 1504.319515][T11979] hub 10-1:4.0: config failed, can't get hub status (err -71)
[ 1504.351433][T11979] usb 10-1: USB disconnect, device number 33
[ 1505.158564][T18896] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1505.158582][T18896] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1505.158609][T18896] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1505.161071][T18979] chnl_net:caif_netlink_parms(): no params data found
[ 1505.255760][T18896] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1505.255777][T18896] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1505.255804][T18896] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1505.703776][T19070] FAULT_INJECTION: forcing a failure.
[ 1505.703776][T19070] name failslab, interval 1, probability 0, space 0, times 0
[ 1505.703801][T19070] CPU: 1 UID: 0 PID: 19070 Comm: syz.9.3959 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1505.703816][T19070] Tainted: [L]=SOFTLOCKUP
[ 1505.703820][T19070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1505.703826][T19070] Call Trace:
[ 1505.703831][T19070]  <TASK>
[ 1505.703836][T19070]  dump_stack_lvl+0xe8/0x150
[ 1505.703861][T19070]  should_fail_ex+0x46b/0x600
[ 1505.703879][T19070]  should_failslab+0xa8/0x100
[ 1505.703901][T19070]  __kmalloc_noprof+0xdf/0x7b0
[ 1505.703914][T19070]  ? tomoyo_encode+0x28b/0x550
[ 1505.704012][T19070]  tomoyo_encode+0x28b/0x550
[ 1505.704026][T19070]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1505.704043][T19070]  ? tomoyo_path_number_perm+0x219/0x630
[ 1505.704088][T19070]  tomoyo_path_number_perm+0x246/0x630
[ 1505.704105][T19070]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1505.704119][T19070]  ? __lock_acquire+0x6b5/0x2cf0
[ 1505.704137][T19070]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1505.704165][T19070]  ? __fget_files+0x2a/0x420
[ 1505.704181][T19070]  ? __fget_files+0x2a/0x420
[ 1505.704193][T19070]  ? __fget_files+0x3a6/0x420
[ 1505.704206][T19070]  ? __fget_files+0x2a/0x420
[ 1505.704222][T19070]  security_file_ioctl+0xc3/0x2a0
[ 1505.704241][T19070]  __se_sys_ioctl+0x47/0x170
[ 1505.704253][T19070]  do_syscall_64+0x14d/0xf80
[ 1505.704270][T19070]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1505.704280][T19070]  ? trace_irq_disable+0x37/0x100
[ 1505.704291][T19070]  ? clear_bhb_loop+0x40/0x90
[ 1505.704303][T19070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1505.704313][T19070] RIP: 0033:0x7f311429bf79
[ 1505.704323][T19070] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1505.704333][T19070] RSP: 002b:00007f31124ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1505.704345][T19070] RAX: ffffffffffffffda RBX: 00007f3114515fa0 RCX: 00007f311429bf79
[ 1505.704352][T19070] RDX: 0000200000000280 RSI: 00000000c02c564a RDI: 0000000000000003
[ 1505.704359][T19070] RBP: 00007f31124ee090 R08: 0000000000000000 R09: 0000000000000000
[ 1505.704366][T19070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1505.704372][T19070] R13: 00007f3114516038 R14: 00007f3114515fa0 R15: 00007fff0a819e68
[ 1505.704389][T19070]  </TASK>
[ 1505.704400][T19070] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1506.102242][T18896] hsr_slave_0: entered promiscuous mode
[ 1506.104557][T18896] hsr_slave_1: entered promiscuous mode
[ 1506.148633][T19076] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1506.585657][T18979] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1506.585797][T18979] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1506.585916][T18979] bridge_slave_0: entered allmulticast mode
[ 1506.587323][T18979] bridge_slave_0: entered promiscuous mode
[ 1506.620737][T14993] usb 10-1: new full-speed USB device number 34 using dummy_hcd
[ 1506.636150][T18979] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1506.636291][T18979] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1506.636458][T18979] bridge_slave_1: entered allmulticast mode
[ 1506.637898][T18979] bridge_slave_1: entered promiscuous mode
[ 1506.730219][T18979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1506.768213][T18979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1506.800464][T14993] usb 10-1: config 0 has an invalid interface number: 113 but max is 0
[ 1506.800492][T14993] usb 10-1: config 0 has no interface number 0
[ 1506.800539][T14993] usb 10-1: config 0 interface 113 has no altsetting 0
[ 1506.802708][T14993] usb 10-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[ 1506.802733][T14993] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1506.802744][T14993] usb 10-1: Product: syz
[ 1506.802752][T14993] usb 10-1: Manufacturer: syz
[ 1506.802759][T14993] usb 10-1: SerialNumber: syz
[ 1506.839345][T14993] usb 10-1: config 0 descriptor??
[ 1506.957521][T18807] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1507.094725][T18807] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1507.245560][T18979] team0: Port device team_slave_0 added
[ 1507.272368][T18807] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1507.341106][T18979] team0: Port device team_slave_1 added
[ 1507.360358][T18807] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1507.550703][T18979] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1507.550721][T18979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1507.550747][T18979] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1508.753679][T18979] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1508.753698][T18979] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1508.753716][T18979] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1509.257501][T18979] hsr_slave_0: entered promiscuous mode
[ 1509.259591][T18979] hsr_slave_1: entered promiscuous mode
[ 1509.261987][T18979] debugfs: 'hsr0' already exists in 'hsr'
[ 1509.262012][T18979] Cannot create hsr debugfs directory
[ 1509.638266][    C1] usb 10-1: NFC: Urb failure (status -71)
[ 1509.643686][    C1] usb 10-1: NFC: Urb failure (status -71)
[ 1509.664654][T14993] usb 10-1: NFC: Unable to get FW version
[ 1509.716751][T14993] pn533_usb 10-1:0.113: probe with driver pn533_usb failed with error -71
[ 1509.759292][T14993] usb 10-1: USB disconnect, device number 34
[ 1509.946727][T10049] bridge_slave_1: left allmulticast mode
[ 1509.946756][T10049] bridge_slave_1: left promiscuous mode
[ 1509.947092][T10049] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1510.040080][T10049] bridge_slave_0: left allmulticast mode
[ 1510.040108][T10049] bridge_slave_0: left promiscuous mode
[ 1510.040348][T10049] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1510.151596][T10049] bridge_slave_1: left allmulticast mode
[ 1510.151625][T10049] bridge_slave_1: left promiscuous mode
[ 1510.151847][T10049] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1510.236608][T10049] bridge_slave_0: left allmulticast mode
[ 1510.236638][T10049] bridge_slave_0: left promiscuous mode
[ 1510.236869][T10049] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1510.279066][T19133] FAULT_INJECTION: forcing a failure.
