last executing test programs:

7m1.388841453s ago: executing program 3 (id=4):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x400, 0xa6)
r1 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x220000, 0x40)
r2 = syz_open_pts(r1, 0x202102)
ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000080)=0xfffffff7)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x39, 0x48, &(0x7f00000000c0)="5186482507f57f7821f0db9d15e0ffa6729abe3ee4346f96853c2212b16702b3f51d976af1f44bc63fb8164372005768f8155e9856d8e97315", &(0x7f0000000100)=""/72, 0xd, 0x0, 0xa5, 0xd4, &(0x7f0000000180)="02e22435cd05f8ec67b457b85f935e48815686aa510d3559ce5843891fab227dc86852c9affb3a3fd0506ffa8e313ebd6d4b894cff48833512212f965412458a834eb8aee4d4f0685d4f97616c7168f360bad2a8a57c73f9d5e938f99785dc6918d18faf3db50a762866c3ff7aa8311fff5b5db63a9155c56934e25e62e25210a330c1a09a05c001298134fe6d9d18e55eb176be327f0fc330fd4b1853f2362a64d7621713", &(0x7f0000000240)="de8d70c0a622ecb11877bb62f445f8ff2f12ea92ae2595d4fb1a82948e3b9e7cbbccf0ec65f1b02898c4be98408bcf2f67ee13742beb80b110e8be044d26f4916cd308306173a4a139bd73d5bf9cdf433db71504293d94d61250453e2fe1946a35a5b278cd6da2acb7e408e794b4f9ea8b85ed400fc3dc66022d59bac9b7b6b0dc30e319ad7cf1b7a4346cb9d848733bc255003b1b729e9eb4a003fe46ad69eded057de8a9ee5804346690db2cfe1068c29c91cc75d00eba0ed81db6771149578a9ec80cd33d34df07d02f26b41f9cbe5606d7ed", 0x2, 0x0, 0xa3a}, 0x50)
ioctl$TIOCGISO7816(r1, 0x80285442, &(0x7f00000003c0))
setsockopt$MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000000400)={{0xa, 0x4e22, 0x50000, @loopback, 0x43}, {0xa, 0x4e23, 0x8, @private1, 0x6}, 0x0, {[0x1, 0x9, 0x2, 0xaa, 0x9, 0xfffffffa, 0xffffffff, 0x3]}}, 0x5c)
r3 = syz_open_dev$vcsa(&(0x7f0000000480), 0x0, 0x600)
getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000540)=0x14)
r5 = accept4$nfc_llcp(r1, &(0x7f0000000580), &(0x7f0000000600)=0x60, 0x80800)
sendmsg$nl_route_sched_retired(r3, &(0x7f0000001440)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001400)={&(0x7f0000000640)=@deltclass={0xdb0, 0x29, 0x300, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0xb, 0xffe0}, {0x4, 0x1}, {0xa, 0x2}}, [@c_cbq={{0x8}, {0x448, 0x2, [@TCA_CBQ_FOPT={0x10, 0x3, {{0x10}, 0x8, 0x48}}, @TCA_CBQ_FOPT={0x10, 0x3, {{0x10, 0x9}, 0xc9, 0xe5}}, @TCA_CBQ_RTAB={0x404, 0x6, [0x2, 0xffffcd2f, 0x3, 0x1, 0x8, 0x1fa, 0x8001, 0x4, 0x5, 0x5a, 0x1000, 0x7, 0x9, 0x16deb262, 0x3, 0x3ff, 0x7fffffff, 0xcb81, 0x3575b8fc, 0x3, 0xa108, 0x93c, 0x6, 0x8, 0xfff, 0x3, 0xfffffffa, 0x3, 0xbe, 0x0, 0x5, 0x71a, 0x7, 0x7, 0x4, 0x5, 0xff, 0x8, 0x401, 0x10001, 0x4, 0x6, 0x8, 0x5, 0x2, 0x10, 0x4, 0x5, 0x4c, 0xa321, 0x7, 0x7, 0x9, 0x10000, 0x5, 0x2, 0x5, 0xb038, 0x575, 0x2, 0x10, 0x5, 0xffff, 0x0, 0x52a, 0x6e, 0x2, 0x10fc573d, 0xff, 0x101, 0x7f, 0xfff, 0x1, 0x0, 0x0, 0x5, 0x9, 0x7fff, 0x8, 0xeacf, 0x8, 0x7f, 0x0, 0xffff, 0x3, 0x10000, 0x9, 0x9, 0x4, 0x9, 0x5, 0x7d54, 0x9, 0x4, 0x3, 0x0, 0x7, 0x2, 0x3, 0x2, 0xbf, 0xfd2, 0xffff, 0xfffffffc, 0x9, 0x1, 0x3ff, 0x4d, 0x101, 0x80, 0x1, 0x3, 0x5, 0x4, 0xffffff90, 0x7ff, 0x6ec9, 0x7, 0xfffffffc, 0x9, 0xcd6e, 0x3f, 0x1, 0x4, 0x7, 0x4, 0x5, 0x3ff, 0x9, 0xffff72bf, 0x4, 0x8, 0x35f, 0xb750, 0xc, 0x101, 0x96, 0x0, 0x8, 0x8001, 0xd, 0x7fffffff, 0x5, 0x6, 0xd, 0x400, 0x1, 0x9b, 0x1, 0x7, 0x9, 0x98, 0x8, 0x1, 0x1, 0x9, 0x3, 0x72c, 0x6, 0x6, 0x7, 0x0, 0x22bb, 0x3, 0x2, 0x0, 0x77, 0x8, 0x3, 0x2, 0x81, 0xffffffff, 0x3, 0x7, 0x1ff, 0x3, 0x30f8000, 0x3, 0xfffffffa, 0x1000, 0x3d2, 0x6, 0x74, 0x401, 0x3ff, 0x31, 0x4, 0x3, 0x0, 0x3ff, 0x492, 0x5, 0x3, 0x2, 0x1, 0x0, 0x5, 0xfffffff7, 0x6, 0x0, 0xfffffffd, 0x9, 0xfffffff8, 0x81, 0x1, 0x7, 0x5, 0x8, 0x4, 0x401, 0x10, 0xffffffab, 0x3, 0xe496, 0x7696, 0x5, 0x3, 0x1, 0x8, 0x3, 0x4, 0x521, 0x6, 0x80, 0x8001, 0xfffffffa, 0x8, 0x7ff, 0x7, 0x6, 0xffffff81, 0x5, 0x5, 0x3, 0x6, 0x80000001, 0x5, 0x4, 0x7, 0x5, 0x8, 0xb8, 0x0, 0x8, 0x6, 0x101, 0x2, 0x0, 0x50000000, 0x5, 0x1, 0x7, 0x7, 0x3, 0x0, 0x198]}, @TCA_CBQ_RATE={0x10, 0x5, {0x3, 0x2, 0x3, 0x8, 0x2, 0x34d4}}, @TCA_CBQ_RATE={0x10, 0x5, {0x0, 0x0, 0x4, 0x3ff, 0x4, 0x9}}]}}, @c_cbq={{0x8}, {0x24, 0x2, [@TCA_CBQ_FOPT={0x10, 0x3, {{0xd, 0x6}, 0x1, 0xffff0001}}, @TCA_CBQ_RATE={0x10, 0x5, {0x7, 0x1, 0x9, 0xff, 0x39, 0x5}}]}}, @c_atm={{0x8}, {0xb4, 0x2, [@TCA_ATM_EXCESS={0x8, 0x4, {0xfffd, 0xfff1}}, @TCA_ATM_EXCESS={0x8, 0x4, {0x1b, 0xfff1}}, @TCA_ATM_EXCESS={0x8, 0x4, {0x4, 0xfff3}}, @TCA_ATM_FD={0x8, 0x1, r1}, @TCA_ATM_EXCESS={0x8, 0x4, {0x2, 0xc}}, @TCA_ATM_FD={0x8, 0x1, r5}, @TCA_ATM_HDR={0x42, 0x3, "6dd592ffe95b37f3ae206c0e053afba301eb885cfee0d6acf04b0febe8405fec439bbabc1fdbd89b6d02e250076b5d5431bbf29c767fd2467c93ce596c20"}, @TCA_ATM_HDR={0x32, 0x3, "41b96bf2b338ed98c04d9e75ce8c498dbf482426759f5f2e9553fdf776aa396efa76cf3e0d86c0b2eaaa6263bbe9"}, @TCA_ATM_EXCESS={0x8, 0x4, {0xf, 0xc}}]}}, @c_cbq={{0x8}, {0x84c, 0x2, [@TCA_CBQ_FOPT={0x10, 0x3, {{0xfff1, 0xc}, 0x85a8, 0x3}}, @TCA_CBQ_FOPT={0x10, 0x3, {{0xfff3, 0x9}, 0x2, 0xdc}}, @TCA_CBQ_WRROPT={0x10, 0x2, {0x5, 0x5, 0x6, 0xaf, 0x3, 0xed8e}}, @TCA_CBQ_RATE={0x10, 0x5, {0x6, 0x0, 0xe, 0x213, 0x6, 0x3}}, @TCA_CBQ_RTAB={0x404, 0x6, [0x9, 0x53d, 0x10000, 0x0, 0x40, 0x2, 0x30, 0x40, 0x7fff, 0x4, 0x9, 0x800, 0x4, 0x4, 0x20000, 0x5, 0x8, 0x8, 0x8, 0x9, 0xfff, 0xfffffff9, 0x2, 0xfffffff7, 0x8000, 0x6, 0x4, 0x6, 0xffff8bf0, 0x8, 0x21a526d5, 0xd3, 0x6, 0x15d6, 0x3, 0x8, 0x4080, 0xffff, 0x7fffffff, 0x5, 0x670, 0x3, 0x8, 0x2, 0xb00b, 0x76, 0x800, 0x3, 0xfffffff8, 0x6, 0x1, 0x76b8, 0x71, 0x2, 0xd858, 0x747, 0x9, 0x8, 0x9, 0x7, 0xf, 0x5, 0x80, 0x1, 0x9, 0x400, 0x5, 0x78, 0x7, 0xdb8, 0xd583, 0x800, 0x7, 0x8, 0x9, 0x3, 0x4, 0x4, 0x8, 0x4, 0x4, 0x3, 0x6, 0xf, 0x800, 0x12f, 0x0, 0xfffffffe, 0xb, 0x8, 0x9, 0x6, 0x81, 0x0, 0x9, 0x3, 0x2, 0xb902, 0x10, 0x744, 0x7, 0x1000, 0x1, 0x8, 0x7, 0x7ff, 0xed5e, 0x4, 0x6, 0xf15, 0xfffff801, 0xff, 0x3, 0x8, 0x7, 0x93b, 0xf4c, 0x7, 0x0, 0x0, 0x6, 0xfffeffff, 0x0, 0x0, 0x7c3627a2, 0x4, 0x3, 0x10001, 0x8f, 0xb4, 0x8, 0x3ff, 0x4, 0x7, 0xa027, 0x7, 0x5, 0xce, 0x7, 0x7, 0xfffff250, 0x7, 0x1, 0x8, 0x8001, 0xa, 0x7, 0x5, 0x1ff, 0x80000000, 0x6, 0x8, 0xd, 0x422, 0x7, 0x48000, 0x83, 0xffff, 0x30, 0x1, 0x40, 0x401, 0x4, 0x6db08ddf, 0x764a, 0x5, 0x8, 0xf3, 0x8, 0x8, 0x7, 0x1000, 0x200, 0x13, 0x80000000, 0x0, 0x3, 0x9, 0x3f4ae103, 0x3, 0x7, 0xa, 0xb9, 0x1ff, 0x2, 0x9, 0x4, 0x6, 0x2, 0x6, 0x4, 0x0, 0x0, 0xf, 0xb0, 0x1, 0x401, 0x0, 0x1, 0x40, 0x83163a31, 0xbee6, 0x3, 0x3, 0x0, 0x6, 0x3, 0xf, 0x1, 0x7f, 0x8, 0x4, 0x9, 0x70d, 0x6, 0x8, 0x2, 0x7, 0x6, 0xb2e2, 0x3, 0xd6b0, 0x3ff, 0xa93, 0x8, 0x2, 0xffff, 0xf22, 0x2, 0xfffffff8, 0xf, 0x0, 0x3, 0x4, 0x5, 0xffffffff, 0x0, 0x5, 0x1, 0x1, 0x200, 0xfffffffe, 0x3bc5, 0x5, 0x0, 0xfff, 0x2, 0x5, 0xfffffffe, 0x8001, 0x0, 0xfffffffd, 0x4, 0x5582, 0x8, 0x3]}, @TCA_CBQ_RTAB={0x404, 0x6, [0x3, 0x5, 0x0, 0x63, 0x8001, 0x101, 0x6, 0x8, 0xf3, 0x8, 0x39780, 0x101, 0x0, 0x5, 0x7f, 0x4, 0x9, 0xc, 0x4, 0x0, 0x80000000, 0xcb2, 0x3, 0xa6e, 0x9, 0x7ff, 0xddd9, 0x5, 0x8, 0x5, 0xfffffffe, 0x2, 0xbc, 0x0, 0x8f, 0xffffffff, 0xfffffff8, 0x19020, 0x8, 0x0, 0x7, 0x0, 0xf, 0xb41, 0x10, 0xffffffff, 0x57e, 0x7fff, 0x8, 0x7, 0xffffaa08, 0x80000001, 0x9, 0x5, 0x6, 0xfffffffb, 0x1, 0xeb, 0x10000000, 0x9, 0x101, 0x2, 0x0, 0x400, 0x1, 0xffff, 0x9, 0x1, 0x4, 0x7fffffff, 0x3, 0xfffff001, 0x0, 0x5, 0x6, 0xfffffb0a, 0xa79, 0x6, 0x8, 0x9, 0x82, 0x2b0, 0xe, 0xe, 0x6, 0x80, 0x0, 0x5, 0x4, 0xffffff98, 0x9, 0xfba, 0x0, 0x9, 0x7, 0xb42d, 0xffffffff, 0x36b5, 0x1, 0x62d, 0x10, 0x9, 0x9, 0x8, 0x4, 0x9, 0x2, 0x180000, 0xfffffffb, 0x10001, 0x2, 0x6, 0x8, 0xe1, 0xd768, 0x1000, 0x7, 0x4, 0x2, 0x3, 0x0, 0x2, 0x3, 0x1, 0x1000, 0x4, 0x81, 0x3, 0x9, 0x7, 0x7, 0x9, 0x32, 0x0, 0x2, 0x9, 0x0, 0xc, 0x20000, 0xffffffff, 0x5, 0x3, 0x4, 0x9, 0x5, 0xfffeffff, 0x2, 0xac, 0x6, 0x6, 0xa97c, 0x4, 0x6, 0x5, 0x5, 0xe9ef, 0x1, 0x3, 0x80000000, 0x0, 0xffffffff, 0x5, 0x3ff, 0x7fff, 0xffff, 0x0, 0x2, 0x1, 0x1, 0x2, 0x9e, 0x7f, 0x0, 0x80, 0x1, 0xe, 0x9c71, 0x1, 0x1ff, 0xbf23, 0xfff, 0x9, 0xffff, 0xe4a, 0x1, 0x8000, 0x2a6, 0x8, 0xb23, 0xbd, 0x9, 0x10, 0x1, 0x5, 0x3, 0x2e6, 0x5, 0x9, 0x1, 0x1, 0x1, 0x0, 0x5, 0xa, 0xffff, 0x7, 0x7, 0xcfc4, 0x2, 0x6, 0xfffffff7, 0x1, 0x7, 0x9, 0x7, 0x8, 0x9, 0xfff, 0x2, 0x7fffffff, 0x7, 0x0, 0x4, 0x8, 0x3, 0x8, 0xffffffff, 0x7, 0x85fa, 0x1, 0xd, 0x3, 0x7, 0x5fa, 0x5, 0x80000000, 0x9, 0x2, 0xd425, 0xffff8000, 0x8, 0x602, 0x4, 0x6, 0x9, 0x8, 0x0, 0xfffffffc, 0x2, 0x9, 0x1, 0x3, 0x8, 0xcd7, 0x7, 0x2]}]}}]}, 0xdb0}, 0x1, 0x0, 0x0, 0x4004800}, 0x4004000)
restart_syscall()
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000014c0), r1)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000001580)={&(0x7f0000001480)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001540)={&(0x7f0000001500)={0x14, r7, 0x10, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40004}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000015c0), 0x840)
ioctl$KDGETLED(r3, 0x4b31, &(0x7f0000001600))
readv(r3, &(0x7f0000004800)=[{&(0x7f0000001640)=""/4096, 0x1000}, {&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000003640)=""/4096, 0x1000}, {&(0x7f0000004640)}, {&(0x7f0000004680)=""/83, 0x53}, {&(0x7f0000004700)=""/214, 0xd6}], 0x6)
recvmmsg(r1, &(0x7f0000004e00)=[{{&(0x7f0000004880)=@l2tp={0x2, 0x0, @initdev}, 0x80, &(0x7f0000004d40)=[{&(0x7f0000004900)=""/159, 0x9f}, {&(0x7f00000049c0)=""/218, 0xda}, {&(0x7f0000004ac0)=""/146, 0x92}, {&(0x7f0000004b80)=""/89, 0x59}, {&(0x7f0000004c00)=""/49, 0x31}, {&(0x7f0000004c40)=""/234, 0xea}], 0x6, &(0x7f0000004dc0)=""/38, 0x26}, 0x2}], 0x1, 0x40000002, &(0x7f0000004e40))
ioctl$SOUND_MIXER_READ_RECSRC(r1, 0x80044dff, &(0x7f0000004e80))
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f0000004ec0)={{0x1, 0x1, 0x18, <r8=>r1, {0x2}}, './file0\x00'})
close_range(r8, r2, 0x0)
syz_io_uring_setup(0x735c, &(0x7f0000004f00)={0x0, 0x70bc, 0x8, 0x2, 0x87, 0x0, r3}, &(0x7f0000004f80)=<r9=>0x0, &(0x7f0000004fc0))
syz_io_uring_setup(0xdd5, &(0x7f0000005000)={0x0, 0x7fa1, 0x200, 0x3, 0xf5}, &(0x7f0000005080), &(0x7f00000050c0)=<r10=>0x0)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000005240)=@IORING_OP_STATX={0x15, 0x31, 0x0, r0, &(0x7f0000005100)={0x0, 0x0, 0x0, 0x0, 0x0, <r12=>0x0}, &(0x7f0000005200)='./file0\x00', 0x1, 0x400, 0x0, {0x0, r11}})
openat2$dir(0xffffffffffffff9c, &(0x7f0000005280)='./file0\x00', &(0x7f00000052c0)={0x8000, 0x4, 0x8}, 0x18)
setregid(r12, r12)
syz_open_dev$I2C(&(0x7f0000005300), 0x8, 0x8180)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000053c0)={'ip6gre0\x00', &(0x7f0000005340)={'syztnl1\x00', r4, 0x2f, 0x7, 0x13, 0xa8, 0x4, @remote, @empty, 0x10, 0x8, 0x6, 0x2}})