[ 1510.279066][T19133] name failslab, interval 1, probability 0, space 0, times 0
[ 1510.279102][T19133] CPU: 1 UID: 0 PID: 19133 Comm: syz.9.3975 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1510.279129][T19133] Tainted: [L]=SOFTLOCKUP
[ 1510.279136][T19133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1510.279147][T19133] Call Trace:
[ 1510.279155][T19133]  <TASK>
[ 1510.279163][T19133]  dump_stack_lvl+0xe8/0x150
[ 1510.279193][T19133]  should_fail_ex+0x46b/0x600
[ 1510.279220][T19133]  should_failslab+0xa8/0x100
[ 1510.279243][T19133]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[ 1510.279263][T19133]  ? __alloc_skb+0x1d7/0x390
[ 1510.279288][T19133]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1510.279313][T19133]  ? __alloc_skb+0x193/0x390
[ 1510.279337][T19133]  __alloc_skb+0x1d7/0x390
[ 1510.279364][T19133]  netlink_sendmsg+0x5d4/0xb40
[ 1510.279397][T19133]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1510.279436][T19133]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1510.279461][T19133]  ____sys_sendmsg+0xa4e/0xac0
[ 1510.279480][T19133]  ? __might_fault+0xaf/0x130
[ 1510.279506][T19133]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1510.279534][T19133]  ? import_iovec+0x73/0xa0
[ 1510.279560][T19133]  ___sys_sendmsg+0x2a5/0x360
[ 1510.279578][T19133]  ? __lock_acquire+0x6b5/0x2cf0
[ 1510.279605][T19133]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1510.279657][T19133]  ? __fget_files+0x2a/0x420
[ 1510.279679][T19133]  ? __fget_files+0x3a6/0x420
[ 1510.279710][T19133]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1510.279732][T19133]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1510.279759][T19133]  ? __pfx_ksys_write+0x10/0x10
[ 1510.279789][T19133]  do_syscall_64+0x14d/0xf80
[ 1510.279811][T19133]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1510.279830][T19133]  ? trace_irq_disable+0x37/0x100
[ 1510.279847][T19133]  ? clear_bhb_loop+0x40/0x90
[ 1510.279869][T19133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1510.279887][T19133] RIP: 0033:0x7f311429bf79
[ 1510.279904][T19133] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1510.279921][T19133] RSP: 002b:00007f31124ac028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1510.279941][T19133] RAX: ffffffffffffffda RBX: 00007f3114516180 RCX: 00007f311429bf79
[ 1510.279955][T19133] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005
[ 1510.279967][T19133] RBP: 00007f31124ac090 R08: 0000000000000000 R09: 0000000000000000
[ 1510.279979][T19133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1510.279991][T19133] R13: 00007f3114516218 R14: 00007f3114516180 R15: 00007fff0a819e68
[ 1510.280020][T19133]  </TASK>
[ 1510.830318][T10049] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1510.916749][T10049] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1510.980684][T10049] bond0 (unregistering): Released all slaves
[ 1511.257428][T10049] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1511.342868][T10049] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1511.418601][T10049] bond0 (unregistering): Released all slaves
[ 1512.261875][T10049] hsr_slave_0: left promiscuous mode
[ 1512.326071][T10049] hsr_slave_1: left promiscuous mode
[ 1512.326991][T10049] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1512.380417][T10049] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1512.571859][T10049] hsr_slave_0: left promiscuous mode
[ 1512.807371][T10049] hsr_slave_1: left promiscuous mode
[ 1512.808309][T10049] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1512.861344][T10049] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1513.759055][T10049] team0 (unregistering): Port device team_slave_1 removed
[ 1514.041208][T10049] team0 (unregistering): Port device team_slave_0 removed
[ 1516.357773][T10049] team0 (unregistering): Port device team_slave_1 removed
[ 1516.496967][T10049] team0 (unregistering): Port device team_slave_0 removed
[ 1517.206492][T18896] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1517.370018][T18896] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1517.441835][T18807] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1517.442337][T18896] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1517.497236][T18896] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1518.880586][T18807] 8021q: adding VLAN 0 to HW filter on device team0
[ 1518.923046][ T2933] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1518.923119][ T2933] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1518.934625][T15762] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1518.939440][T15762] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1519.290328][   T37] audit: type=1326 audit(1771132816.869:1733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19219 comm="syz.5.4004" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3e1d31bf79 code=0x0
[ 1520.044612][T11979] usb 10-1: new full-speed USB device number 35 using dummy_hcd
[ 1520.550283][T11979] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1520.550311][T11979] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1520.550358][T11979] usb 10-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1520.550383][T11979] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1520.572278][T11979] usb 10-1: config 0 descriptor??
[ 1520.633938][T11979] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1520.664481][T11979] dvb-usb: bulk message failed: -22 (3/0)
[ 1520.668501][T11979] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1520.692027][T11979] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1520.692084][T11979] usb 10-1: media controller created
[ 1520.694378][T11979] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1521.262599][T11979] dvb-usb: bulk message failed: -22 (6/0)
[ 1521.262693][T11979] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1521.283149][T11979] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.9/usb10/10-1/input/input26
[ 1521.321496][T11979] dvb-usb: schedule remote query interval to 150 msecs.
[ 1521.321521][T11979] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1521.325171][T11979] usb 10-1: USB disconnect, device number 35
[ 1521.463980][T18896] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1521.542853][T11979] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1521.674465][T18979] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1521.726203][T18979] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1521.783882][T18979] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1521.816364][T18979] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1521.924161][T18896] 8021q: adding VLAN 0 to HW filter on device team0
[ 1521.960424][T18807] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1521.966778][ T2956] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1521.967510][ T2956] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1522.722977][ T2956] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1522.723805][ T2956] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1523.321318][T18979] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1523.395727][T18979] 8021q: adding VLAN 0 to HW filter on device team0
[ 1523.457176][T15762] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1523.458031][T15762] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1523.504791][ T2956] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1523.505127][ T2956] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1523.949191][T18896] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1524.045164][T15911] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1524.048650][T15911] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1524.050862][T15911] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1524.054943][T15911] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1524.060040][T15911] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1524.188779][T19280] lo speed is unknown, defaulting to 1000
[ 1525.117990][T19310] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1525.118026][T19310] bond0: (slave lo): Error: Device type is different from other slaves
[ 1526.234868][T15911] Bluetooth: hci4: command tx timeout
[ 1526.469319][T19332] ALSA: mixer_oss: invalid OSS volume '‡'
[ 1526.839219][T19280] chnl_net:caif_netlink_parms(): no params data found
[ 1526.926670][T18979] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1527.901893][T19347] ALSA: mixer_oss: invalid OSS volume ''
[ 1528.458243][T15911] Bluetooth: hci4: command tx timeout
[ 1528.646729][T19364] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1528.646757][T19364] bond0: (slave lo): Error: Device type is different from other slaves
[ 1529.058685][T18896] veth0_vlan: entered promiscuous mode
[ 1529.095664][T19280] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1529.095849][T19280] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1529.096043][T19280] bridge_slave_0: entered allmulticast mode
[ 1529.098965][T19280] bridge_slave_0: entered promiscuous mode
[ 1529.118125][T19280] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1529.118256][T19280] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1529.118480][T19280] bridge_slave_1: entered allmulticast mode
[ 1529.134806][T19280] bridge_slave_1: entered promiscuous mode
[ 1529.320286][T18896] veth1_vlan: entered promiscuous mode
[ 1529.336517][T19280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1529.366812][T19280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1529.503455][   T37] audit: type=1326 audit(1771132826.419:1734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19388 comm="syz.5.4033" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3e1d31bf79 code=0x0
[ 1529.840380][T19280] team0: Port device team_slave_0 added
[ 1530.492692][T19280] team0: Port device team_slave_1 added
[ 1530.617923][T18979] veth0_vlan: entered promiscuous mode
[ 1530.681367][T15911] Bluetooth: hci4: command tx timeout
[ 1530.715567][T19280] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1530.715584][T19280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1530.715610][T19280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1530.733409][T19280] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1530.733426][T19280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1530.733453][T19280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1530.898432][T18979] veth1_vlan: entered promiscuous mode
[ 1530.957823][   T13] bridge_slave_1: left allmulticast mode
[ 1530.957851][   T13] bridge_slave_1: left promiscuous mode
[ 1530.958083][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1531.955105][   T13] bridge_slave_0: left allmulticast mode
[ 1531.955134][   T13] bridge_slave_0: left promiscuous mode
[ 1531.955371][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1532.074230][T19422] siw: device registration error -23
[ 1532.905464][T15911] Bluetooth: hci4: command tx timeout
[ 1533.589946][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1533.676840][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1533.701793][   T13] bond0 (unregistering): Released all slaves
[ 1533.801005][T19445] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1533.801033][T19445] bond0: (slave lo): Error: Device type is different from other slaves
[ 1533.827384][T19280] hsr_slave_0: entered promiscuous mode
[ 1533.828663][T19280] hsr_slave_1: entered promiscuous mode
[ 1533.829529][T19280] debugfs: 'hsr0' already exists in 'hsr'
[ 1533.829552][T19280] Cannot create hsr debugfs directory
[ 1533.854838][T18896] veth0_macvtap: entered promiscuous mode
[ 1534.341855][T18896] veth1_macvtap: entered promiscuous mode
[ 1535.358009][   T37] audit: type=1326 audit(1771132831.901:1735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19467 comm="syz.9.4041" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f311429bf79 code=0x0
[ 1535.417852][   T13] hsr_slave_0: left promiscuous mode
[ 1535.460611][   T13] hsr_slave_1: left promiscuous mode
[ 1535.461521][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1535.547140][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1537.048876][ T5813] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1537.096707][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1537.117552][ T5813] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1537.118750][ T5813] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1537.145874][ T5813] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1538.400727][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1538.615039][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1539.490469][ T5813] Bluetooth: hci1: command tx timeout
[ 1541.133280][T19519] ALSA: mixer_oss: invalid OSS volume ''
[ 1541.827293][ T5813] Bluetooth: hci1: command tx timeout
[ 1542.065573][T19504] lo speed is unknown, defaulting to 1000
[ 1542.299487][T18979] veth0_macvtap: entered promiscuous mode
[ 1542.497529][T18979] veth1_macvtap: entered promiscuous mode
[ 1542.961483][T19536] netlink: 'syz.5.4046': attribute type 1 has an invalid length.
[ 1543.017084][T19539] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4046'.
[ 1543.244311][T19536] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1543.680972][T19546] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1543.680999][T19546] bond0: (slave lo): Error: Device can not be enslaved while up
[ 1544.025664][ T5813] Bluetooth: hci1: command tx timeout
[ 1544.055364][   T37] audit: type=1326 audit(1771132840.029:1736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19560 comm="syz.9.4049" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f311429bf79 code=0x0
[ 1545.161819][T18979] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1546.321080][ T5813] Bluetooth: hci1: command tx timeout
[ 1546.402865][T18979] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1546.488313][T10049] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1546.489254][T10049] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1546.490335][T10049] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1546.492605][T10049] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1547.685684][   T37] audit: type=1326 audit(1771132842.658:1737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19595 comm="syz.9.4054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311429bf79 code=0x7ffc0000
[ 1547.685734][   T37] audit: type=1326 audit(1771132842.658:1738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19595 comm="syz.9.4054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311429bf79 code=0x7ffc0000
[ 1547.685771][   T37] audit: type=1326 audit(1771132842.667:1739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19595 comm="syz.9.4054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f311429bf79 code=0x7ffc0000
[ 1547.685805][   T37] audit: type=1326 audit(1771132842.667:1740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19595 comm="syz.9.4054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311429bf79 code=0x7ffc0000
[ 1547.685850][   T37] audit: type=1326 audit(1771132842.667:1741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19595 comm="syz.9.4054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311429bf79 code=0x7ffc0000
[ 1547.685888][   T37] audit: type=1326 audit(1771132842.667:1742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19595 comm="syz.9.4054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f311429bf79 code=0x7ffc0000
[ 1547.685925][   T37] audit: type=1326 audit(1771132842.667:1743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19595 comm="syz.9.4054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311429bf79 code=0x7ffc0000
[ 1547.685962][   T37] audit: type=1326 audit(1771132842.667:1744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19595 comm="syz.9.4054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f311429bf79 code=0x7ffc0000
[ 1547.685999][   T37] audit: type=1326 audit(1771132842.667:1745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19595 comm="syz.9.4054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7f311429bf79 code=0x7ffc0000
[ 1548.730611][T19504] chnl_net:caif_netlink_parms(): no params data found
[ 1549.327920][T19626] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1549.327947][T19626] bond0: (slave lo): Error: Device type is different from other slaves
[ 1550.826762][T10218] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1550.826783][T10218] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1551.282664][ T5806] usb 10-1: new high-speed USB device number 36 using dummy_hcd
[ 1551.440217][T19504] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1551.440409][T19504] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1551.440638][T19504] bridge_slave_0: entered allmulticast mode
[ 1551.445339][ T5806] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1551.445363][ T5806] usb 10-1: config 0 has no interfaces?