7m1.016854851s ago: executing program 3 (id=12):
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
socket$inet6_sctp(0xa, 0x1, 0x84)
io_uring_setup(0x414d, &(0x7f0000000000)={0x0, 0x967, 0x1, 0x0, 0x235})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)

7m0.013399138s ago: executing program 3 (id=15):
r0 = accept$netrom(0xffffffffffffffff, &(0x7f0000000280)={{0x3, @netrom}, [@rose, @default, @rose, @remote, @default, @remote, @default, @rose]}, &(0x7f0000000300)=0x48)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYBLOB="00edcf69920000000400001a000000603200"/28], 0x50)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0))
read$dsp(r1, &(0x7f0000000440)=""/105, 0x69)
accept$netrom(r0, &(0x7f00000001c0)={{0x3, @netrom}, [@null, @default, @remote, @netrom, @netrom, @bcast, @default]}, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x109942, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./cgroup\x00', &(0x7f0000000040)='xfs\x00', 0x800013, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r4, &(0x7f0000003480)={0x2020}, 0x2020)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000580)=0x4)
ioctl$PPPIOCSACTIVE(r3, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x5, 0x0, 0x0, 0x9}]})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r6 = accept4(r5, 0x0, 0x0, 0x80800)
sendmmsg$alg(r6, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}, @op={0x18}], 0x30, 0x55}], 0x1, 0x0)
unshare(0x22020400)

6m55.590282241s ago: executing program 1 (id=2):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001a00010000000000fbdbdf250a8080000000000000000000080019000000000305001a"], 0x2c}}, 0x0)

6m53.671977647s ago: executing program 3 (id=21):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x100, 0x8)
r4 = socket$alg(0x26, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x10134, &(0x7f0000000000)={[], [{@flag='dirsync'}]})
bind$alg(r4, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha1\x00'}, 0x58)
r5 = accept$alg(r4, 0x0, 0x0)
r6 = getpgrp(0x0)
sched_setaffinity(r6, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r8 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r8, 0x1, 0x0)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000440)=""/173)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_VERDICT(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a00)={0x20, 0x1, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0x7ff}}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x50)
splice(r3, 0x0, r5, 0x0, 0x408cd, 0xe)
write$binfmt_elf64(r2, &(0x7f0000000180)=ANY=[], 0xfffffe3e)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000740)={0x0})

6m53.541476516s ago: executing program 2 (id=23):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000040)={0x0, 0xed}, &(0x7f0000000080)=0x8) (fail_nth: 2)

6m53.463186731s ago: executing program 1 (id=24):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x31, 0x31, 0xa, [@const={0xf, 0x0, 0x0, 0xa, 0x8}, @volatile={0x7}, @typedef={0x8, 0x0, 0x0, 0x8, 0x4}, @datasec={0xe, 0x0, 0x0, 0xf, 0x1, [], '\x00'}]}, {0x0, [0x61, 0x0, 0x0, 0x0, 0x30, 0x0, 0x5f, 0x30]}}, &(0x7f0000000180)=""/71, 0x56, 0x47, 0x1}, 0x28)

6m53.181736795s ago: executing program 2 (id=25):
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
socket$inet6_sctp(0xa, 0x1, 0x84)
io_uring_setup(0x414d, &(0x7f0000000000)={0x0, 0x967, 0x1, 0x0, 0x235})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)

6m51.734876092s ago: executing program 1 (id=27):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xfffffffffffffe13, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x4}, @CTA_TUPLE_MASTER={0x30, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4040815}, 0x40)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x101002, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x1018}, './file0\x00'})
mkdir(0x0, 0x0)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0xc, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$tipc(0x1e, 0x5, 0x0)
connect$tipc(r6, &(0x7f0000000140)=@id, 0x10)
r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r7, 0x40045532, &(0x7f0000000040)=0x7)
r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0)
r9 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x1000000000000, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r9, 0xc0884113, &(0x7f0000000300)={0x1, 0xfffffe00, 0x9dc6, 0x8, 0x7, 0x0, 0x6, 0x9, 0x0, 0x1, 0x100100})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x50)

6m49.688246942s ago: executing program 1 (id=28):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'veth0_vlan\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, 0x48d3a, 0x105a}, [@IFLA_MTU={0x8, 0x4, 0x44}]}, 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000)

6m49.664206463s ago: executing program 2 (id=29):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newtaction={0x14, 0x30, 0xffff}, 0x14}}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_opts(r5, 0x29, 0x39, &(0x7f0000000280)=ANY=[@ANYBLOB="1b0204"], 0x18)
setsockopt$inet6_opts(r5, 0x29, 0x37, &(0x7f0000000140)=@fragment={0xb6, 0x0, 0x92, 0x0, 0x0, 0x1b, 0x65}, 0x8)
sendto$inet6(r5, 0x0, 0x0, 0x20044080, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
recvfrom$inet6(r5, &(0x7f00000002c0)=""/38, 0x26, 0x40003000, 0x0, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f00000001c0)={0x1000200001ee0000, 0x1})
r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x44001, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000240)={0xe, 0x4000, 0x0, r6, 0x2})
syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000001}, 0x20000000)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r1, @ANYBLOB="2da52abd7000fbdbdf250300000008000100000000000800010000000000340007800c00018008000100", @ANYRES32=r2], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000)

6m49.31390009s ago: executing program 3 (id=31):
ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000500)={0x9, @win={{0xb8, 0x7, 0xfff, 0x1}, 0x9, 0x47, &(0x7f0000000380)={{0x4, 0x7, 0x7fff, 0x5}, &(0x7f0000000300)={{0x2, 0xe, 0x10, 0x3cbb}, &(0x7f0000000100)={{0x100, 0xd58f, 0x22b3, 0x1}}}}, 0xaeb, &(0x7f00000003c0)="5a70b87b66f7d58557229e1599193c2ef8f47d54f6028eb611875c842bdf7802c970d6b0da06b104caedfad106", 0x31}})

6m49.300151492s ago: executing program 2 (id=32):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$pokeuser(0x6, r0, 0xd0, 0x8)

6m48.934280167s ago: executing program 2 (id=34):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000240), r0)
r2 = socket(0x15, 0x5, 0x0)
getsockopt(r2, 0x200000000114, 0x271b, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9)
sendmsg$NFC_CMD_FW_DOWNLOAD(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000ffdbdf251500000008000100", @ANYRES32, @ANYBLOB="0c0014"], 0x38}, 0x1, 0x0, 0x0, 0x4000041}, 0x40000c0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0200000004000000080000000100"], 0x17)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3, 0x13, r4, 0x54c5a000)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000180)={{0x1, <r5=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)='%pI4   \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000019580)={{r5, <r6=>0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000280)='%pK    \x00'}, 0x20)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'syztnl2\x00', &(0x7f0000000400)={'syztnl2\x00', <r7=>0x0, 0x0, 0x2, 0x1, 0x7, 0x2, @remote, @loopback, 0x1, 0x80, 0x1}})
r8 = socket$inet6(0xa, 0x805, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000000000)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x3b, 0x9, 0x0, 0x0, 0x0, @mcast1, @dev={0xfe, 0x80, '\x00', 0x23}, 0x20, 0x0, 0x38dc586a}})
r9 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r10 = fcntl$dupfd(r9, 0x0, r9)
write$P9_RXATTRWALK(r10, 0x0, 0x0)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r10, 0x6430)
r11 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x400240, 0x0)
close_range(r11, 0xffffffffffffffff, 0x0)
r12 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x3, [@type_tag={0x4, 0x0, 0x0, 0x12, 0x2}, @const={0x10, 0x0, 0x0, 0xa, 0x1}]}, {0x0, [0x0]}}, &(0x7f00000004c0)=""/115, 0x33, 0x73, 0x0, 0x6}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)={0x2, 0x4, 0x8, 0x1, 0x80, r6, 0x40, '\x00', r7, r12, 0x5, 0x0, 0x1}, 0x50)
socket$kcm(0x29, 0x2, 0x0)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000600)={0xd0, r3, 0x2a, 0x70bd2d, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x26}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x6363}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x8001}, 0x20000000)

6m48.682647936s ago: executing program 2 (id=35):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r3 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xc4})
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}], 0x1)
io_uring_enter(r3, 0x2219, 0xcf74, 0x16, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x5, &(0x7f0000000200)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x50}, @call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r5, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r6, 0x800c5012, &(0x7f0000001080))
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
socket$can_raw(0x1d, 0x3, 0x1)
ioctl$KVM_SET_PIT2(r4, 0x4070aea0, &(0x7f0000000080)={[{0x1, 0xc, 0x3, 0x7, 0x4, 0x5, 0x10, 0xff, 0x3, 0x1, 0x40, 0x0, 0x2}, {0x806, 0x50, 0x6, 0x0, 0x3, 0x5, 0x7f, 0x8, 0x9, 0x1, 0x3, 0xf7}, {0x40, 0x0, 0x3, 0x4, 0x0, 0x5c, 0x6, 0x9, 0x14, 0x1b, 0xf9, 0x3, 0x100000000}], 0x6})

6m46.652769317s ago: executing program 1 (id=38):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xfffffffffffffe13, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x4}, @CTA_TUPLE_MASTER={0x30, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4040815}, 0x40)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x101002, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x1018}, './file0\x00'})
mkdir(0x0, 0x0)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0xc, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$tipc(0x1e, 0x5, 0x0)
connect$tipc(r6, &(0x7f0000000140)=@id, 0x10)
r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r7, 0x40045532, &(0x7f0000000040)=0x7)
r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0)
r9 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x1000000000000, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r9, 0xc0884113, &(0x7f0000000300)={0x1, 0xfffffe00, 0x9dc6, 0x8, 0x7, 0x0, 0x6, 0x9, 0x0, 0x1, 0x100100})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00'}, 0x10)
setresgid(0x0, 0x0, 0x0)

6m46.210940825s ago: executing program 3 (id=39):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=@newtclass={0x24, 0x28, 0x400, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x9, 0x4}, {0x7, 0xb}, {0xb, 0xf}}}, 0x24}}, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a", @ANYRES8=r1], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x8, &(0x7f0000001340)=@framed={{0xbe, 0xa, 0xa, 0x0, 0x0, 0x79, 0x10, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f0000000480)='syzkaller\x00'}, 0x90)
syz_open_dev$vcsa(&(0x7f0000000580), 0x3, 0x180)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYRES64], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x5, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='&'], 0x10)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={@cgroup, 0xffffffffffffffff, 0xf, 0x0, 0x0, @void, @value=0x0}, 0x20)
r6 = syz_open_dev$evdev(&(0x7f0000001380), 0x1, 0x20442)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000500)='coredump_filter\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])
r8 = syz_io_uring_setup(0x2e3b, &(0x7f0000000240)={0x0, 0x482b, 0x10100, 0x1}, &(0x7f00000003c0), &(0x7f0000000300)=<r9=>0x0)
syz_io_uring_submit(0x0, r9, &(0x7f0000000180)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x4, 0x4000, @fd=r4, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r8, 0x567, 0xa1ff, 0x0, 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r6, 0x8040450a, &(0x7f0000000000)=""/43)
socket$netlink(0x10, 0x3, 0x0)
r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56a, 0xde, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x815, 0xfe, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r10, 0x0, 0x0)

6m44.359874858s ago: executing program 1 (id=40):
r0 = socket$packet(0x11, 0x2, 0x300)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1f)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0x79a8, 0x8, 0x1, 0x5000032f}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x800, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4422}, [@IFLA_IFNAME={0x14, 0x3, 'veth0_virt_wifi\x00'}, @IFLA_PROMISCUITY={0x8, 0x1e, 0xfffffffe}]}, 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e000000180002"], 0x50}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
getdents(r8, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITE_FIXED={0x5, 0x18, 0x0, @fd=r8, 0x2, 0x2, 0x40000004, 0x12, 0x0, {0x3, r7}})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x3ff, 0x2, 0x5}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_emit_ethernet(0xfdef, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xfde1, 0x300, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x4d, 0x0, @wg=@data}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf3000000000000015000200000000103d030100000000009500000000000000bc26080000000000bf67000000000000070300000fff07006702000003000000160600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00'}, 0x48)

6m30.463475226s ago: executing program 32 (id=35):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r3 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0x2150, 0xc000, 0x3, 0xc4})
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}], 0x1)
io_uring_enter(r3, 0x2219, 0xcf74, 0x16, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x5, &(0x7f0000000200)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x50}, @call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r5, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r6, 0x800c5012, &(0x7f0000001080))
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
socket$can_raw(0x1d, 0x3, 0x1)
ioctl$KVM_SET_PIT2(r4, 0x4070aea0, &(0x7f0000000080)={[{0x1, 0xc, 0x3, 0x7, 0x4, 0x5, 0x10, 0xff, 0x3, 0x1, 0x40, 0x0, 0x2}, {0x806, 0x50, 0x6, 0x0, 0x3, 0x5, 0x7f, 0x8, 0x9, 0x1, 0x3, 0xf7}, {0x40, 0x0, 0x3, 0x4, 0x0, 0x5c, 0x6, 0x9, 0x14, 0x1b, 0xf9, 0x3, 0x100000000}], 0x6})

6m29.164279656s ago: executing program 33 (id=39):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=@newtclass={0x24, 0x28, 0x400, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x9, 0x4}, {0x7, 0xb}, {0xb, 0xf}}}, 0x24}}, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a", @ANYRES8=r1], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x8, &(0x7f0000001340)=@framed={{0xbe, 0xa, 0xa, 0x0, 0x0, 0x79, 0x10, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f0000000480)='syzkaller\x00'}, 0x90)
syz_open_dev$vcsa(&(0x7f0000000580), 0x3, 0x180)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYRES64], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x5, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='&'], 0x10)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)={@cgroup, 0xffffffffffffffff, 0xf, 0x0, 0x0, @void, @value=0x0}, 0x20)
r6 = syz_open_dev$evdev(&(0x7f0000001380), 0x1, 0x20442)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000500)='coredump_filter\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r7])
r8 = syz_io_uring_setup(0x2e3b, &(0x7f0000000240)={0x0, 0x482b, 0x10100, 0x1}, &(0x7f00000003c0), &(0x7f0000000300)=<r9=>0x0)
syz_io_uring_submit(0x0, r9, &(0x7f0000000180)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x4, 0x4000, @fd=r4, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r8, 0x567, 0xa1ff, 0x0, 0x0, 0x0)
ioctl$EVIOCGMTSLOTS(r6, 0x8040450a, &(0x7f0000000000)=""/43)
socket$netlink(0x10, 0x3, 0x0)
r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56a, 0xde, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x815, 0xfe, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r10, 0x0, 0x0)

6m28.98883248s ago: executing program 34 (id=40):
r0 = socket$packet(0x11, 0x2, 0x300)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1f)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0x79a8, 0x8, 0x1, 0x5000032f}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x800, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4422}, [@IFLA_IFNAME={0x14, 0x3, 'veth0_virt_wifi\x00'}, @IFLA_PROMISCUITY={0x8, 0x1e, 0xfffffffe}]}, 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e000000180002"], 0x50}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, 0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
getdents(r8, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITE_FIXED={0x5, 0x18, 0x0, @fd=r8, 0x2, 0x2, 0x40000004, 0x12, 0x0, {0x3, r7}})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x3ff, 0x2, 0x5}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_emit_ethernet(0xfdef, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xfde1, 0x300, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e22, 0x4d, 0x0, @wg=@data}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000800)=ANY=[@ANYBLOB="611234000000000061134c0000000000bf3000000000000015000200000000103d030100000000009500000000000000bc26080000000000bf67000000000000070300000fff07006702000003000000160600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f909ad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305865050df26469fac5202d6293c3d5e11f4f83e7455baeeba4f"], &(0x7f0000000100)='GPL\x00'}, 0x48)

5m33.894795837s ago: executing program 4 (id=124):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xfffffffffffffe13, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x4}, @CTA_TUPLE_MASTER={0x30, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4040815}, 0x40)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x101002, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x1018}, './file0\x00'})
mkdir(0x0, 0x0)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0xc, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$tipc(0x1e, 0x5, 0x0)
connect$tipc(r6, &(0x7f0000000140)=@id, 0x10)
r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r7, 0x40045532, &(0x7f0000000040)=0x7)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x1000000000000, 0x0}}, 0xfdbc)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5m32.617405491s ago: executing program 4 (id=125):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000440)=[{0x6}]}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1400b600100001000000000000002c46400b000000000000000000000000000002000001200004801c0001806d01dbf198d8437cc60b0001006e756d67656e00000c0002800800014000000000090001007300140000001100010000000000000000000000000a00000000"], 0x68}, 0x1, 0x0, 0x0, 0x40010}, 0x0)

5m31.871270433s ago: executing program 4 (id=126):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xfffffffffffffe13, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x4}, @CTA_TUPLE_MASTER={0x30, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4040815}, 0x40)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x101002, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x1018}, './file0\x00'})
mkdir(0x0, 0x0)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0xc, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$tipc(0x1e, 0x5, 0x0)
connect$tipc(r6, &(0x7f0000000140)=@id, 0x10)
r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r7, 0x40045532, &(0x7f0000000040)=0x7)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x1000000000000, 0x0}}, 0xfdbc)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x50)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r9}, 0x10)
setresgid(0x0, 0x0, 0x0)

5m30.67876722s ago: executing program 4 (id=127):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = syz_io_uring_setup(0xcc8, &(0x7f0000000300)={0x0, 0x24c1, 0x10, 0x40003, 0x359}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0xc, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x842a}})
io_uring_enter(r0, 0xdb4, 0xd44a, 0x5, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000040)={0xfffffffffffffffe, r0, 0x33, {0x5, 0x10001}, 0x6}, 0x1)

5m27.928226535s ago: executing program 4 (id=131):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r1, @ANYBLOB="2da52abd7000fbdbdf25030000000800010000"], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000)

5m27.3980112s ago: executing program 4 (id=132):
r0 = accept$netrom(0xffffffffffffffff, &(0x7f0000000280)={{0x3, @netrom}, [@rose, @default, @rose, @remote, @default, @remote, @default, @rose]}, &(0x7f0000000300)=0x48)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYBLOB="00edcf69920000000400001a000000603200"/28], 0x50)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0))
read$dsp(r1, &(0x7f0000000440)=""/105, 0x69)
accept$netrom(r0, &(0x7f00000001c0)={{0x3, @netrom}, [@null, @default, @remote, @netrom, @netrom, @bcast, @default]}, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x109942, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./cgroup\x00', &(0x7f0000000040)='xfs\x00', 0x800013, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r4, &(0x7f0000003480)={0x2020}, 0x2020)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000580)=0x4)
ioctl$PPPIOCSACTIVE(r3, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x5, 0x0, 0x0, 0x9}]})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6", 0x3)
r6 = accept4(r5, 0x0, 0x0, 0x80800)
sendmmsg$alg(r6, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}, @op={0x18}], 0x30, 0x55}], 0x1, 0x0)
unshare(0x22020400)

5m12.081370929s ago: executing program 35 (id=132):
r0 = accept$netrom(0xffffffffffffffff, &(0x7f0000000280)={{0x3, @netrom}, [@rose, @default, @rose, @remote, @default, @remote, @default, @rose]}, &(0x7f0000000300)=0x48)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYBLOB="00edcf69920000000400001a000000603200"/28], 0x50)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0))
read$dsp(r1, &(0x7f0000000440)=""/105, 0x69)
accept$netrom(r0, &(0x7f00000001c0)={{0x3, @netrom}, [@null, @default, @remote, @netrom, @netrom, @bcast, @default]}, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x109942, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./cgroup\x00', &(0x7f0000000040)='xfs\x00', 0x800013, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r4, &(0x7f0000003480)={0x2020}, 0x2020)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000580)=0x4)
ioctl$PPPIOCSACTIVE(r3, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x5, 0x0, 0x0, 0x9}]})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6", 0x3)
r6 = accept4(r5, 0x0, 0x0, 0x80800)
sendmmsg$alg(r6, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}, @op={0x18}], 0x30, 0x55}], 0x1, 0x0)
unshare(0x22020400)

2m40.628221936s ago: executing program 5 (id=444):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x4a38, 0x201)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000480)={0x53, 0xfffffffffffffffe, 0x6, 0xb4, @scatter={0x0, 0x100000, 0x0}, &(0x7f0000000200)="0a823ac6aeb7", 0x0, 0x2, 0x10023, 0xfffffffd, 0x0})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
getdents64(r2, &(0x7f0000002f40)=""/4098, 0x1002)
write$P9_RSTATFS(r2, &(0x7f0000000140)={0x43, 0x9, 0x2, {0x9, 0x5, 0xfffffffffffffffa, 0x1, 0x9a, 0x5, 0x7, 0xfffffffffffff8a9, 0x10}}, 0x43)
shutdown(r1, 0x1)
ioctl$DRM_IOCTL_GET_CLIENT(r2, 0xc0286405, &(0x7f00000000c0)={0x7778106b, 0xa381, {<r3=>0x0}, {}, 0x568a0a8c, 0x8})
capset(&(0x7f00000001c0)={0x0, r3}, &(0x7f0000000300)={0x9, 0x1632, 0x6, 0x27fa, 0xfffffffb, 0x4})
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, &(0x7f0000000240)={{0x0, 0xf}, 'port0\x00', 0x10, 0x0, 0x6, 0x3, 0x7ff, 0x5, 0xb2a3, 0x0, 0x2})

2m40.294940388s ago: executing program 5 (id=446):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00')

2m39.113461419s ago: executing program 5 (id=452):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x987}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0x46, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7}, 0x34)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})
write$P9_RVERSION(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065fffffc7f00000800395032303030"], 0x41)

2m37.32745338s ago: executing program 5 (id=458):
socket$kcm(0x29, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x3cfa, 0x0, 0x2, 0x3b9}, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), 0x0, 0x0, 0x1})

2m36.782484023s ago: executing program 5 (id=462):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00')

2m35.131167148s ago: executing program 5 (id=468):
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fsync(r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="6d706f6c3d62690bbe608ae7a8e257d632a80e6e643a302d4e3a332f45"])
r2 = socket$kcm(0x2, 0x5, 0x84)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x84, 0x78, &(0x7f00000000c0)=r3, 0x4)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mq_open(&(0x7f0000000080)='^\x00', 0x40, 0x19, &(0x7f0000000180)={0x7, 0x8000, 0x8fc, 0x67a})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioprio_set$pid(0x2, 0x0, 0x2007)
r6 = gettid()
tkill(r6, 0x3e)
setpgid(r6, 0x0)
sync()
ioctl$KDFONTOP_SET(r5, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0xa, 0x1, 0x200, &(0x7f0000003c40)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a73090000000000001b0f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000018000100000000000000000002000000000000090000000006001500050000002800168024000100020004"], 0x4c}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r8 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0)
read$FUSE(r8, &(0x7f0000001b40)={0x2020}, 0x205c)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0)

2m19.857258429s ago: executing program 36 (id=468):
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fsync(r1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="6d706f6c3d62690bbe608ae7a8e257d632a80e6e643a302d4e3a332f45"])
r2 = socket$kcm(0x2, 0x5, 0x84)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r2, 0x84, 0x78, &(0x7f00000000c0)=r3, 0x4)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mq_open(&(0x7f0000000080)='^\x00', 0x40, 0x19, &(0x7f0000000180)={0x7, 0x8000, 0x8fc, 0x67a})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioprio_set$pid(0x2, 0x0, 0x2007)
r6 = gettid()
tkill(r6, 0x3e)
setpgid(r6, 0x0)
sync()
ioctl$KDFONTOP_SET(r5, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0xa, 0x1, 0x200, &(0x7f0000003c40)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a73090000000000001b0f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000018000100000000000000000002000000000000090000000006001500050000002800168024000100020004"], 0x4c}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r8 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x0)
read$FUSE(r8, &(0x7f0000001b40)={0x2020}, 0x205c)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}}, 0x0)

12.688854066s ago: executing program 8 (id=887):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x64}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000000306010100000000000000000200000a0500010007000000f5701a23aec93215b8424f058e03"], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000a40)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000006000/0x2000)=nil, &(0x7f000000d000/0x4000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff3000/0x3000)=nil, &(0x7f0000ff6000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x1, 0x20002f5})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@deltfilter={0xe, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x3}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='setgroups\x00')
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0xc, &(0x7f0000000100)=[{0x1, 0x36, 0x5, 0x537}, {0x27, 0x8, 0x9}, {0xe49, 0x2, 0xfa, 0x4}, {0x5b6, 0x8, 0x1, 0x2}, {0x2, 0xe, 0x80, 0x1000003}, {0x1ff, 0x5, 0x10, 0xf}, {0x2, 0x0, 0x1, 0x9}]})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x45, 0x0, &(0x7f0000000100)="b90000000044268cb89e14f086dd65e0ffff01032c00631177fbac141416e000030a44079f030000000000000000000000222f050b038da1880b25181aa59d943be3f4aed5", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0)

11.187163683s ago: executing program 8 (id=889):
mkdirat(0xffffffffffffff9c, 0x0, 0x100)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fstatfs(r0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x6)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
futimesat(r2, 0x0, 0x0)

10.95551478s ago: executing program 9 (id=892):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getresuid(&(0x7f0000000000), &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000180))
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in=@multicast1, @in=@private=0xa010101, 0x4e23, 0x7, 0x4e24, 0x1, 0xa, 0x20, 0xa0, 0x0, 0x0, r1}, {0x200, 0x80000000, 0x5, 0x4, 0x3, 0xfffffffffffff000, 0xa43, 0xffffffffffffff7f}, {0x4, 0x5, 0x1, 0x2}, 0x4, 0x6e6bb0, 0x2, 0x0, 0x1, 0x1}, {{@in=@local, 0x4d2, 0x16}, 0x2, @in6=@mcast1, 0x3506, 0x0, 0x2, 0x1, 0x1800, 0x10001, 0x4}}, 0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$IMHOLD_L1(0xffffffffffffffff, 0x80044948, &(0x7f00000000c0)=0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r6, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r7 = socket(0x40000000015, 0x5, 0x0)
write$smackfs_ipv6host(0xffffffffffffffff, &(0x7f0000000280)=@l2={{0x4, 0x3a, 0x9, 0x3a, 0x0, 0x3a, 0x6, 0x3a, 0x5, 0x3a, 0x2, 0x3a, 0xffff, 0x3a, 0x7}, 0x2f, 0x3c, 0x20, '\xc6\x8c'}, 0xb0)
recvmmsg(r7, &(0x7f0000001380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/234, 0xea}, 0x4}], 0x1, 0x60010000, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11000000040000000400000022"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r8, &(0x7f0000000140), &(0x7f0000000080)=@udp}, 0x20)

10.907030909s ago: executing program 8 (id=893):
socket(0x11, 0x800000003, 0x0)
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r1 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r1, 0x8, &(0x7f00000000c0)=0x10001)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsmount(r5, 0x0, 0x0)
r6 = fsmount(r0, 0x0, 0x1)
fchdir(r6)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fchown(r7, 0x0, 0x0)
mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x1b\x00\x00\x00\x00\xd7\\P[Ay\x00UN\x00'/31, 0x40, 0x0, &(0x7f0000000440)={0x2000000000002000, 0x1, 0x56, 0x4})
syz_init_net_socket$llc(0x1a, 0x1, 0x0)

9.390348146s ago: executing program 9 (id=897):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x400000, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
r5 = syz_open_dev$swradio(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000000)={0xf0f041})
openat$tun(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe(&(0x7f0000000000))
openat(0xffffffffffffff9c, 0x0, 0x80042, 0x20262076a4e6d5e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r6}, 0x18)
ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, 0x0)
keyctl$link(0x8, 0x0, 0x0)
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
write(r7, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a000200", 0x44)
pipe(&(0x7f0000000500)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
splice(r8, 0x0, r7, 0x0, 0xffffffffffff8000, 0x0)
close(r9)

9.280792512s ago: executing program 7 (id=899):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x64}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000000306010100000000000000000200000a0500010007000000f5701a23aec93215b8424f058e03"], 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000a40)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000006000/0x2000)=nil, &(0x7f000000d000/0x4000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff3000/0x3000)=nil, &(0x7f0000ff6000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x1, 0x20002f5})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@deltfilter={0xe, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x3}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='setgroups\x00')
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0xc, &(0x7f0000000100)=[{0x1, 0x36, 0x5, 0x537}, {0x27, 0x8, 0x9}, {0xe49, 0x2, 0xfa, 0x4}, {0x5b6, 0x8, 0x1, 0x2}, {0x2, 0xe, 0x80, 0x1000003}, {0x1ff, 0x5, 0x10, 0xf}, {0x2, 0x0, 0x1, 0x9}]})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x45, 0x0, &(0x7f0000000100)="b90000000044268cb89e14f086dd65e0ffff01032c00631177fbac141416e000030a44079f030000000000000000000000222f050b038da1880b25181aa59d943be3f4aed5", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x50)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0)

8.211079237s ago: executing program 6 (id=901):
getresuid(&(0x7f0000000440), &(0x7f0000001480), &(0x7f00000014c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000400))
socket$netlink(0x10, 0x3, 0x4)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
mount(&(0x7f0000000140)=@sg0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000340)='ubifs\x00', 0x2208004, 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x4}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r3}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x16, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000380)='\x00'/14, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

7.121691211s ago: executing program 0 (id=902):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x18, 0x0, 0x4, 0x4}]}}, 0x0, 0x2a, 0x0, 0x1, 0x40}, 0x28)