[ 1551.446481][ T5806] usb 10-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1551.446505][ T5806] usb 10-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 1551.446525][ T5806] usb 10-1: Manufacturer: syz
[ 1551.466189][ T5806] usb 10-1: config 0 descriptor??
[ 1551.518244][T19504] bridge_slave_0: entered promiscuous mode
[ 1551.520079][T19280] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1551.651546][T19504] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1551.651677][T19504] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1551.651874][T19504] bridge_slave_1: entered allmulticast mode
[ 1551.657097][T19504] bridge_slave_1: entered promiscuous mode
[ 1551.674336][T19280] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1551.791002][T18946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1551.791025][T18946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1551.795990][T19655] lo speed is unknown, defaulting to 1000
[ 1551.921100][T19280] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1552.069668][T19280] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1552.135264][T19504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1552.294132][T19504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1552.805524][T19690] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1552.805552][T19690] bond0: (slave lo): Error: Device type is different from other slaves
[ 1553.558006][T19504] team0: Port device team_slave_0 added
[ 1553.965232][T19504] team0: Port device team_slave_1 added
[ 1554.163656][T19504] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1554.163723][T19504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1554.163751][T19504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1554.225587][T19504] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1554.225604][T19504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1554.225630][T19504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1554.909675][   T13] bridge_slave_1: left allmulticast mode
[ 1554.909703][   T13] bridge_slave_1: left promiscuous mode
[ 1554.911118][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1555.004588][   T13] bridge_slave_0: left allmulticast mode
[ 1555.004616][   T13] bridge_slave_0: left promiscuous mode
[ 1555.004831][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1555.062878][T19726] loop4: detected capacity change from 0 to 1
[ 1555.071882][T19729] FAULT_INJECTION: forcing a failure.
[ 1555.071882][T19729] name failslab, interval 1, probability 0, space 0, times 0
[ 1555.071917][T19729] CPU: 1 UID: 0 PID: 19729 Comm: syz.1.4071 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1555.071942][T19729] Tainted: [L]=SOFTLOCKUP
[ 1555.071949][T19729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1555.071959][T19729] Call Trace:
[ 1555.071967][T19729]  <TASK>
[ 1555.071976][T19729]  dump_stack_lvl+0xe8/0x150
[ 1555.072007][T19729]  should_fail_ex+0x46b/0x600
[ 1555.072034][T19729]  should_failslab+0xa8/0x100
[ 1555.072057][T19729]  __kmalloc_noprof+0xdf/0x7b0
[ 1555.072077][T19729]  ? tomoyo_encode+0x28b/0x550
[ 1555.072113][T19729]  tomoyo_encode+0x28b/0x550
[ 1555.072137][T19729]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1555.072167][T19729]  ? tomoyo_path_number_perm+0x219/0x630
[ 1555.072192][T19729]  tomoyo_path_number_perm+0x246/0x630
[ 1555.072218][T19729]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1555.072241][T19729]  ? __lock_acquire+0x6b5/0x2cf0
[ 1555.072267][T19729]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1555.072318][T19729]  ? __fget_files+0x2a/0x420
[ 1555.072343][T19729]  ? __fget_files+0x2a/0x420
[ 1555.072363][T19729]  ? __fget_files+0x3a6/0x420
[ 1555.072383][T19729]  ? __fget_files+0x2a/0x420
[ 1555.072409][T19729]  security_file_ioctl+0xc3/0x2a0
[ 1555.072437][T19729]  __se_sys_ioctl+0x47/0x170
[ 1555.072459][T19729]  do_syscall_64+0x14d/0xf80
[ 1555.072481][T19729]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1555.072499][T19729]  ? trace_irq_disable+0x37/0x100
[ 1555.072515][T19729]  ? clear_bhb_loop+0x40/0x90
[ 1555.072536][T19729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1555.072553][T19729] RIP: 0033:0x7fa44163bf79
[ 1555.072570][T19729] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1555.072588][T19729] RSP: 002b:00007fa43f875028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1555.072609][T19729] RAX: ffffffffffffffda RBX: 00007fa4418b6090 RCX: 00007fa44163bf79
[ 1555.072623][T19729] RDX: 0000200000000000 RSI: 0000000000004c02 RDI: 0000000000000003
[ 1555.072636][T19729] RBP: 00007fa43f875090 R08: 0000000000000000 R09: 0000000000000000
[ 1555.072648][T19729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1555.072660][T19729] R13: 00007fa4418b6128 R14: 00007fa4418b6090 R15: 00007fff0ee24938
[ 1555.072689][T19729]  </TASK>
[ 1555.073098][T19729] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1555.418962][T19200] Dev loop4: unable to read RDB block 1
[ 1555.419021][T19200]  loop4: unable to read partition table
[ 1555.419243][T19200] loop4: partition table beyond EOD, truncated
[ 1555.560394][T19729] Dev loop4: unable to read RDB block 1
[ 1555.560661][T19729]  loop4: unable to read partition table
[ 1555.561316][T19729] loop4: partition table beyond EOD, truncated
[ 1555.561357][T19729] loop_reread_partitions: partition scan of loop4 (îÝ·ÂU@™:ÖB$Œ{
WÎÉ´å) failed (rc=-5)
[ 1556.869197][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1556.941091][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1556.962255][   T13] bond0 (unregistering): Released all slaves
[ 1557.025733][T19746] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1557.025762][T19746] bond0: (slave lo): Error: Device type is different from other slaves
[ 1557.132285][T19751] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[ 1557.219804][T19504] hsr_slave_0: entered promiscuous mode
[ 1557.220586][T19504] hsr_slave_1: entered promiscuous mode
[ 1557.221187][T19504] debugfs: 'hsr0' already exists in 'hsr'
[ 1557.221204][T19504] Cannot create hsr debugfs directory
[ 1557.647464][   T13] hsr_slave_0: left promiscuous mode
[ 1557.695746][   T13] hsr_slave_1: left promiscuous mode
[ 1557.697169][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1557.740694][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1557.960558][   T13] veth1_macvtap: left promiscuous mode
[ 1557.960755][   T13] veth0_macvtap: left promiscuous mode
[ 1557.960999][   T13] veth1_vlan: left promiscuous mode
[ 1557.968529][   T13] veth0_vlan: left promiscuous mode
[ 1559.087206][T19794] FAULT_INJECTION: forcing a failure.