7.019385894s ago: executing program 6 (id=903):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
socket(0x2000000015, 0x80005, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x40071, 0x200000009})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
pread64(r1, 0x0, 0x20, 0x78f2a36b)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000300)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000380)={0x0, 0x0, r3, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x4, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8001, 0xfffffffa, "b4bc323ef77d1f000071849800000000dfff00"}})
fchdir(r0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r4, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))

6.913424476s ago: executing program 7 (id=904):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)={0x60, 0x0, 0x7, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x2}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0xc44b5fd46effd8e7}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x18000000}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x9}]}, 0x60}, 0x1, 0x0, 0x0, 0x44884}, 0x8000)

6.688901333s ago: executing program 0 (id=905):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getresuid(&(0x7f0000000000), &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000180))
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in=@multicast1, @in=@private=0xa010101, 0x4e23, 0x7, 0x4e24, 0x1, 0xa, 0x20, 0xa0, 0x0, 0x0, r1}, {0x200, 0x80000000, 0x5, 0x4, 0x3, 0xfffffffffffff000, 0xa43, 0xffffffffffffff7f}, {0x4, 0x5, 0x1, 0x2}, 0x4, 0x6e6bb0, 0x2, 0x0, 0x1, 0x1}, {{@in=@local, 0x4d2, 0x16}, 0x2, @in6=@mcast1, 0x3506, 0x0, 0x2, 0x1, 0x1800, 0x10001, 0x4}}, 0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$IMHOLD_L1(0xffffffffffffffff, 0x80044948, &(0x7f00000000c0)=0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, 0x0, 0x0)
write$smackfs_ipv6host(0xffffffffffffffff, &(0x7f0000000280)=@l2={{0x4, 0x3a, 0x9, 0x3a, 0x0, 0x3a, 0x6, 0x3a, 0x5, 0x3a, 0x2, 0x3a, 0xffff, 0x3a, 0x7}, 0x2f, 0x3c, 0x20, '\xc6\x8c'}, 0xb0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11000000040000000400000022"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r7, &(0x7f0000000140), &(0x7f0000000080)=@udp}, 0x20)

6.630358199s ago: executing program 6 (id=906):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x0}, 0x94)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000000201010100000000000000000200000004000180180002801400018008000100b04c94a708000a00ac03cdaa140019800800010004000000080002"], 0x44}, 0x1, 0x0, 0x0, 0x894}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x11, 0x4, 0x4, 0x10004, 0x14, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x7}, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x0}, 0x94) (async)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000000201010100000000000000000200000004000180180002801400018008000100b04c94a708000a00ac03cdaa140019800800010004000000080002"], 0x44}, 0x1, 0x0, 0x0, 0x894}, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x11, 0x4, 0x4, 0x10004, 0x14, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x7}, 0x50) (async)

6.629369592s ago: executing program 7 (id=907):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getresuid(&(0x7f0000000000), &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000180))
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in=@multicast1, @in=@private=0xa010101, 0x4e23, 0x7, 0x4e24, 0x1, 0xa, 0x20, 0xa0, 0x0, 0x0, r1}, {0x200, 0x80000000, 0x5, 0x4, 0x3, 0xfffffffffffff000, 0xa43, 0xffffffffffffff7f}, {0x4, 0x5, 0x1, 0x2}, 0x4, 0x6e6bb0, 0x2, 0x0, 0x1, 0x1}, {{@in=@local, 0x4d2, 0x16}, 0x2, @in6=@mcast1, 0x3506, 0x0, 0x2, 0x1, 0x1800, 0x10001, 0x4}}, 0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$IMHOLD_L1(0xffffffffffffffff, 0x80044948, &(0x7f00000000c0)=0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r6, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r7 = socket(0x40000000015, 0x5, 0x0)
write$smackfs_ipv6host(0xffffffffffffffff, &(0x7f0000000280)=@l2={{0x4, 0x3a, 0x9, 0x3a, 0x0, 0x3a, 0x6, 0x3a, 0x5, 0x3a, 0x2, 0x3a, 0xffff, 0x3a, 0x7}, 0x2f, 0x3c, 0x20, '\xc6\x8c'}, 0xb0)
recvmmsg(r7, &(0x7f0000001380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/234, 0xea}, 0x4}], 0x1, 0x60010000, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11000000040000000400000022"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r8, &(0x7f0000000140), &(0x7f0000000080)=@udp}, 0x20)

6.55586015s ago: executing program 9 (id=908):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095", 0x4a}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee381927", 0x16}], 0x2}], 0x1, 0x40800)
r2 = semget$private(0x0, 0x6, 0x0)
semtimedop(r2, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)
semop(r2, &(0x7f0000001240), 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00', <r6=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x1e, 0x2a, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000104000000000000010001001811000057499d86fdd61c4dc37926ae2c30a937cd5ac9305c6ec183c43dfc69fb2dda63e414dadd9f030637ffaa5c5dd64fcea45353cc014b8dee5017233abeb974e1688fc84f99804d0e7b5fdb380274e18a12ab1f27d3aa222a608afb3f322611be4740c13e3ead717e60e5ad78fe7d3088dcb60e", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b703005d63000100000085000000830000000109000000000000550901000000000095000000000000008530000005000000851000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000008600000018600000020000000000000001800000b7080000000000007b8af8ff00000000b7080000010000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000850000008300000018230000", @ANYRES32=r4, @ANYBLOB="000000000200000018210000", @ANYRES32=r6, @ANYBLOB="000000000200000007430400f7ffffffbf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000580)='syzkaller\x00', 0x80000000, 0x1000, &(0x7f0000001900)=""/4096, 0x40f00, 0x20, '\x00', r6, @fallback=0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000780)={0x0, 0x7, 0x4, 0x8}, 0x10, 0x0, 0xffffffffffffffff, 0x2, &(0x7f0000000c40)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000c80)=[{0x2, 0x2, 0x4, 0x4}, {0x5, 0x3, 0x7, 0x9}], 0x10, 0x6}, 0x94)
sendto$packet(r3, &(0x7f0000000280)='D', 0x1, 0x805, &(0x7f0000000300)={0x11, 0x9, r6, 0x1, 0xf7}, 0x14)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r3, &(0x7f0000000000)={0x2})
semctl$SEM_STAT(r2, 0x2, 0x12, &(0x7f0000000080)=""/134)
openat$kvm(0xffffffffffffff9c, 0x0, 0x80800, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r8 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r8, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000018c0)=ANY=[@ANYBLOB="0a000000d2cf00003d36000002"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000140), 0x9, r9}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000380)={r9, &(0x7f0000001940), &(0x7f00000002c0)=""/187}, 0x20)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000001c0)=""/138, 0x8a}], 0x1}, 0xf0ff)

6.315565736s ago: executing program 8 (id=909):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x18, 0x0, 0x4, 0x4}]}}, 0x0, 0x2a, 0x0, 0x1, 0x40}, 0x28) (fail_nth: 2)

5.312971075s ago: executing program 0 (id=910):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001cc0)={0x30, 0x1, 0x4, 0x201, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x2003}, @NFULA_CFG_MODE={0xa, 0x2, {0xa, 0xa6c0e0e60a48bdcb}}]}, 0x30}, 0x1, 0x0, 0x0, 0x44884}, 0x4000000)
sendmsg$NFT_MSG_GETCHAIN(r1, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000540)={0xf4, 0x4, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffe}, @NFTA_CHAIN_USERDATA={0xca, 0xc, "b4d927b32e930af36b3432e7fa0bbb0fa0cfe6d428c36de634e3d836246436854dc079745d229b9984096624d85f10e8e7bf6ad52cdf72369a20d44a278cc5374586d747ff36f4a67a01a08426dd4a8fb8fd3e71ce3108e40ba5916fa6ff743ef682d3524711eab9ba40a6624c75e0a2c4b1844bdbb8eef616d4aa9925eb0fa925b9dba19bfb6d1eb6030fb42ca434a31b99b963223d5c2b4de813b23adcb1559d640ea6e4ddb19147829cec348d44bc585d17a7026b0a9264401c450e4416b1c671a6c9dbed"}]}, 0xf4}, 0x1, 0x0, 0x0, 0x800}, 0x4044810)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x9, @private1, 0x2}, 0x1c)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x1a4a, 0x4)
r2 = syz_init_net_socket$ax25(0x3, 0x3, 0xcd)
sendmmsg$inet(r2, &(0x7f0000003540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
read(r3, &(0x7f0000000700)=""/40, 0x28)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0xf87, &(0x7f0000000680)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0xf51, 0x0, 0x0, @rand_addr=' \x01\x00', @mcast2, {[@routing={0x84, 0x0, 0x1}], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3ead97c4e16229ce4c08a111a0fc64651c21e9174dd72442a9ae2a42d9433c7b54c8dd4b59203f9a2e227e9b043eb430e606cf98f3428ac8511948dd553bc0728c0626fbda71bd2a1d734d605e27bdb0be93b7b91284689e31fccb70c15f2c39da9011c84d36fe4b4b36ff26e45a34685fc638dbdaa068a3d3d4f5d44b74afc0fc7956e5fcc3fe405ac6d292d1d90f257f18fe14a3192d28ed369956aa2f91f9fee773cf7fb5d90705347eeadc1af86de78a498fa1a20e5b3f481a0595769654d969299506d8ffbc172a7fb9453a8a3787e80b167936863f2cc16c1d03481bd40e1abcf87a292559771572136932bf30e48174012a1d4d5f138f93140af2ceb9c821c7966ea7592d762975b5b33ef141b6b91eb388c91b924945c3231d0f299adb5a36e0c95a17872e7ebf0bc0e33baf5c46f9e2087b77bad0794d519ce7bc8674a70f3545d020454ded22f164185df3b4f952b132947b75333993fd73a6bac5836dd5720e559bcb82a4926734c5c3b1287c5fec219a99f71eb398430001f007306e9232c269c2886357f75d935e8de054341ac36f1df1fc77fbc347d90660f4d5658cfeb9e289f70968a7c0b38ae34c4bfa46b47964e223ac34f472e3231e8c285add5713592c76c062c3477beb55b279846f04f8d6a5ce2743c6a2020f0c5164953b8dca7e57239dc8a7f507bcf77767ab0b4602437171a09c8e80f5a165c4c37eaae386cfcb927dd1a935fa717fa1608792b34bafbc20cf11a678455894ede62788309ab7a7075535847a2b48260a613e521b01d75648263ad78e6176528dbf3e6c4e4d72066e617be5387183a51dd97d2e846c5d173b51e17a4c8d78a49c914cbe44236c52c78de45b44f9d80bc6f77c75135922a84579bce77baa71311889f5b7b90c5124b8298d5e9c81c442d60df00795854d3213a1ac254c8963c109f68b3ff5451c381f6fb56c116f86b71f988d1e9f732280cbf3d4e9791fefc4bdec5dc293fb77b02d5aab6bd8cd179b7e425126b7f78c0d004bc6470ecc2bbc422bd06a6bd8f717009509e6a88b01347b7a62b9dea6f7a7446a371f422499a6e66eeb6a7b0beb4a86a61f875a9bfe0f5d5f0d0e4c85852afaea97d74ebc80d6491a8a1c998c4b5bc34b3edaeba2df902cd5e14e016720e6c3c8b15287b2471c34251e26dc442720cd5d984e30b110b7370f233f865b9ac129fdf49ff02b303d7d4f91039d3bb58a9d64d7a72d8b8eba6b45a000370d4f0e9c0d411768441372e7112e5d4e7d70a9d6b428b8b85ee6209d6f73e7b024740c052166deeb843e4ab78d1d354d75a5827ff0d49d8964e75785f3594c7299c0917b48f3b2efb81a4c3a7d6e0f1cf50efe0360963c2e3ee390ed2a4c39f42e856eced0f2ee7beacd2ecbece493e911ca0460584323ea6d4a0c00864693c979cae38f0c5841bfaeebf609d1075163c120fea0bd0207d2dd07e5e2e0a5afe3efee0ee6bb9a926a8dba7a27a82c5421a5b20bfb5dbdef532a12435fcd899f15603209831711e0dcfaaf2104b2016f087fce44848c70b65a34b9be83df2064391fc5a8d169dc1943d226e57ab5ba06c656273d4efba73a8a61aae19df4d2445f3ce7e649af1b4ffc86106c9092ddd0aafeb45653d181cb32b06a1dd41573495f15c3b8c0019ba72a2eb163dfcbdbb235322ae27d7116af506f295c2424ab9191aa8ce0e4617b212af21983f8d2b19d7fdeec881f6fa448acc7c3e133b6f281583fad4467c05801e69f6ffc1ae2e1f54655534d884c2f8f60303da33ccbe47a293643edb61c7d9fad4e3e54028bc64be8e5b1da53446869b136660b8e96ff96c48641ece275967b27b291c5c240b3399b5b901b699227735f821938bc88ded45bada2b257b1a4bcab7ed6647f2027e5680c87329e9cfdba6bde2f2a9b676be016001702bebbabb2eae3eba01d6f49ab70245a4c5ef0e136b531e1843487b3f69c5b811217d6d2f5e71b47f40c28117bd09a88bb21887a06e2cc164d4281d0df47cbd5781f1524098d89ccae32f24c5f9d86469106685fdc683ad5e873030b621dc00354e0621106da90aca69bb53848dd57251a45bc1898aca9bc84c9a8d2f8aabeed888560771c8cb03aab02620430fec8e9740880790060ccbffd5b8edaa219ca61587eff1b1b03ae8af53059f121efdec8b3ee8aba06f494a5b4575bc848d5a9773d2346f75811cb82a078fc960c9bd374555d78b1b4ba0b438ef00e8aa75810ca5efc5c70936e2cb0e515912cb7f625a2130a9ad58f29e58ae6eac5c3f15f22f0163ee6dead6947c4390b92c8dfb146fec7bfc0b37e8ff2c9de90c30f2d8b5e334107f9835bc47fbc193c60ebd5ac4e677c7fd5b6261ff96e97c185c726ec02941bc2336946f181fd2aff43f0e95f06105a049fcb8e4e3738407d6356856f533f17fae281a3be9f2050ae3d19d1b8350d424087ac9b7875824a9b7e098775b53d6ec960fc052ecd165d17a7897de75f15316a072bb9ccf6ce1ec085bb5356c271b985a437a32f12308fc927410fd444bcded9859e7b8a3cfaaf29ebfb92cc7cbfad2559bbe4f90e189e8708e93827b221869cc78fa41fd5bcb6577b7dfe4c3927dc25a58aa84419f76e71d1f3c10cbb5e52ab2bebe0d39bdffda0fa1b55fe3a03683f882a82dd58498d62b101acd710fd436aa7409fe3cf5352dffb399d560323e14d564bdb3121b89c1f43fc9a892b799cd32f7ce2ededb868920b4547735ef0bf3e148251a4f65dddb7f96b2f33734522a8cffdc51520ac98926b3406e96618cf15a042a67239e755afc70ec6a9c99f8e08ec2946e5901364d85223a63d49572519137d93b6b0798e72acf9da120e706ee73367dec1450a68def886c149bcd734469e10b933899501011cd548e99d638821d5709fde050ab382d4896ecfd7999d40ea9c690c26d396545224c8f9e19705593df2688eb592e2476a0193f7054ab6f703d41c545a80bf285bbc7cc735bd306c9ea5eb64f40752fd4c741d9b6e03cd41b636ef8f5e810047a21c0b24c6fde1f2e98f2f27730c90d93af9e7564e4e209a61ff626b666fcc4f75f7d560da688169ff0af5e674a0b89a99fb54bb438a65f953c2db0faec2ce09cec33b6d25620b5a0393ac473fed48a38beaca5223997419876d571ce969b83b5b3ae54de83dd89fd92ed2a93c087828bef49a24ed1a97778c47fdc691a94fd5b437dfe494b5c6fadf499d9d15583b0439d3d5ecb61a32a2508a6960be6009accfd1d5d75a16dbc4121c6ef07bda12646792449c18a56e7aa3893f3f0e55a8e09ca64193dd29ea24ed8614ee8e717f046dd99a8e3750506655331125a502aa89c0d7e8e30c36a4be22cd911322695144d3bf034f38ef32d49431d50da583d08a3e4c5862483cdd52d031b12c89fdaafc3334e877e464134baece883d301193a9c27311a987d4dae82a061f48182cc747cd64441e88b68e26e4975f0fdde3129a9e6af80009962581d5349676df9c73b81514b175709d9193749660f480bd4009b528c1db4f76f42b6a175126603c39a374e890f871c97b2eebb4500451d827cc15497dc5ae89edc6f47f25db7efa4b4b2afbbb2ee543e3db8d20fe93faf300247f59075921e8b2f2a025af8a1d46f274e0c6cb4be0293c7c16c88e98d7d189e9733e4c0e3b96be4aa3fa6ecf42732e0b1432d38aeaf2330d92713cd5580ce42bfe47fb98fea64783de23f456300dd193008211a5ba408d32dedbf12aa8237a6e1a2c9890a2c1011855241fea186906a5139d1c300be57dc7ff493de80010520d10fc3eda0ee9cd413e075d3dc02258fdab567a16e43edbeecc366a69d8d75512f43a2b79cbb9132cdcd00c531730d05f1eabf66613d6e7ebb8c4c3f4f7efd415d41049786352808b22a3bde40121968af39c8f00296001662adc72b7963c8bafab4a496b50f3237a29d19ad4a51a62b1c77a04c14004734189cf7ec49e3d041a1e5658d080f09df77f39782e7133968c1f39ab3ae2a5f24a60073288f3c5825dafd614a379b8b905aaf961caa14ffa38de0d632918d31e4a9291b0f0789248e232e4276840a1ed0257300e522d83111dffd424b1b33148981e3794b2b649ba9174e6697bcc96049f4f3dcc7cf4ca97e2006ec8a146014bb49184632e4fb159a34b6530e959e60a6b4e0427cc697f14cfe6bb7a662a6f5012744f3cf2307abc19c58449864d98fcfebc5d598cd32a1c38c207896468fe8da75eb1edb1d6e7cb1eab671e4e92f139c81d79f15df2a2dc075acc982dec769e2f49aad0fdf594cb590e054616e4f4582b6c4a149ae45d844903ef68d211df2a180178e178b7c7a5012ccf8a1e677586588620365e6111f5192ecfdbd97e2284128de02e08ebc13d4bb4d114faa1e6c16c51c12da2c52d68f73640ce866ce4e794b9fafdc392c91c1f824bc301b3069a02b9c86d2ffac3ed63ddee130cbc248d6a3345d3f9553db78077072d569a6633f8bdbdb1a209a8be9b6830225994f9021b57ddd6a44e8ea40b205c6cf437f45bffaef053a5916dcc6de62ee02bdb8ce3acec8ad97fc95dab1307d254790c71f32e4678957cf0121dccabe73a03c6cacbcbdaad8801b04d9836555a982c357a06e2db7e9bf62aed8cdebbb7a71a2410b929015b61f16e54bffd038996a717b9c7cc3696d8a1205e8266bf782c3a45b0e31461d6a3ed62396088833f69248b24fbf6f81dcc08b98826c3bd2325ade54f614f2d4a153e3e3527d93978483f2bfeada6b64bc43f2a725c30e843d13e6ab34cfc38d488b3ef50cd04318fac1f89905f017644cfa2de058ad399871d1316264813c2289d0b6cfeddfbca36ce93fd4a1bfc93bb74453cfbb9c6ca22320ffc9cb0a3fff046a5678c066e617cd3ac024dfead04b99877f448b78208938585c7563efe815ff0cc47da5fff521d9730ddc89f4aeceadd06f2ea6b9ae72c9407aa550a0155db3b4bc6aaa382a30552f699cb6a1af9972a8ccc483f98952dfbde3d712ea8673eacdbb77490d833fc90f0f02e7c073d2917db70831496a88defc10667dc4c1b7399191bdc7857eb090e79c332bf9f71bb5377178e6232800c93d22318dc5ab8d5dfa2f074a6c23acb61c89f2f078ec91e9817e11a4c8295c19634b5ca2df74"}}}}}, 0x0)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="0422"], 0x22)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYRES64=r8, @ANYRES32=r10, @ANYBLOB="0c0002"], 0x24}, 0x1, 0x0, 0x0, 0x20040001}, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0xffff}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x1, 0x0, 0x2000008, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00)
sendmsg$NFC_CMD_DEACTIVATE_TARGET(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="139c0f4ebda87548cd6d1fbee2b63f1fd317bd517d6f2dc46d6a43dbccf539622cc667376a60a5e47a22fb8689fc2c347c8f1e2b6c2116a737ae8a50d85b56215a134dab6de9fb40c24289fc43102c1340f51cfcb5cc6bb3922d91a6d0ec4812fad1d4fe6b8bc51358b571b4dc1e84a867a04520873f"], 0x1c}, 0x1, 0x0, 0x0, 0x4040801}, 0x80014)
r12 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$sock_int(r12, 0x1, 0x8, 0x0, 0x0)
read$FUSE(r12, &(0x7f0000003580)={0x2020}, 0xffffff46)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f00000000c0))

5.311636771s ago: executing program 7 (id=911):
r0 = fsopen(&(0x7f0000000040)='devpts\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = epoll_create1(0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x54, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x1ff}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r3, 0x84009422, &(0x7f00000004c0)={0x0, 0x0, {}, {0x0, @struct}, {0x0, @struct}})
r4 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x7ffc, 0x40024e, 0x0, r1}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000480)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x0, @fd_index=0x3, 0x6, 0x0, 0x0, 0x2, 0x1, {0x0, r7}})
io_uring_enter(r4, 0x74d1, 0x4c3, 0x43, 0x0, 0xfffffffffffffd1d)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000140)={0x40000002})

5.311147214s ago: executing program 6 (id=912):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r4=>0x0})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000fcdbdf250200000008000300", @ANYRES32=r4, @ANYBLOB="0c00990007000000f46f0000080026006c09000008009f"], 0x38}, 0x1, 0x0, 0x0, 0xd37697ff280d3c0e}, 0x0)
write$cgroup_int(r1, &(0x7f0000000140)=0x3, 0x12)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xb}, {0x9, 0xa298bcafe42cc1b}}}, 0x24}}, 0xc810)
ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045515, &(0x7f0000000180)={0x1, 0x1})
semget(0x2, 0x1, 0x336)
semctl$GETALL(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000002100)=""/148)

5.111897255s ago: executing program 8 (id=913):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'xfrm0\x00', <r1=>0x0})
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r2, 0x0, 0x1, &(0x7f0000000000)=0x1, 0x4)
sendmsg$SEG6_CMD_GET_TUNSRC(r2, &(0x7f00000006c0)={&(0x7f0000000180), 0xc, &(0x7f0000000680)={0x0}, 0x1, 0x0, 0x0, 0x4000010}, 0x4)
sendmmsg(r0, &(0x7f0000000140)=[{{&(0x7f0000000240)=@xdp={0x2c, 0x8, r1, 0x2}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000340)='Y', 0x1}], 0x1}}], 0x1, 0x240400c5)
r3 = socket(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xc}}, &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r7 = socket$l2tp(0x2, 0x2, 0x73)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmmsg(r7, &(0x7f000000dd80)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e22, @remote}, 0x80, &(0x7f0000000400)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_pauseparam={0x1}})
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_SET(r3, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)={0x208, r10, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0xec, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x65, 0x3, "fe58605ceaac52c1f7ee4115b6a204412adc5bf08dfd9155934392a666fff8382a832f129e3d041375071db94e9da226304e6da94aa716de0adfafb531f97083d9529dd92ece71216ab3095763f5d6f6e9ff9509eaf3a3a4b3b6636cf0b3d8b730"}, @TIPC_NLA_NODE_ID={0x24, 0x3, "85dd3702649bc56b55692ba318ccd8bcb113ac5d3c281512a4924d6f776a37bb"}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x18000000}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "d3fa0910015771c507e5b2b6cc5ff42ffb3aef534d8fab22a16b"}}]}, @TIPC_NLA_NODE={0x84, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xeb3}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x59, 0x3, "42f00e54634d823829c4b92a518914e9cc187fa897bbc8081bd87c3485739989141b1e971f3a2351df37c158c4c4ee2c3d09856b15c9ad6771b07c8a27458d8d7e26df93477c8f0a6be13a3c408dd2486309b304d0"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x2}]}, @TIPC_NLA_MEDIA={0x34, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000000}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa23}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}]}]}, @TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}]}]}, 0x208}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f0000000300)='net/icmp\x00')
pread64(r11, &(0x7f0000000940)=""/239, 0xef, 0x8)
openat$cgroup_ro(r11, &(0x7f0000000300)='cpuacct.stat\x00', 0x0, 0x0)

4.870091355s ago: executing program 6 (id=914):
getresuid(&(0x7f0000000440), &(0x7f0000001480), &(0x7f00000014c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000400))
socket$netlink(0x10, 0x3, 0x4)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
mount(&(0x7f0000000140)=@sg0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000340)='ubifs\x00', 0x2208004, 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x4}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r3}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x16, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000380)='\x00'/14, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.660881691s ago: executing program 7 (id=915):
r0 = fsopen(&(0x7f0000000040)='devpts\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000e00)='.\x00', 0x0, 0x0)
r2 = epoll_create1(0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x54, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x1ff}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r3, 0x84009422, &(0x7f00000004c0)={0x0, 0x0, {}, {0x0, @struct}, {0x0, @struct}})
r4 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x7ffc, 0x40024e, 0x0, r1}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000480)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x0, @fd_index=0x3, 0x6, 0x0, 0x0, 0x2, 0x1, {0x0, r7}})
io_uring_enter(r4, 0x74d1, 0x4c3, 0x43, 0x0, 0xfffffffffffffd1d)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000140)={0x40000002})

3.67404203s ago: executing program 9 (id=916):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
r2 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r2, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000000840), 0x0, 0x0, 0x0, 0x80}, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x400, 0x13)

3.56524443s ago: executing program 0 (id=917):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
socket(0x2000000015, 0x80005, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x40071, 0x200000009})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
pread64(r1, 0x0, 0x20, 0x78f2a36b)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000300)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000380)={0x0, 0x0, r3, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x4, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8001, 0xfffffffa, "b4bc323ef77d1f000071849800000000dfff00"}})
fchdir(r0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r4, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))

3.38711568s ago: executing program 9 (id=918):
socket(0x11, 0x800000003, 0x0)
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r1 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r1, 0x8, &(0x7f00000000c0)=0x10001)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsmount(r5, 0x0, 0x0)
fsmount(r0, 0x0, 0x1)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fchown(r6, 0x0, 0x0)

2.705057729s ago: executing program 8 (id=919):
socket(0x11, 0x800000003, 0x0)
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r1 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r1, 0x8, &(0x7f00000000c0)=0x10001)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsmount(r5, 0x0, 0x0)
r6 = fsmount(r0, 0x0, 0x1)
fchdir(r6)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fchown(r7, 0x0, 0x0)
mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x1b\x00\x00\x00\x00\xd7\\P[Ay\x00UN\x00'/31, 0x40, 0x0, &(0x7f0000000440)={0x2000000000002000, 0x1, 0x56, 0x4})
syz_init_net_socket$llc(0x1a, 0x1, 0x0)

2.619912532s ago: executing program 0 (id=920):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getresuid(&(0x7f0000000000), &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000180))
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in=@multicast1, @in=@private=0xa010101, 0x4e23, 0x7, 0x4e24, 0x1, 0xa, 0x20, 0xa0, 0x0, 0x0, r1}, {0x200, 0x80000000, 0x5, 0x4, 0x3, 0xfffffffffffff000, 0xa43, 0xffffffffffffff7f}, {0x4, 0x5, 0x1, 0x2}, 0x4, 0x6e6bb0, 0x2, 0x0, 0x1, 0x1}, {{@in=@local, 0x4d2, 0x16}, 0x2, @in6=@mcast1, 0x3506, 0x0, 0x2, 0x1, 0x1800, 0x10001, 0x4}}, 0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$IMHOLD_L1(0xffffffffffffffff, 0x80044948, &(0x7f00000000c0)=0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, 0x0, 0x0)
write$smackfs_ipv6host(0xffffffffffffffff, &(0x7f0000000280)=@l2={{0x4, 0x3a, 0x9, 0x3a, 0x0, 0x3a, 0x6, 0x3a, 0x5, 0x3a, 0x2, 0x3a, 0xffff, 0x3a, 0x7}, 0x2f, 0x3c, 0x20, '\xc6\x8c'}, 0xb0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11000000040000000400000022"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r7, &(0x7f0000000140), &(0x7f0000000080)=@udp}, 0x20)

2.310639045s ago: executing program 7 (id=921):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
r2 = socket$tipc(0x1e, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)}], 0x1}, 0x0)
listen(r1, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRESOCT, @ANYRES16=r1, @ANYRESOCT=r0], 0xfffffdef}, 0x1, 0x0, 0x0, 0x20004880}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000980)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x8800}, 0x20000045)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000010c0)=@newlink={0x48, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, 0x0, 0x6200}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x21ef}, @IFLA_GRE_ENCAP_DPORT={0x6, 0x11, 0x4e23}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x100}, 0x40080c0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000006c0), &(0x7f0000000700)=0x4)
socket$packet(0x11, 0x2, 0x300)
socket$inet(0x2, 0x2, 0x0)

2.309132257s ago: executing program 6 (id=922):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000005000000010000000100001302000000010000000000000000000000005f"], 0x0, 0x35}, 0x28)
sendmmsg$inet6(r0, &(0x7f0000000840)=[{{&(0x7f0000000240)={0xa, 0x4e29, 0x2, @private0}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000b00)='\n', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x4e24, 0x8, @remote, 0x8}, 0x1c, &(0x7f00000007c0)=[{&(0x7f00000002c0)='*', 0x1}], 0x1}}], 0x2, 0x440088d4)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000413b88400819151300000000000109022b0000100000000904"], 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0958730", 0x4c}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343e", 0xc4}], 0x3}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={@map, 0xffffffffffffffff, 0x33, 0x2008}, 0x20)
connect$can_bcm(r3, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="0500000003000000", @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x4}, &(0x7f0000000040)=0x8)

1.443106746s ago: executing program 0 (id=923):
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getresuid(&(0x7f0000000000), &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000180))
setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000240)={{{@in=@multicast1, @in=@private=0xa010101, 0x4e23, 0x7, 0x4e24, 0x1, 0xa, 0x20, 0xa0, 0x0, 0x0, r1}, {0x200, 0x80000000, 0x5, 0x4, 0x3, 0xfffffffffffff000, 0xa43, 0xffffffffffffff7f}, {0x4, 0x5, 0x1, 0x2}, 0x4, 0x6e6bb0, 0x2, 0x0, 0x1, 0x1}, {{@in=@local, 0x4d2, 0x16}, 0x2, @in6=@mcast1, 0x3506, 0x0, 0x2, 0x1, 0x1800, 0x10001, 0x4}}, 0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$IMHOLD_L1(0xffffffffffffffff, 0x80044948, &(0x7f00000000c0)=0x8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r6, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x41, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r7 = socket(0x40000000015, 0x5, 0x0)
write$smackfs_ipv6host(0xffffffffffffffff, &(0x7f0000000280)=@l2={{0x4, 0x3a, 0x9, 0x3a, 0x0, 0x3a, 0x6, 0x3a, 0x5, 0x3a, 0x2, 0x3a, 0xffff, 0x3a, 0x7}, 0x2f, 0x3c, 0x20, '\xc6\x8c'}, 0xb0)
recvmmsg(r7, &(0x7f0000001380)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/234, 0xea}, 0x4}], 0x1, 0x60010000, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11000000040000000400000022"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r8, &(0x7f0000000140), &(0x7f0000000080)=@udp}, 0x20)