[ 1559.087206][T19794] name failslab, interval 1, probability 0, space 0, times 0
[ 1559.087240][T19794] CPU: 0 UID: 0 PID: 19794 Comm: syz.1.4084 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1559.087268][T19794] Tainted: [L]=SOFTLOCKUP
[ 1559.087275][T19794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1559.087285][T19794] Call Trace:
[ 1559.087291][T19794]  <TASK>
[ 1559.087299][T19794]  dump_stack_lvl+0xe8/0x150
[ 1559.087328][T19794]  should_fail_ex+0x46b/0x600
[ 1559.087354][T19794]  should_failslab+0xa8/0x100
[ 1559.087375][T19794]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[ 1559.087394][T19794]  ? __alloc_skb+0x1d7/0x390
[ 1559.087414][T19794]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1559.087436][T19794]  ? __alloc_skb+0x193/0x390
[ 1559.087458][T19794]  __alloc_skb+0x1d7/0x390
[ 1559.087482][T19794]  netlink_sendmsg+0x5d4/0xb40
[ 1559.087509][T19794]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1559.087535][T19794]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1559.087556][T19794]  ____sys_sendmsg+0xa4e/0xac0
[ 1559.087573][T19794]  ? __might_fault+0xaf/0x130
[ 1559.087597][T19794]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1559.087623][T19794]  ? import_iovec+0x73/0xa0
[ 1559.087649][T19794]  ___sys_sendmsg+0x2a5/0x360
[ 1559.087665][T19794]  ? __lock_acquire+0x6b5/0x2cf0
[ 1559.087690][T19794]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1559.087743][T19794]  ? __fget_files+0x2a/0x420
[ 1559.087765][T19794]  ? __fget_files+0x3a6/0x420
[ 1559.087794][T19794]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1559.087814][T19794]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1559.087841][T19794]  ? __pfx_ksys_write+0x10/0x10
[ 1559.087871][T19794]  do_syscall_64+0x14d/0xf80
[ 1559.087892][T19794]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1559.087910][T19794]  ? trace_irq_disable+0x37/0x100
[ 1559.087927][T19794]  ? clear_bhb_loop+0x40/0x90
[ 1559.087957][T19794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1559.087975][T19794] RIP: 0033:0x7fa44163bf79
[ 1559.087992][T19794] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1559.088008][T19794] RSP: 002b:00007fa43f896028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1559.088027][T19794] RAX: ffffffffffffffda RBX: 00007fa4418b5fa0 RCX: 00007fa44163bf79
[ 1559.088040][T19794] RDX: 0000000024008002 RSI: 0000200000000000 RDI: 0000000000000003
[ 1559.088053][T19794] RBP: 00007fa43f896090 R08: 0000000000000000 R09: 0000000000000000
[ 1559.088065][T19794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1559.088077][T19794] R13: 00007fa4418b6038 R14: 00007fa4418b5fa0 R15: 00007fff0ee24938
[ 1559.088106][T19794]  </TASK>
[ 1561.054157][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1561.290041][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1563.455367][T19810] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1563.455392][T19810] bond0: (slave lo): Error: Device type is different from other slaves
[ 1564.855091][T14993] usb 10-1: USB disconnect, device number 36
[ 1565.136609][T19840] binfmt_misc: register: failed to install interpreter file ./file0
[ 1565.154081][T19840] netlink: 20 bytes leftover after parsing attributes in process `syz.9.4092'.
[ 1565.738791][T19280] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1565.971781][T19862] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1565.971809][T19862] bond0: (slave lo): Error: Device can not be enslaved while up
[ 1566.496080][T19280] 8021q: adding VLAN 0 to HW filter on device team0
[ 1566.555196][   T37] kauditd_printk_skb: 8 callbacks suppressed
[ 1566.555215][   T37] audit: type=1326 audit(1771132861.076:1754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19868 comm="syz.9.4097" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f311429bf79 code=0x0
[ 1566.684751][ T2933] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1566.684893][ T2933] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1567.066025][ T2933] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1567.066244][ T2933] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1567.637248][T19504] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1567.883723][T19898] FAULT_INJECTION: forcing a failure.
[ 1567.883723][T19898] name failslab, interval 1, probability 0, space 0, times 0
[ 1567.883760][T19898] CPU: 1 UID: 0 PID: 19898 Comm: syz.9.4101 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1567.883794][T19898] Tainted: [L]=SOFTLOCKUP
[ 1567.883800][T19898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1567.883812][T19898] Call Trace:
[ 1567.883820][T19898]  <TASK>
[ 1567.883828][T19898]  dump_stack_lvl+0xe8/0x150
[ 1567.883857][T19898]  should_fail_ex+0x46b/0x600
[ 1567.883946][T19898]  should_failslab+0xa8/0x100
[ 1567.883968][T19898]  __kmalloc_cache_noprof+0x84/0x690
[ 1567.883990][T19898]  ? wakeup_source_register+0x5b/0x390
[ 1567.884152][T19898]  wakeup_source_register+0x5b/0x390
[ 1567.884179][T19898]  ep_modify+0x2e1/0xa50
[ 1567.884263][T19898]  ? __pfx_ep_modify+0x10/0x10
[ 1567.884291][T19898]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1567.884318][T19898]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1567.884341][T19898]  ? mutex_lock_nested+0x152/0x1d0
[ 1567.884358][T19898]  ? do_epoll_ctl+0x3d2/0xe90
[ 1567.884387][T19898]  do_epoll_ctl+0x6be/0xe90
[ 1567.884418][T19898]  __x64_sys_epoll_ctl+0x165/0x1b0
[ 1567.884445][T19898]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[ 1567.884478][T19898]  do_syscall_64+0x14d/0xf80
[ 1567.884502][T19898]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1567.884520][T19898]  ? trace_irq_disable+0x37/0x100
[ 1567.884543][T19898]  ? clear_bhb_loop+0x40/0x90
[ 1567.884566][T19898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1567.884584][T19898] RIP: 0033:0x7f311429bf79
[ 1567.884602][T19898] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1567.884617][T19898] RSP: 002b:00007f31124ee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[ 1567.884635][T19898] RAX: ffffffffffffffda RBX: 00007f3114515fa0 RCX: 00007f311429bf79
[ 1567.884646][T19898] RDX: 0000000000000003 RSI: 0000000000000003 RDI: 0000000000000004
[ 1567.884657][T19898] RBP: 00007f31124ee090 R08: 0000000000000000 R09: 0000000000000000
[ 1567.884668][T19898] R10: 0000200000000c40 R11: 0000000000000246 R12: 0000000000000001
[ 1567.884680][T19898] R13: 00007f3114516038 R14: 00007f3114515fa0 R15: 00007fff0a819e68
[ 1567.884707][T19898]  </TASK>
[ 1568.656221][T19504] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1568.853532][T19504] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1568.911546][T19504] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1569.094671][T19916] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1569.094703][T19916] bond0: (slave lo): Error: Device type is different from other slaves
[ 1569.238668][T19280] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1569.359454][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1569.359519][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1570.560867][T19504] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1570.606807][   T37] audit: type=1326 audit(1771132864.874:1755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19934 comm="syz.9.4109" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f311429bf79 code=0x0
[ 1570.700149][T19504] 8021q: adding VLAN 0 to HW filter on device team0
[ 1570.718762][T19938] netlink: 'syz.5.4110': attribute type 1 has an invalid length.