0s ago: executing program 9 (id=924):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, 0x0, 0x0, 0x4)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000080), &(0x7f0000000000)=0x8)

kernel console output (not intermixed with test programs):

filter on device bond0
[  598.354063][ T6935] 8021q: adding VLAN 0 to HW filter on device team0
[  598.515956][ T6006] bridge0: port 1(bridge_slave_0) entered blocking state
[  598.518608][ T6006] bridge0: port 1(bridge_slave_0) entered forwarding state
[  598.545692][ T6936] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  598.615783][ T6936] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  598.670038][ T6936] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  598.706180][ T6006] bridge0: port 2(bridge_slave_1) entered blocking state
[  598.706305][ T6006] bridge0: port 2(bridge_slave_1) entered forwarding state
[  598.786183][ T6936] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  599.089823][ T7209] Invalid source name
[  599.855710][ T7211] team0: entered promiscuous mode
[  599.855727][ T7211] team_slave_0: entered promiscuous mode
[  599.855875][ T7211] team_slave_1: entered promiscuous mode
[  599.858915][ T7211] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  599.872824][ T7211] hsr1: entered allmulticast mode
[  599.872845][ T7211] team0: entered allmulticast mode
[  599.872857][ T7211] team_slave_0: entered allmulticast mode
[  599.872876][ T7211] team_slave_1: entered allmulticast mode
[  599.872920][ T7211] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  599.886426][ T7021] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  599.943103][ T7213] netlink: 'syz.0.228': attribute type 10 has an invalid length.
[  599.963294][ T7213] team0: Device ipvlan0 failed to register rx_handler
[  599.983442][ T7021] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  600.065758][ T6931] 8021q: adding VLAN 0 to HW filter on device batadv0
[  600.065936][ T7021] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  600.159835][ T7021] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  601.991835][ T6936] 8021q: adding VLAN 0 to HW filter on device bond0
[  602.046724][ T6935] 8021q: adding VLAN 0 to HW filter on device batadv0
[  602.115194][ T7021] 8021q: adding VLAN 0 to HW filter on device bond0
[  602.119622][ T6936] 8021q: adding VLAN 0 to HW filter on device team0
[  602.190033][ T6224] bridge0: port 1(bridge_slave_0) entered blocking state
[  602.190242][ T6224] bridge0: port 1(bridge_slave_0) entered forwarding state
[  602.207798][ T6931] veth0_vlan: entered promiscuous mode
[  602.255342][ T6224] bridge0: port 2(bridge_slave_1) entered blocking state
[  602.265675][ T6224] bridge0: port 2(bridge_slave_1) entered forwarding state
[  602.293894][ T7021] 8021q: adding VLAN 0 to HW filter on device team0
[  602.296001][ T6931] veth1_vlan: entered promiscuous mode
[  602.359395][ T6025] bridge0: port 1(bridge_slave_0) entered blocking state
[  602.360909][ T6025] bridge0: port 1(bridge_slave_0) entered forwarding state
[  602.395907][ T6025] bridge0: port 2(bridge_slave_1) entered blocking state
[  602.396078][ T6025] bridge0: port 2(bridge_slave_1) entered forwarding state
[  602.590872][ T6931] veth0_macvtap: entered promiscuous mode
[  602.624273][ T6931] veth1_macvtap: entered promiscuous mode
[  602.958709][ T7248] 9p: Bad value for 'rfdno'
[  603.732390][ T6931] batman_adv: batadv0: Interface activated: batadv_slave_0
[  603.762705][ T6931] batman_adv: batadv0: Interface activated: batadv_slave_1
[  603.816653][ T6224] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  603.832230][ T5996] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  603.851265][ T5996] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  603.852068][ T6935] veth0_vlan: entered promiscuous mode
[  603.861816][ T5996] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  603.983402][ T6935] veth1_vlan: entered promiscuous mode
[  604.294404][ T7260] Invalid source name
[  605.048912][ T6936] 8021q: adding VLAN 0 to HW filter on device batadv0
[  605.156480][ T7021] 8021q: adding VLAN 0 to HW filter on device batadv0
[  605.167900][ T6224] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  605.167919][ T6224] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  605.213080][ T6935] veth0_macvtap: entered promiscuous mode
[  605.299689][ T6935] veth1_macvtap: entered promiscuous mode
[  605.344730][ T7267] process 'syz.0.235' launched '/dev/fd/8' with NULL argv: empty string added
[  605.402149][ T6076] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  605.402170][ T6076] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  605.442547][ T6935] batman_adv: batadv0: Interface activated: batadv_slave_0
[  605.528259][ T6935] batman_adv: batadv0: Interface activated: batadv_slave_1
[  605.618492][ T1111] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  605.618537][ T1111] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  605.618571][ T1111] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  605.618603][ T1111] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  605.753420][ T7279] netlink: 'syz.5.236': attribute type 4 has an invalid length.
[  605.834189][ T7279] netlink: 36 bytes leftover after parsing attributes in process `syz.5.236'.
[  606.131759][ T6936] veth0_vlan: entered promiscuous mode
[  606.141315][ T6060] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  606.154625][ T6070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  606.154645][ T6070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  606.245107][ T6936] veth1_vlan: entered promiscuous mode
[  606.306295][ T6060] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  606.306332][ T6060] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  606.338762][ T6060] usb 6-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66
[  606.338795][ T6060] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.338816][ T6060] usb 6-1: Product: syz
[  606.338831][ T6060] usb 6-1: Manufacturer: syz
[  606.338846][ T6060] usb 6-1: SerialNumber: syz
[  606.431042][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  606.431060][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  606.464579][ T6060] usb 6-1: config 0 descriptor??
[  606.538104][ T7287] 9p: Bad value for 'rfdno'
[  606.732938][ T6060] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -90
[  607.126675][ T7021] veth0_vlan: entered promiscuous mode
[  607.149540][ T7021] veth1_vlan: entered promiscuous mode
[  607.178942][ T6936] veth0_macvtap: entered promiscuous mode
[  607.226436][ T6936] veth1_macvtap: entered promiscuous mode
[  607.348712][ T7021] veth0_macvtap: entered promiscuous mode
[  607.375691][ T6936] batman_adv: batadv0: Interface activated: batadv_slave_0
[  607.383442][ T7021] veth1_macvtap: entered promiscuous mode
[  607.452182][ T6936] batman_adv: batadv0: Interface activated: batadv_slave_1
[  607.514316][ T6224] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  607.529819][ T6224] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  607.539595][ T6224] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  607.549940][ T6224] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  607.723859][ T7021] batman_adv: batadv0: Interface activated: batadv_slave_0
[  608.634068][ T7300] Invalid source name
[  608.651457][ T7021] batman_adv: batadv0: Interface activated: batadv_slave_1
[  608.862868][ T5905] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  608.874786][ T5905] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  608.875958][ T5905] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  608.876015][ T5905] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  609.273261][ T5886] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  609.273282][ T5886] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  609.553369][ T3747] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  609.553390][ T3747] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  609.786914][   T10] usb 6-1: USB disconnect, device number 2
[  609.828224][ T5905] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  609.828246][ T5905] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  610.460836][ T7323] 9p: Bad value for 'rfdno'
[  610.491204][ T6077] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  611.052164][ T5886] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  611.052183][ T5886] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  611.075946][   T11] block nbd1: Possible stuck request ffff888024a4e000: control (read@0,1024B). Runtime 60 seconds
[  611.075994][   T11] block nbd1: Possible stuck request ffff888024a4e1c0: control (read@1024,1024B). Runtime 60 seconds
[  611.076024][   T11] block nbd1: Possible stuck request ffff888024a4e380: control (read@2048,1024B). Runtime 60 seconds
[  611.076053][   T11] block nbd1: Possible stuck request ffff888024a4e540: control (read@3072,1024B). Runtime 60 seconds
[  611.210822][ T6077] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  611.210853][ T6077] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  611.210895][ T6077] usb 8-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice= 0.00
[  611.210918][ T6077] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.230391][ T6077] usb 8-1: config 0 descriptor??
[  611.448234][ T7329] netlink: 12 bytes leftover after parsing attributes in process `syz.5.248'.
[  611.476336][ T6077] usb 8-1: string descriptor 0 read error: -71
[  611.526675][ T6077] usbhid 8-1:0.0: can't add hid device: -71
[  611.526800][ T6077] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  611.563492][ T7328] FAULT_INJECTION: forcing a failure.
[  611.563492][ T7328] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  611.563525][ T7328] CPU: 1 UID: 0 PID: 7328 Comm: syz.6.249 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  611.563547][ T7328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  611.563559][ T7328] Call Trace:
[  611.563566][ T7328]  <TASK>
[  611.563574][ T7328]  dump_stack_lvl+0xe8/0x150
[  611.563606][ T7328]  should_fail_ex+0x46c/0x600
[  611.563635][ T7328]  _copy_from_user+0x2d/0xb0
[  611.563655][ T7328]  ___sys_sendmsg+0x158/0x2a0
[  611.563681][ T7328]  ? __pfx____sys_sendmsg+0x10/0x10
[  611.563709][ T7328]  ? kstrtouint+0x6e/0xe0
[  611.563762][ T7328]  ? __fget_files+0x2a/0x420
[  611.563781][ T7328]  ? __fget_files+0x3a6/0x420
[  611.563809][ T7328]  __sys_sendmmsg+0x22d/0x430
[  611.563837][ T7328]  ? __pfx___sys_sendmmsg+0x10/0x10
[  611.563868][ T7328]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  611.563905][ T7328]  ? ksys_write+0x230/0x260
[  611.563932][ T7328]  ? __pfx_ksys_write+0x10/0x10
[  611.563962][ T7328]  __x64_sys_sendmmsg+0xa0/0xc0
[  611.563987][ T7328]  do_syscall_64+0xec/0xf80
[  611.564006][ T7328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.564024][ T7328]  ? trace_irq_disable+0x37/0x100
[  611.564044][ T7328]  ? clear_bhb_loop+0x60/0xb0
[  611.564066][ T7328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.564084][ T7328] RIP: 0033:0x7fad5729f749
[  611.564101][ T7328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  611.564117][ T7328] RSP: 002b:00007fad554fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  611.564137][ T7328] RAX: ffffffffffffffda RBX: 00007fad574f5fa0 RCX: 00007fad5729f749
[  611.564151][ T7328] RDX: 0000000000000001 RSI: 0000200000005d40 RDI: 0000000000000008
[  611.564164][ T7328] RBP: 00007fad554fe090 R08: 0000000000000000 R09: 0000000000000000
[  611.564175][ T7328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  611.564187][ T7328] R13: 00007fad574f6038 R14: 00007fad574f5fa0 R15: 00007ffd29993a88
[  611.564218][ T7328]  </TASK>
[  611.575642][ T6077] usb 8-1: USB disconnect, device number 2
[  612.104523][ T5934] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  612.261150][ T5934] usb 7-1: Using ep0 maxpacket: 32
[  612.266514][ T5934] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  612.266549][ T5934] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  612.266589][ T5934] usb 7-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  612.266613][ T5934] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.381468][ T5934] usb 7-1: config 0 descriptor??
[  612.490934][ T6060] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  612.974124][ T5934] ft260 0003:0403:6030.0003: item fetching failed at offset 0/2
[  612.978016][ T5934] ft260 0003:0403:6030.0003: failed to parse HID
[  612.978490][ T5934] ft260 0003:0403:6030.0003: probe with driver ft260 failed with error -22
[  613.025510][   T11] block nbd0: Possible stuck request ffff8880249ae000: control (read@0,1024B). Runtime 90 seconds
[  613.025558][   T11] block nbd0: Possible stuck request ffff8880249ae1c0: control (read@1024,1024B). Runtime 90 seconds
[  613.025588][   T11] block nbd0: Possible stuck request ffff8880249ae380: control (read@2048,1024B). Runtime 90 seconds
[  613.025680][   T11] block nbd0: Possible stuck request ffff8880249ae540: control (read@3072,1024B). Runtime 90 seconds
[  613.271407][ T7359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.255'.
[  613.884656][ T7368] 9p: Bad value for 'rfdno'
[  614.390299][ T7369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  614.421482][ T7369] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  614.952773][ T7377] vivid-006: disconnect
[  615.601540][ T6136] usb 7-1: USB disconnect, device number 2
[  615.695476][ T7375] vivid-006: reconnect
[  616.798758][ T7400] netlink: 'syz.8.265': attribute type 1 has an invalid length.
[  618.268268][   T37] kauditd_printk_skb: 31 callbacks suppressed
[  618.268285][   T37] audit: type=1326 audit(1766933038.837:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7415 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  618.498463][ T7418] 9p: Bad value for 'rfdno'
[  619.146165][   T37] audit: type=1326 audit(1766933038.837:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7415 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  619.219354][   T37] audit: type=1326 audit(1766933039.717:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7415 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  619.220244][   T37] audit: type=1326 audit(1766933039.787:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7415 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  619.412098][   T37] audit: type=1326 audit(1766933039.857:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7415 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  619.412229][   T37] audit: type=1326 audit(1766933039.857:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7415 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  619.412270][   T37] audit: type=1326 audit(1766933039.857:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7415 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  619.412310][   T37] audit: type=1326 audit(1766933039.857:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7415 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  619.949789][   T37] audit: type=1326 audit(1766933040.497:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7415 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  620.056948][   T37] audit: type=1326 audit(1766933040.567:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7415 comm="syz.6.268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  620.294093][ T7429] Invalid source name
[  622.081144][ T7457] 9p: Bad value for 'rfdno'
[  622.972943][ T7465] FAULT_INJECTION: forcing a failure.
[  622.972943][ T7465] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  622.972978][ T7465] CPU: 1 UID: 0 PID: 7465 Comm: syz.7.282 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  622.973001][ T7465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  622.973012][ T7465] Call Trace:
[  622.973020][ T7465]  <TASK>
[  622.973028][ T7465]  dump_stack_lvl+0xe8/0x150
[  622.973056][ T7465]  should_fail_ex+0x46c/0x600
[  622.973089][ T7465]  _copy_to_user+0x31/0xb0
[  622.973110][ T7465]  simple_read_from_buffer+0xe1/0x170
[  622.973134][ T7465]  proc_fail_nth_read+0x1b6/0x220
[  622.973164][ T7465]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  622.973193][ T7465]  ? rw_verify_area+0x2ac/0x4e0
[  622.973217][ T7465]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  622.973243][ T7465]  vfs_read+0x206/0xa30
[  622.973275][ T7465]  ? __pfx_vfs_read+0x10/0x10
[  622.973301][ T7465]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  622.973322][ T7465]  ? lockdep_hardirqs_on+0x7b/0x110
[  622.973340][ T7465]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  622.973358][ T7465]  ? mutex_lock_nested+0x154/0x1d0
[  622.973380][ T7465]  ? fdget_pos+0x253/0x320
[  622.973409][ T7465]  ksys_read+0x14b/0x260
[  622.973435][ T7465]  ? __pfx_ksys_read+0x10/0x10
[  622.973471][ T7465]  do_syscall_64+0xec/0xf80
[  622.973490][ T7465]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  622.973508][ T7465]  ? trace_irq_disable+0x37/0x100
[  622.973527][ T7465]  ? clear_bhb_loop+0x60/0xb0
[  622.973550][ T7465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  622.973567][ T7465] RIP: 0033:0x7f865fdbe15c
[  622.973585][ T7465] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  622.973602][ T7465] RSP: 002b:00007f865e026030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  622.973630][ T7465] RAX: ffffffffffffffda RBX: 00007f8660015fa0 RCX: 00007f865fdbe15c
[  622.973644][ T7465] RDX: 000000000000000f RSI: 00007f865e0260a0 RDI: 0000000000000003
[  622.973656][ T7465] RBP: 00007f865e026090 R08: 0000000000000000 R09: 0000000000000000
[  622.973668][ T7465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  622.973679][ T7465] R13: 00007f8660016038 R14: 00007f8660015fa0 R15: 00007ffe9f254e28
[  622.973711][ T7465]  </TASK>
[  623.379112][ T7470] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  623.972009][ T7493] FAULT_INJECTION: forcing a failure.
[  623.972009][ T7493] name failslab, interval 1, probability 0, space 0, times 0
[  623.972042][ T7493] CPU: 1 UID: 0 PID: 7493 Comm: syz.7.289 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  623.972063][ T7493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  623.972075][ T7493] Call Trace:
[  623.972083][ T7493]  <TASK>
[  623.972091][ T7493]  dump_stack_lvl+0xe8/0x150
[  623.972120][ T7493]  should_fail_ex+0x46c/0x600
[  623.972149][ T7493]  ? security_inode_alloc+0x39/0x330
[  623.972169][ T7493]  should_failslab+0xa8/0x100
[  623.972189][ T7493]  ? security_inode_alloc+0x39/0x330
[  623.972207][ T7493]  kmem_cache_alloc_noprof+0x84/0x6c0
[  623.972239][ T7493]  security_inode_alloc+0x39/0x330
[  623.972261][ T7493]  inode_init_always_gfp+0x9bf/0xd70
[  623.972286][ T7493]  ? __pfx_sock_alloc_inode+0x10/0x10
[  623.972311][ T7493]  alloc_inode+0x82/0x1b0
[  623.972331][ T7493]  __sock_create+0x12d/0x9d0
[  623.972357][ T7493]  mptcp_subflow_create_socket+0xf0/0x800
[  623.972382][ T7493]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  623.972411][ T7493]  __mptcp_nmpc_sk+0x148/0x780
[  623.972434][ T7493]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  623.972462][ T7493]  mptcp_connect+0x71/0x830
[  623.972492][ T7493]  __inet_stream_connect+0x2ae/0xe70
[  623.972513][ T7493]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  623.972544][ T7493]  ? __pfx___inet_stream_connect+0x10/0x10
[  623.972564][ T7493]  ? __local_bh_enable+0x1e2/0x2f0
[  623.972601][ T7493]  ? __local_bh_enable_ip+0x1af/0x2c0
[  623.972621][ T7493]  ? lockdep_hardirqs_on+0x7b/0x110
[  623.972645][ T7493]  inet_stream_connect+0x66/0xa0
[  623.972670][ T7493]  __sys_connect+0x323/0x450
[  623.972693][ T7493]  ? __pfx___sys_connect+0x10/0x10
[  623.972726][ T7493]  ? __pfx_ksys_write+0x10/0x10
[  623.972758][ T7493]  __x64_sys_connect+0x7a/0x90
[  623.972779][ T7493]  do_syscall_64+0xec/0xf80
[  623.972797][ T7493]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.972815][ T7493]  ? trace_irq_disable+0x37/0x100
[  623.972834][ T7493]  ? clear_bhb_loop+0x60/0xb0
[  623.972857][ T7493]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.972876][ T7493] RIP: 0033:0x7f865fdbf749
[  623.972893][ T7493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  623.972909][ T7493] RSP: 002b:00007f865e026038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  623.972930][ T7493] RAX: ffffffffffffffda RBX: 00007f8660015fa0 RCX: 00007f865fdbf749
[  623.972944][ T7493] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000005
[  623.972957][ T7493] RBP: 00007f865e026090 R08: 0000000000000000 R09: 0000000000000000
[  623.972968][ T7493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  623.972980][ T7493] R13: 00007f8660016038 R14: 00007f8660015fa0 R15: 00007ffe9f254e28
[  623.973013][ T7493]  </TASK>
[  623.973281][ T7493] socket: no more sockets
[  624.254842][ T7496] netlink: 156 bytes leftover after parsing attributes in process `syz.0.291'.
[  624.277004][ T7496] netlink: 156 bytes leftover after parsing attributes in process `syz.0.291'.
[  624.486292][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  624.486352][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  624.575563][ T7501] netlink: 12 bytes leftover after parsing attributes in process `syz.7.292'.
[  624.707894][ T7491] syz.8.288 (7491) used greatest stack depth: 16288 bytes left
[  624.717541][ T5971] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  624.944732][ T5971] usb 6-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  624.944766][ T5971] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  624.944787][ T5971] usb 6-1: Product: syz
[  624.944802][ T5971] usb 6-1: Manufacturer: syz
[  624.944817][ T5971] usb 6-1: SerialNumber: syz
[  625.080015][ T5971] usb 6-1: config 0 descriptor??
[  625.156819][ T5971] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  625.926372][ T7510] overlayfs: failed to clone upperpath
[  626.133632][ T5971] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  626.136518][ T5971] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  626.136721][ T5971] usb 6-1: media controller created
[  626.467905][ T5971] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  628.711423][ T5971] DVB: Unable to find symbol mt352_attach()
[  629.175122][ T5971] DVB: Unable to find symbol nxt6000_attach()
[  629.175138][ T5971] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  629.228128][ T5971] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input5
[  630.076601][ T5854] block nbd2: Receive control failed (result -32)
[  630.140519][ T5971] dvb-usb: schedule remote query interval to 1000 msecs.
[  630.140544][ T5971] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  630.151632][ T7545] nbd2: detected capacity change from 0 to 127
[  630.214737][ T7549] netlink: 'syz.8.300': attribute type 5 has an invalid length.
[  630.214758][ T7549] netlink: 64 bytes leftover after parsing attributes in process `syz.8.300'.
[  630.230879][ T5971] dvb-usb: bulk message failed: -22 (7/0)
[  630.230907][ T5971] dvb-usb: bulk message failed: -22 (7/0)
[  630.252211][ T5971] usb 6-1: USB disconnect, device number 4
[  630.456995][ T6752] block nbd2: Dead connection, failed to find a fallback
[  630.457021][ T6752] block nbd2: shutting down sockets
[  630.457159][ T6752] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  630.457286][ T6752] Buffer I/O error on dev nbd2, logical block 0, async page read
[  630.457412][ T6752] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  630.457436][ T6752] Buffer I/O error on dev nbd2, logical block 1, async page read
[  630.457486][ T6752] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  630.457508][ T6752] Buffer I/O error on dev nbd2, logical block 2, async page read
[  630.457554][ T6752] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  630.457575][ T6752] Buffer I/O error on dev nbd2, logical block 3, async page read
[  630.457640][ T6752] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  630.457661][ T6752] Buffer I/O error on dev nbd2, logical block 0, async page read
[  630.457706][ T6752] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  630.457727][ T6752] Buffer I/O error on dev nbd2, logical block 1, async page read
[  630.457772][ T6752] I/O error, dev nbd2, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  630.457792][ T6752] Buffer I/O error on dev nbd2, logical block 2, async page read
[  630.457838][ T6752] I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  630.457860][ T6752] Buffer I/O error on dev nbd2, logical block 3, async page read
[  630.457919][ T6752] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  630.457941][ T6752] Buffer I/O error on dev nbd2, logical block 0, async page read
[  630.458037][ T6752] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  630.458061][ T6752] Buffer I/O error on dev nbd2, logical block 1, async page read
[  630.459497][ T6752] ldm_validate_partition_table(): Disk read failed.
[  630.460182][ T6752] Dev nbd2: unable to read RDB block 0
[  630.681137][ T6752]  nbd2: unable to read partition table
[  630.718161][ T6752] ldm_validate_partition_table(): Disk read failed.
[  630.718541][ T6752] Dev nbd2: unable to read RDB block 0
[  630.718969][ T6752]  nbd2: unable to read partition table
[  630.953799][ T5854] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci6/hci6:201'
[  630.953828][ T5854] CPU: 1 UID: 0 PID: 5854 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  630.953856][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  630.953871][ T5854] Workqueue: hci6 hci_rx_work
[  630.953896][ T5854] Call Trace:
[  630.953905][ T5854]  <TASK>
[  630.953914][ T5854]  dump_stack_lvl+0xe8/0x150
[  630.953947][ T5854]  sysfs_create_dir_ns+0x259/0x280
[  630.953977][ T5854]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  630.954007][ T5854]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  630.954041][ T5854]  ? rt_spin_unlock+0x161/0x200
[  630.954071][ T5854]  kobject_add_internal+0x6b1/0xcd0
[  630.954114][ T5854]  kobject_add+0x155/0x220
[  630.954143][ T5854]  ? __pfx_kobject_add+0x10/0x10
[  630.954175][ T5854]  ? get_device_parent+0x370/0x3a0
[  630.954200][ T5854]  device_add+0x408/0xb80
[  630.954224][ T5854]  hci_conn_add_sysfs+0xd5/0x210
[  630.954259][ T5854]  le_conn_complete_evt+0xf1d/0x1420
[  630.954294][ T5854]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  630.954320][ T5854]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  630.954341][ T5854]  ? lockdep_hardirqs_on+0x7b/0x110
[  630.954365][ T5854]  ? skb_pull_data+0xfb/0x200
[  630.954400][ T5854]  hci_le_conn_complete_evt+0x187/0x480
[  630.954433][ T5854]  hci_event_packet+0x78f/0x1260
[  630.954469][ T5854]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  630.954496][ T5854]  ? __pfx_hci_event_packet+0x10/0x10
[  630.954527][ T5854]  ? rt_spin_unlock+0x150/0x200
[  630.954563][ T5854]  ? hci_send_to_monitor+0xe2/0x590
[  630.954594][ T5854]  hci_rx_work+0x3ee/0x1060
[  630.954622][ T5854]  ? process_scheduled_works+0x9ef/0x1770
[  630.954650][ T5854]  process_scheduled_works+0xad1/0x1770
[  630.954705][ T5854]  ? __pfx_process_scheduled_works+0x10/0x10
[  630.954726][ T5854]  ? do_raw_spin_lock+0x121/0x290
[  630.954769][ T5854]  worker_thread+0x8a0/0xda0
[  630.954808][ T5854]  ? __kthread_parkme+0x7b/0x200
[  630.954845][ T5854]  kthread+0x711/0x8a0
[  630.954875][ T5854]  ? __pfx_worker_thread+0x10/0x10
[  630.954897][ T5854]  ? __pfx_kthread+0x10/0x10
[  630.954921][ T5854]  ? rt_spin_unlock+0x150/0x200
[  630.954952][ T5854]  ? rt_spin_unlock+0x161/0x200
[  630.954976][ T5854]  ? __pfx_kthread+0x10/0x10
[  630.955006][ T5854]  ret_from_fork+0x510/0xa50
[  630.955033][ T5854]  ? __pfx_ret_from_fork+0x10/0x10
[  630.955054][ T5854]  ? __switch_to+0xc9e/0x1480
[  630.955096][ T5854]  ? __pfx_kthread+0x10/0x10
[  630.955126][ T5854]  ret_from_fork_asm+0x1a/0x30
[  630.955176][ T5854]  </TASK>
[  630.955208][ T5854] kobject: kobject_add_internal failed for hci6:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  630.955251][ T5854] Bluetooth: hci6: failed to register connection device
[  631.041596][ T7573] sd 0:0:1:0: device reset
[  632.094560][ T7580] netlink: 12 bytes leftover after parsing attributes in process `syz.6.309'.
[  632.317595][ T5971] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  632.545599][ T7588] FAULT_INJECTION: forcing a failure.
[  632.545599][ T7588] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  632.545633][ T7588] CPU: 0 UID: 0 PID: 7588 Comm: syz.7.314 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  632.545656][ T7588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  632.545668][ T7588] Call Trace:
[  632.545676][ T7588]  <TASK>
[  632.545684][ T7588]  dump_stack_lvl+0xe8/0x150
[  632.545713][ T7588]  should_fail_ex+0x46c/0x600
[  632.545743][ T7588]  _copy_from_user+0x2d/0xb0
[  632.545763][ T7588]  mptcp_setsockopt+0x17b6/0x35d0
[  632.545796][ T7588]  ? __pfx_mptcp_setsockopt+0x10/0x10
[  632.545827][ T7588]  ? __fget_files+0x2a/0x420
[  632.545850][ T7588]  ? sock_common_setsockopt+0x36/0xc0
[  632.545869][ T7588]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  632.545889][ T7588]  do_sock_setsockopt+0x17c/0x1b0
[  632.545916][ T7588]  __x64_sys_setsockopt+0x145/0x1b0
[  632.545943][ T7588]  do_syscall_64+0xec/0xf80
[  632.545962][ T7588]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.545980][ T7588]  ? trace_irq_disable+0x37/0x100
[  632.546000][ T7588]  ? clear_bhb_loop+0x60/0xb0
[  632.546022][ T7588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.546041][ T7588] RIP: 0033:0x7f865fdbf749
[  632.546057][ T7588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  632.546074][ T7588] RSP: 002b:00007f865e026038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  632.546095][ T7588] RAX: ffffffffffffffda RBX: 00007f8660015fa0 RCX: 00007f865fdbf749
[  632.546110][ T7588] RDX: 0000000000000019 RSI: 0000000000000006 RDI: 0000000000000004
[  632.546121][ T7588] RBP: 00007f865e026090 R08: 0000000000000004 R09: 0000000000000000
[  632.546140][ T7588] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001
[  632.546152][ T7588] R13: 00007f8660016038 R14: 00007f8660015fa0 R15: 00007ffe9f254e28
[  632.546183][ T7588]  </TASK>
[  632.814648][ T7592] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  632.814648][ T7592] The task syz.7.316 (7592) triggered the difference, watch for misbehavior.
[  633.839222][ T5854] block nbd3: Receive control failed (result -32)
[  634.295803][ T7595] nbd3: detected capacity change from 0 to 127
[  634.314330][ T6752] block nbd3: Dead connection, failed to find a fallback
[  634.314357][ T6752] block nbd3: shutting down sockets
[  634.315648][ T6752] ldm_validate_partition_table(): Disk read failed.
[  634.316302][ T6752] Dev nbd3: unable to read RDB block 0
[  634.317115][ T6752]  nbd3: unable to read partition table
[  634.468517][ T7598] netlink: 64 bytes leftover after parsing attributes in process `syz.7.317'.
[  634.468551][ T7598] nbd: socks must be embedded in a SOCK_ITEM attr
[  634.581105][ T6752] ldm_validate_partition_table(): Disk read failed.
[  634.581440][ T6752] Dev nbd3: unable to read RDB block 0
[  634.581867][ T6752]  nbd3: unable to read partition table
[  637.196434][ T5854] Bluetooth: hci6: command 0x0406 tx timeout
[  637.537989][ T7647] netlink: 12 bytes leftover after parsing attributes in process `syz.8.326'.
[  638.379062][ T5913] usb 9-1: new low-speed USB device number 2 using dummy_hcd
[  638.452539][ T7673] netlink: 64 bytes leftover after parsing attributes in process `syz.6.334'.
[  638.553076][ T5913] usb 9-1: config 0 has an invalid interface number: 55 but max is 0
[  638.553106][ T5913] usb 9-1: config 0 has no interface number 0
[  638.553152][ T5913] usb 9-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  638.553176][ T5913] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  638.553204][ T5913] usb 9-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  638.553230][ T5913] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  638.553257][ T5913] usb 9-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  638.553284][ T5913] usb 9-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  638.553325][ T5913] usb 9-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  638.553349][ T5913] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.559871][ T5913] usb 9-1: config 0 descriptor??
[  638.560756][ T7663] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  638.560945][ T7663] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  638.774321][ T5913] ldusb 9-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  638.823784][ T5913] usb 9-1: USB disconnect, device number 2
[  638.827260][ T5913] ldusb 9-1:0.55: LD USB Device #0 now disconnected
[  639.190412][ T7679] bond1: option tlb_dynamic_lb: invalid value (255)
[  639.424038][ T7679] bond1 (unregistering): Released all slaves
[  639.498737][ T7690] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  640.110704][ T5913] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  640.270274][ T5913] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  640.270306][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  640.270328][ T5913] usb 6-1: Product: syz
[  640.270343][ T5913] usb 6-1: Manufacturer: syz
[  640.270357][ T5913] usb 6-1: SerialNumber: syz
[  640.348096][ T5913] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  640.415035][ T5921] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  641.353783][   T11] block nbd1: Possible stuck request ffff888024a4e000: control (read@0,1024B). Runtime 90 seconds
[  641.354837][   T11] block nbd1: Possible stuck request ffff888024a4e1c0: control (read@1024,1024B). Runtime 90 seconds
[  641.354872][   T11] block nbd1: Possible stuck request ffff888024a4e380: control (read@2048,1024B). Runtime 90 seconds
[  641.354901][   T11] block nbd1: Possible stuck request ffff888024a4e540: control (read@3072,1024B). Runtime 90 seconds
[  641.420869][ T7727] openvswitch: netlink: IP tunnel dst address not specified
[  641.712071][ T7731] Invalid source name
[  641.716746][ T7732] netlink: 8 bytes leftover after parsing attributes in process `syz.7.353'.
[  642.523348][ T5921] usb 6-1: Service connection timeout for: 256
[  642.523372][ T5921] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services
[  642.594166][ T5921] ath9k_htc: Failed to initialize the device
[  642.616100][ T5921] usb 6-1: ath9k_htc: USB layer deinitialized