[ 1570.788803][ T1217] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1570.789068][ T1217] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1570.791386][ T1217] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1570.791503][ T1217] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1571.074113][   T31] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[ 1571.252930][   T31] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1571.252961][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1571.252982][   T31] usb 2-1: Product: syz
[ 1571.252998][   T31] usb 2-1: Manufacturer: syz
[ 1571.253024][   T31] usb 2-1: SerialNumber: syz
[ 1571.310114][   T31] usb 2-1: config 0 descriptor??
[ 1573.143628][T19280] veth0_vlan: entered promiscuous mode
[ 1573.229554][T19280] veth1_vlan: entered promiscuous mode
[ 1573.437403][T19280] veth0_macvtap: entered promiscuous mode
[ 1573.454299][T19280] veth1_macvtap: entered promiscuous mode
[ 1573.591446][T19280] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1573.656664][T19280] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1573.676991][T19504] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1573.738066][ T1814] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1573.738623][ T1814] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1573.738663][ T1814] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1573.738696][ T1814] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1573.823451][T19981] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1573.823477][T19981] bond0: (slave lo): Error: Device can not be enslaved while up
[ 1574.257769][ T5806] usb 2-1: USB disconnect, device number 14
[ 1577.395707][T10049] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1577.395732][T10049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1577.749103][   T37] audit: type=1326 audit(1771132871.552:1756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20019 comm="syz.5.4123" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3e1d31bf79 code=0x0
[ 1577.906988][T18946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1577.907008][T18946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1578.741004][T19504] veth0_vlan: entered promiscuous mode
[ 1578.972983][T19504] veth1_vlan: entered promiscuous mode
[ 1579.208545][T19504] veth0_macvtap: entered promiscuous mode
[ 1579.243955][T19504] veth1_macvtap: entered promiscuous mode
[ 1580.446202][ T5807] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[ 1580.585610][ T5807] usb 5-1: device descriptor read/64, error -71
[ 1580.644931][T19504] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1580.695890][T19504] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1580.842312][ T5807] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[ 1580.913033][ T1217] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1580.928409][ T1217] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1580.928645][ T1217] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1580.928855][ T1217] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1581.031663][ T5807] usb 5-1: device descriptor read/64, error -71
[ 1581.766779][ T5807] usb usb5-port1: attempt power cycle
[ 1582.953314][ T5807] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[ 1584.244656][ T5807] usb 5-1: device descriptor read/8, error -71
[ 1584.733568][   T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1584.733590][   T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1585.947069][   T37] audit: type=1326 audit(1771132879.213:1757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20095 comm="syz.9.4137" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f311429bf79 code=0x0
[ 1586.160669][ T4003] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1586.160693][ T4003] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1587.851403][T20106] FAULT_INJECTION: forcing a failure.
[ 1587.851403][T20106] name failslab, interval 1, probability 0, space 0, times 0
[ 1587.851441][T20106] CPU: 0 UID: 0 PID: 20106 Comm: syz.1.4134 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1587.851468][T20106] Tainted: [L]=SOFTLOCKUP
[ 1587.851475][T20106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1587.851487][T20106] Call Trace:
[ 1587.851495][T20106]  <TASK>
[ 1587.851505][T20106]  dump_stack_lvl+0xe8/0x150
[ 1587.851538][T20106]  should_fail_ex+0x46b/0x600
[ 1587.851567][T20106]  should_failslab+0xa8/0x100
[ 1587.851591][T20106]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[ 1587.851612][T20106]  ? __alloc_skb+0x1d7/0x390
[ 1587.851636][T20106]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1587.851663][T20106]  ? __alloc_skb+0x193/0x390
[ 1587.851686][T20106]  __alloc_skb+0x1d7/0x390
[ 1587.851714][T20106]  netlink_sendmsg+0x5d4/0xb40
[ 1587.851746][T20106]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1587.851776][T20106]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1587.851802][T20106]  ____sys_sendmsg+0xa4e/0xac0
[ 1587.851821][T20106]  ? __might_fault+0xaf/0x130
[ 1587.851848][T20106]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1587.851875][T20106]  ? import_iovec+0x73/0xa0
[ 1587.851902][T20106]  ___sys_sendmsg+0x2a5/0x360
[ 1587.851919][T20106]  ? __lock_acquire+0x6b5/0x2cf0
[ 1587.851946][T20106]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1587.851998][T20106]  ? __fget_files+0x2a/0x420
[ 1587.852020][T20106]  ? __fget_files+0x3a6/0x420
[ 1587.852052][T20106]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1587.852073][T20106]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1587.852100][T20106]  ? __pfx_ksys_write+0x10/0x10
[ 1587.852129][T20106]  do_syscall_64+0x14d/0xf80
[ 1587.852151][T20106]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1587.852177][T20106]  ? trace_irq_disable+0x37/0x100
[ 1587.852194][T20106]  ? clear_bhb_loop+0x40/0x90
[ 1587.852216][T20106]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1587.852234][T20106] RIP: 0033:0x7fa44163bf79
[ 1587.852251][T20106] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1587.852268][T20106] RSP: 002b:00007fa43f896028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1587.852289][T20106] RAX: ffffffffffffffda RBX: 00007fa4418b5fa0 RCX: 00007fa44163bf79
[ 1587.852304][T20106] RDX: 0000000000000004 RSI: 0000200000000a80 RDI: 0000000000000003
[ 1587.852316][T20106] RBP: 00007fa43f896090 R08: 0000000000000000 R09: 0000000000000000
[ 1587.852329][T20106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1587.852341][T20106] R13: 00007fa4418b6038 R14: 00007fa4418b5fa0 R15: 00007fff0ee24938
[ 1587.852371][T20106]  </TASK>
[ 1588.943887][T20110] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1589.446131][T20123] FAULT_INJECTION: forcing a failure.
[ 1589.446131][T20123] name failslab, interval 1, probability 0, space 0, times 0
[ 1589.446167][T20123] CPU: 0 UID: 0 PID: 20123 Comm: syz.9.4141 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1589.446194][T20123] Tainted: [L]=SOFTLOCKUP
[ 1589.446202][T20123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1589.446213][T20123] Call Trace:
[ 1589.446221][T20123]  <TASK>
[ 1589.446229][T20123]  dump_stack_lvl+0xe8/0x150
[ 1589.446259][T20123]  should_fail_ex+0x46b/0x600
[ 1589.446287][T20123]  should_failslab+0xa8/0x100
[ 1589.446309][T20123]  __kmalloc_noprof+0xdf/0x7b0
[ 1589.446330][T20123]  ? bpf_test_init+0x9f/0x150
[ 1589.446446][T20123]  bpf_test_init+0x9f/0x150
[ 1589.446471][T20123]  bpf_prog_test_run_xdp+0x529/0x1160
[ 1589.446509][T20123]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1589.446536][T20123]  ? __fget_files+0x2a/0x420
[ 1589.446565][T20123]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1589.446588][T20123]  bpf_prog_test_run+0x2cd/0x340
[ 1589.446611][T20123]  __sys_bpf+0x643/0x950
[ 1589.446638][T20123]  ? __pfx___sys_bpf+0x10/0x10
[ 1589.446659][T20123]  ? rt_mutex_slowunlock+0x1cb/0x300
[ 1589.446696][T20123]  ? ksys_write+0x248/0x270
[ 1589.446717][T20123]  ? __pfx_ksys_write+0x10/0x10
[ 1589.446743][T20123]  __x64_sys_bpf+0x7c/0x90
[ 1589.446774][T20123]  do_syscall_64+0x14d/0xf80
[ 1589.446796][T20123]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1589.446814][T20123]  ? trace_irq_disable+0x37/0x100
[ 1589.446829][T20123]  ? clear_bhb_loop+0x40/0x90
[ 1589.446852][T20123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1589.446870][T20123] RIP: 0033:0x7f311429bf79
[ 1589.446887][T20123] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1589.446902][T20123] RSP: 002b:00007f31124ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1589.446922][T20123] RAX: ffffffffffffffda RBX: 00007f3114515fa0 RCX: 00007f311429bf79
[ 1589.446937][T20123] RDX: 0000000000000050 RSI: 0000200000000b80 RDI: 000000000000000a
[ 1589.446949][T20123] RBP: 00007f31124ee090 R08: 0000000000000000 R09: 0000000000000000
[ 1589.446961][T20123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1589.446973][T20123] R13: 00007f3114516038 R14: 00007f3114515fa0 R15: 00007fff0a819e68
[ 1589.447003][T20123]  </TASK>
[ 1590.883589][T20140] FAULT_INJECTION: forcing a failure.
[ 1590.883589][T20140] name failslab, interval 1, probability 0, space 0, times 0
[ 1590.883625][T20140] CPU: 1 UID: 0 PID: 20140 Comm: syz.9.4144 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1590.883651][T20140] Tainted: [L]=SOFTLOCKUP
[ 1590.883658][T20140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1590.883669][T20140] Call Trace:
[ 1590.883677][T20140]  <TASK>
[ 1590.883685][T20140]  dump_stack_lvl+0xe8/0x150
[ 1590.883715][T20140]  should_fail_ex+0x46b/0x600
[ 1590.883742][T20140]  should_failslab+0xa8/0x100
[ 1590.883764][T20140]  kmem_cache_alloc_noprof+0x87/0x680
[ 1590.883784][T20140]  ? percpu_counter_add_batch+0xea/0x1d0
[ 1590.883802][T20140]  ? ep_insert+0x285/0x1820
[ 1590.883830][T20140]  ep_insert+0x285/0x1820
[ 1590.883867][T20140]  ? __pfx_ep_insert+0x10/0x10
[ 1590.883897][T20140]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1590.883921][T20140]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1590.883943][T20140]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1590.883965][T20140]  ? mutex_lock_nested+0x152/0x1d0
[ 1590.883982][T20140]  ? do_epoll_ctl+0x3d2/0xe90
[ 1590.884007][T20140]  do_epoll_ctl+0x7fd/0xe90
[ 1590.884038][T20140]  __x64_sys_epoll_ctl+0x165/0x1b0
[ 1590.884065][T20140]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[ 1590.884100][T20140]  do_syscall_64+0x14d/0xf80
[ 1590.884122][T20140]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1590.884139][T20140]  ? trace_irq_disable+0x37/0x100
[ 1590.884156][T20140]  ? clear_bhb_loop+0x40/0x90
[ 1590.884178][T20140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1590.884197][T20140] RIP: 0033:0x7f311429bf79
[ 1590.884214][T20140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1590.884230][T20140] RSP: 002b:00007f31124ee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[ 1590.884252][T20140] RAX: ffffffffffffffda RBX: 00007f3114515fa0 RCX: 00007f311429bf79
[ 1590.884266][T20140] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004
[ 1590.884278][T20140] RBP: 00007f31124ee090 R08: 0000000000000000 R09: 0000000000000000
[ 1590.884291][T20140] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1590.884304][T20140] R13: 00007f3114516038 R14: 00007f3114515fa0 R15: 00007fff0a819e68
[ 1590.884336][T20140]  </TASK>
[ 1592.134233][T20143] syz.7.4147 (20143): /proc/20143/oom_adj is deprecated, please use /proc/20143/oom_score_adj instead.
[ 1593.833364][   T37] audit: type=1326 audit(1771132886.603:1758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20162 comm="syz.7.4151" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4d9abbf79 code=0x0
[ 1593.840203][T20165] netlink: 20 bytes leftover after parsing attributes in process `syz.9.4152'.
[ 1594.321835][T20169] ntfs3(nbd9): try to read out of volume at offset 0x0
[ 1600.216701][T15911] ==================================================================
[ 1600.216722][T15911] BUG: KASAN: vmalloc-out-of-bounds in __list_del_entry_valid_or_report+0xb5/0x190
[ 1600.216830][T15911] Read of size 8 at addr ffffc9000e3a2008 by task kworker/u9:0/15911
[ 1600.216847][T15911] 
[ 1600.216860][T15911] CPU: 1 UID: 0 PID: 15911 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1600.216887][T15911] Tainted: [L]=SOFTLOCKUP
[ 1600.216894][T15911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1600.216907][T15911] Workqueue: hci0 hci_rx_work
[ 1600.216934][T15911] Call Trace:
[ 1600.216943][T15911]  <TASK>
[ 1600.216950][T15911]  dump_stack_lvl+0xe8/0x150
[ 1600.216975][T15911]  print_report+0xba/0x230
[ 1600.217011][T15911]  ? __list_del_entry_valid_or_report+0xb5/0x190
[ 1600.217030][T15911]  kasan_report+0x117/0x150
[ 1600.217084][T15911]  ? rt_spin_lock+0x20e/0x400
[ 1600.217104][T15911]  ? __list_del_entry_valid_or_report+0xb5/0x190
[ 1600.217127][T15911]  __list_del_entry_valid_or_report+0xb5/0x190
[ 1600.217147][T15911]  kcov_remote_start+0x2af/0x710
[ 1600.217173][T15911]  hci_rx_work+0x10f/0x1030
[ 1600.217199][T15911]  ? process_scheduled_works+0xa0f/0x17a0
[ 1600.217221][T15911]  process_scheduled_works+0xaec/0x17a0
[ 1600.217253][T15911]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1600.217276][T15911]  ? assign_work+0x3d5/0x5e0
[ 1600.217296][T15911]  worker_thread+0xa50/0xfc0
[ 1600.217328][T15911]  kthread+0x388/0x470
[ 1600.217351][T15911]  ? __pfx_worker_thread+0x10/0x10
[ 1600.217370][T15911]  ? __pfx_kthread+0x10/0x10
[ 1600.217392][T15911]  ret_from_fork+0x51e/0xb90
[ 1600.217416][T15911]  ? __pfx_ret_from_fork+0x10/0x10
[ 1600.217435][T15911]  ? __switch_to+0xc7d/0x1400
[ 1600.217456][T15911]  ? __pfx_kthread+0x10/0x10
[ 1600.217478][T15911]  ret_from_fork_asm+0x1a/0x30
[ 1600.217509][T15911]  </TASK>
[ 1600.217515][T15911] 
[ 1600.217521][T15911] The buggy address belongs to a vmalloc virtual mapping
[ 1600.217538][T15911] Memory state around the buggy address:
[ 1600.217550][T15911]  ffffc9000e3a1f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1600.217562][T15911]  ffffc9000e3a1f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1600.217574][T15911] >ffffc9000e3a2000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1600.217584][T15911]                       ^
[ 1600.217594][T15911]  ffffc9000e3a2080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1600.217606][T15911]  ffffc9000e3a2100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1600.217615][T15911] ==================================================================
[ 1600.217636][T15911] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1600.217655][T15911] CPU: 1 UID: 0 PID: 15911 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1600.217680][T15911] Tainted: [L]=SOFTLOCKUP
[ 1600.217688][T15911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1600.217705][T15911] Workqueue: hci0 hci_rx_work
[ 1600.217727][T15911] Call Trace:
[ 1600.217734][T15911]  <TASK>
[ 1600.217742][T15911]  vpanic+0x1e0/0x670
[ 1600.217766][T15911]  panic+0xc5/0xd0
[ 1600.217787][T15911]  ? __pfx_panic+0x10/0x10
[ 1600.217810][T15911]  ? __list_del_entry_valid_or_report+0xb5/0x190
[ 1600.217829][T15911]  ? rcu_is_watching+0x15/0xb0
[ 1600.217856][T15911]  ? __list_del_entry_valid_or_report+0xb5/0x190
[ 1600.217876][T15911]  check_panic_on_warn+0x89/0xb0
[ 1600.217894][T15911]  ? __list_del_entry_valid_or_report+0xb5/0x190
[ 1600.217913][T15911]  end_report+0x6f/0x140
[ 1600.217931][T15911]  kasan_report+0x128/0x150
[ 1600.217948][T15911]  ? rt_spin_lock+0x20e/0x400
[ 1600.217967][T15911]  ? __list_del_entry_valid_or_report+0xb5/0x190
[ 1600.217990][T15911]  __list_del_entry_valid_or_report+0xb5/0x190
[ 1600.218010][T15911]  kcov_remote_start+0x2af/0x710
[ 1600.218035][T15911]  hci_rx_work+0x10f/0x1030
[ 1600.218061][T15911]  ? process_scheduled_works+0xa0f/0x17a0
[ 1600.218079][T15911]  process_scheduled_works+0xaec/0x17a0
[ 1600.218105][T15911]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1600.218123][T15911]  ? assign_work+0x3d5/0x5e0
[ 1600.218139][T15911]  worker_thread+0xa50/0xfc0
[ 1600.218164][T15911]  kthread+0x388/0x470
[ 1600.218182][T15911]  ? __pfx_worker_thread+0x10/0x10
[ 1600.218197][T15911]  ? __pfx_kthread+0x10/0x10
[ 1600.218216][T15911]  ret_from_fork+0x51e/0xb90
[ 1600.218233][T15911]  ? __pfx_ret_from_fork+0x10/0x10
[ 1600.218249][T15911]  ? __switch_to+0xc7d/0x1400
[ 1600.218264][T15911]  ? __pfx_kthread+0x10/0x10
[ 1600.218283][T15911]  ret_from_fork_asm+0x1a/0x30
[ 1600.218307][T15911]  </TASK>
[ 1600.218657][T15911] Kernel Offset: disabled