[  643.012194][ T5913] usb 6-1: USB disconnect, device number 5
[  643.781630][   T11] block nbd0: Possible stuck request ffff8880249ae000: control (read@0,1024B). Runtime 120 seconds
[  643.781804][   T11] block nbd0: Possible stuck request ffff8880249ae1c0: control (read@1024,1024B). Runtime 120 seconds
[  643.781909][   T11] block nbd0: Possible stuck request ffff8880249ae380: control (read@2048,1024B). Runtime 120 seconds
[  643.782013][   T11] block nbd0: Possible stuck request ffff8880249ae540: control (read@3072,1024B). Runtime 120 seconds
[  644.666511][ T7771] Invalid source name
[  645.042231][ T7784] vivid-004: disconnect
[  645.783350][ T7778] vivid-004: reconnect
[  647.385824][ T7827] loop9: detected capacity change from 0 to 7
[  647.410969][ T7827] Dev loop9: unable to read RDB block 7
[  647.411024][ T7827]  loop9: unable to read partition table
[  647.411246][ T7827] loop9: partition table beyond EOD, truncated
[  647.412062][ T7827] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  647.988256][ T7851] vivid-000: disconnect
[  648.731884][ T7844] vivid-000: reconnect
[  648.814103][ T7869] FAULT_INJECTION: forcing a failure.
[  648.814103][ T7869] name failslab, interval 1, probability 0, space 0, times 0
[  648.814137][ T7869] CPU: 0 UID: 0 PID: 7869 Comm: syz.7.386 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  648.814160][ T7869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  648.814171][ T7869] Call Trace:
[  648.814178][ T7869]  <TASK>
[  648.814186][ T7869]  dump_stack_lvl+0xe8/0x150
[  648.814215][ T7869]  should_fail_ex+0x46c/0x600
[  648.814243][ T7869]  ? getname_flags+0xb8/0x540
[  648.814261][ T7869]  should_failslab+0xa8/0x100
[  648.814281][ T7869]  ? getname_flags+0xb8/0x540
[  648.814297][ T7869]  kmem_cache_alloc_noprof+0x84/0x6c0
[  648.814323][ T7869]  ? strncpy_from_user+0x150/0x2c0
[  648.814349][ T7869]  getname_flags+0xb8/0x540
[  648.814371][ T7869]  __x64_sys_rename+0x6a/0x90
[  648.814391][ T7869]  do_syscall_64+0xec/0xf80
[  648.814410][ T7869]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.814428][ T7869]  ? trace_irq_disable+0x37/0x100
[  648.814448][ T7869]  ? clear_bhb_loop+0x60/0xb0
[  648.814471][ T7869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.814489][ T7869] RIP: 0033:0x7f865fdbf749
[  648.814506][ T7869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  648.814521][ T7869] RSP: 002b:00007f865e026038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  648.814543][ T7869] RAX: ffffffffffffffda RBX: 00007f8660015fa0 RCX: 00007f865fdbf749
[  648.814557][ T7869] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000200000000180
[  648.814570][ T7869] RBP: 00007f865e026090 R08: 0000000000000000 R09: 0000000000000000
[  648.814582][ T7869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  648.814592][ T7869] R13: 00007f8660016038 R14: 00007f8660015fa0 R15: 00007ffe9f254e28
[  648.814622][ T7869]  </TASK>
[  650.807232][ T7897] capability: warning: `syz.6.393' uses deprecated v2 capabilities in a way that may be insecure
[  651.000931][ T7897] Option '      ­>' to dns_resolver key: bad/missing value
[  651.156535][ T5941] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  651.307192][ T5941] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  651.307223][ T5941] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  651.307266][ T5941] usb 6-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice= 0.00
[  651.307290][ T5941] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  651.378655][ T5941] usb 6-1: config 0 descriptor??
[  651.608228][ T5941] usb 6-1: string descriptor 0 read error: -71
[  651.631665][ T5941] usbhid 6-1:0.0: can't add hid device: -71
[  651.631771][ T5941] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  651.659386][ T5941] usb 6-1: USB disconnect, device number 6
[  653.832462][ T7945] netlink: 12 bytes leftover after parsing attributes in process `syz.5.404'.
[  655.280718][ T5170] udevd[5170]: worker [6778] /devices/virtual/block/nbd1 is taking a long time
[  655.843388][ T6046] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  656.009734][ T6046] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  656.009884][ T6046] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  656.009909][ T6046] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  656.009955][ T6046] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  656.009980][ T6046] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.072490][ T6046] usb 9-1: config 0 descriptor??
[  656.470824][ T5913] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  656.508172][ T6046] usbhid 9-1:0.0: can't add hid device: -71
[  656.508302][ T6046] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  656.544803][ T6046] usb 9-1: USB disconnect, device number 3
[  656.623938][ T5913] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  656.623969][ T5913] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  656.624011][ T5913] usb 8-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice= 0.00
[  656.624035][ T5913] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.639862][ T5913] usb 8-1: config 0 descriptor??
[  656.730112][ T5863] Bluetooth: hci0: unexpected event for opcode 0x0c1b
[  656.861252][ T5913] usb 8-1: string descriptor 0 read error: -71
[  656.882538][ T5913] usbhid 8-1:0.0: can't add hid device: -71
[  656.882661][ T5913] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  656.902433][ T5913] usb 8-1: USB disconnect, device number 3
[  657.488285][   T37] kauditd_printk_skb: 7 callbacks suppressed
[  657.488304][   T37] audit: type=1326 audit(1766933078.047:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8007 comm="syz.5.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1f5c3f749 code=0x7ffc0000
[  657.489365][   T37] audit: type=1326 audit(1766933078.057:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8007 comm="syz.5.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7fb1f5c3f749 code=0x7ffc0000
[  657.489700][   T37] audit: type=1326 audit(1766933078.057:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8007 comm="syz.5.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1f5c3f749 code=0x7ffc0000
[  657.490263][   T37] audit: type=1326 audit(1766933078.057:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8007 comm="syz.5.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fb1f5c3f749 code=0x7ffc0000
[  657.491612][   T37] audit: type=1326 audit(1766933078.057:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8007 comm="syz.5.419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb1f5c3f749 code=0x7ffc0000
[  657.862486][ T8020] FAULT_INJECTION: forcing a failure.
[  657.862486][ T8020] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  657.862525][ T8020] CPU: 0 UID: 0 PID: 8020 Comm: syz.5.422 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  657.862548][ T8020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  657.862560][ T8020] Call Trace:
[  657.862567][ T8020]  <TASK>
[  657.862575][ T8020]  dump_stack_lvl+0xe8/0x150
[  657.862602][ T8020]  should_fail_ex+0x46c/0x600
[  657.862630][ T8020]  _copy_from_user+0x2d/0xb0
[  657.862649][ T8020]  inet6_ioctl+0x180/0x280
[  657.862671][ T8020]  ? __pfx_inet6_ioctl+0x10/0x10
[  657.862689][ T8020]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  657.862721][ T8020]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  657.862752][ T8020]  sock_do_ioctl+0xdc/0x300
[  657.862781][ T8020]  ? __pfx_sock_do_ioctl+0x10/0x10
[  657.862810][ T8020]  ? __asan_memset+0x22/0x50
[  657.862833][ T8020]  ? smack_file_ioctl+0x24d/0x340
[  657.862860][ T8020]  sock_ioctl+0x579/0x790
[  657.862888][ T8020]  ? __pfx_sock_ioctl+0x10/0x10
[  657.862912][ T8020]  ? __fget_files+0x2a/0x420
[  657.862930][ T8020]  ? __fget_files+0x3a6/0x420
[  657.862948][ T8020]  ? __fget_files+0x2a/0x420
[  657.862977][ T8020]  ? bpf_lsm_file_ioctl+0x9/0x20
[  657.863002][ T8020]  ? __pfx_sock_ioctl+0x10/0x10
[  657.863026][ T8020]  __se_sys_ioctl+0xff/0x170
[  657.863052][ T8020]  do_syscall_64+0xec/0xf80
[  657.863071][ T8020]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.863089][ T8020]  ? trace_irq_disable+0x37/0x100
[  657.863108][ T8020]  ? clear_bhb_loop+0x60/0xb0
[  657.863130][ T8020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.863148][ T8020] RIP: 0033:0x7fb1f5c3f749
[  657.863164][ T8020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  657.863181][ T8020] RSP: 002b:00007fb1f3e9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  657.863201][ T8020] RAX: ffffffffffffffda RBX: 00007fb1f5e95fa0 RCX: 00007fb1f5c3f749
[  657.863215][ T8020] RDX: 00002000000000c0 RSI: 000000000000890c RDI: 0000000000000003
[  657.863228][ T8020] RBP: 00007fb1f3e9e090 R08: 0000000000000000 R09: 0000000000000000
[  657.863240][ T8020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  657.863251][ T8020] R13: 00007fb1f5e96038 R14: 00007fb1f5e95fa0 R15: 00007ffc967e2998
[  657.863282][ T8020]  </TASK>
[  658.305751][ T8028] trusted_key: encrypted_key: insufficient parameters specified
[  659.534542][   T37] audit: type=1326 audit(1766933080.097:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.6.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  659.534854][   T37] audit: type=1326 audit(1766933080.107:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.6.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  659.538270][   T37] audit: type=1326 audit(1766933080.107:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.6.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  659.538771][   T37] audit: type=1326 audit(1766933080.107:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.6.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  659.539055][   T37] audit: type=1326 audit(1766933080.107:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8041 comm="syz.6.428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fad5729f749 code=0x7ffc0000
[  659.849653][ T8046] netlink: 168 bytes leftover after parsing attributes in process `syz.8.430'.
[  661.069972][ T8074] FAULT_INJECTION: forcing a failure.
[  661.069972][ T8074] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  661.070004][ T8074] CPU: 0 UID: 0 PID: 8074 Comm: syz.7.438 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  661.070025][ T8074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  661.070034][ T8074] Call Trace:
[  661.070041][ T8074]  <TASK>
[  661.070049][ T8074]  dump_stack_lvl+0xe8/0x150
[  661.070076][ T8074]  should_fail_ex+0x46c/0x600
[  661.070104][ T8074]  _copy_from_user+0x2d/0xb0
[  661.070122][ T8074]  vhost_vsock_dev_ioctl+0x12e/0xdc0
[  661.070147][ T8074]  ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10
[  661.070166][ T8074]  ? __fget_files+0x2a/0x420
[  661.070183][ T8074]  ? __fget_files+0x3a6/0x420
[  661.070201][ T8074]  ? __fget_files+0x2a/0x420
[  661.070223][ T8074]  ? bpf_lsm_file_ioctl+0x9/0x20
[  661.070250][ T8074]  ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10
[  661.070269][ T8074]  __se_sys_ioctl+0xff/0x170
[  661.070295][ T8074]  do_syscall_64+0xec/0xf80
[  661.070314][ T8074]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.070332][ T8074]  ? trace_irq_disable+0x37/0x100
[  661.070350][ T8074]  ? clear_bhb_loop+0x60/0xb0
[  661.070372][ T8074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.070390][ T8074] RIP: 0033:0x7f865fdbf749
[  661.070406][ T8074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  661.070422][ T8074] RSP: 002b:00007f865e026038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  661.070443][ T8074] RAX: ffffffffffffffda RBX: 00007f8660015fa0 RCX: 00007f865fdbf749
[  661.070456][ T8074] RDX: 0000000000000000 RSI: 000000004004af61 RDI: 0000000000000003
[  661.070468][ T8074] RBP: 00007f865e026090 R08: 0000000000000000 R09: 0000000000000000
[  661.070480][ T8074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  661.070491][ T8074] R13: 00007f8660016038 R14: 00007f8660015fa0 R15: 00007ffe9f254e28
[  661.070523][ T8074]  </TASK>
[  661.505584][ T5863] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  661.506197][ T5863] Bluetooth: hci3: Injecting HCI hardware error event
[  661.510143][ T5854] Bluetooth: hci3: hardware error 0x00
[  662.051450][ T6138] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  662.200737][ T6138] usb 9-1: Using ep0 maxpacket: 16
[  662.217292][ T6138] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  662.217318][ T6138] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  662.246231][ T6138] usb 9-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  662.247996][ T6138] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.248021][ T6138] usb 9-1: Product: syz
[  662.248036][ T6138] usb 9-1: Manufacturer: syz
[  662.248051][ T6138] usb 9-1: SerialNumber: syz
[  662.311823][ T6138] usb 9-1: config 0 descriptor??
[  662.652593][ T8116] binder: BINDER_SET_CONTEXT_MGR already set
[  662.652608][ T8116] binder: 8103:8116 ioctl 4018620d 200000000040 returned -16
[  663.637319][ T8137] =======================================================
[  663.637319][ T8137] WARNING: The mand mount option has been deprecated and
[  663.637319][ T8137]          and is ignored by this kernel. Remove the mand
[  663.637319][ T8137]          option from the mount to silence this warning.
[  663.637319][ T8137] =======================================================
[  663.750695][ T5854] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  664.857242][ T6257] usb 9-1: USB disconnect, device number 4
[  665.075537][   T37] kauditd_printk_skb: 3 callbacks suppressed
[  665.075554][   T37] audit: type=1326 audit(1766933085.647:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8154 comm="syz.8.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bc67ff749 code=0x7ffc0000
[  665.075597][   T37] audit: type=1326 audit(1766933085.647:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8154 comm="syz.8.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bc67ff749 code=0x7ffc0000
[  665.079574][   T37] audit: type=1326 audit(1766933085.647:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8154 comm="syz.8.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bc67ff749 code=0x7ffc0000
[  665.079623][   T37] audit: type=1326 audit(1766933085.647:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8154 comm="syz.8.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2bc67ff749 code=0x7ffc0000
[  665.084457][   T37] audit: type=1326 audit(1766933085.657:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8154 comm="syz.8.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bc67ff749 code=0x7ffc0000
[  665.095137][   T37] audit: type=1326 audit(1766933085.667:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8154 comm="syz.8.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2bc67ff783 code=0x7ffc0000
[  665.098879][   T37] audit: type=1326 audit(1766933085.667:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8154 comm="syz.8.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f2bc67ff783 code=0x7ffc0000
[  665.099315][   T37] audit: type=1326 audit(1766933085.667:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8154 comm="syz.8.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bc67ff749 code=0x7ffc0000
[  665.107130][   T37] audit: type=1326 audit(1766933085.677:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8154 comm="syz.8.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bc67ff749 code=0x7ffc0000
[  665.110100][   T37] audit: type=1326 audit(1766933085.677:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8154 comm="syz.8.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bc67ff749 code=0x7ffc0000
[  666.557456][ T8170] tmpfs: Unsupported parameter 'huge'
[  666.838070][ T8193] binder: BINDER_SET_CONTEXT_MGR already set
[  666.838088][ T8193] binder: 8174:8193 ioctl 4018620d 200000000040 returned -16
[  667.575445][ T8215] FAULT_INJECTION: forcing a failure.
[  667.575445][ T8215] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  667.575480][ T8215] CPU: 0 UID: 0 PID: 8215 Comm: syz.7.465 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  667.575502][ T8215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  667.575514][ T8215] Call Trace:
[  667.575521][ T8215]  <TASK>
[  667.575530][ T8215]  dump_stack_lvl+0xe8/0x150
[  667.575558][ T8215]  should_fail_ex+0x46c/0x600
[  667.575587][ T8215]  _copy_to_user+0x31/0xb0
[  667.575607][ T8215]  copy_siginfo_to_user+0x22/0xc0
[  667.575629][ T8215]  x64_setup_rt_frame+0x777/0xd40
[  667.575654][ T8215]  ? rt_spin_unlock+0x150/0x200
[  667.575696][ T8215]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  667.575729][ T8215]  arch_do_signal_or_restart+0x3d6/0x7a0
[  667.575758][ T8215]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  667.575790][ T8215]  ? ksys_read+0x230/0x260
[  667.575823][ T8215]  exit_to_user_mode_loop+0x87/0x4e0
[  667.575848][ T8215]  ? rcu_is_watching+0x15/0xb0
[  667.575869][ T8215]  do_syscall_64+0x2b7/0xf80
[  667.575886][ T8215]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.575905][ T8215]  ? clear_bhb_loop+0x60/0xb0
[  667.575927][ T8215]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.575945][ T8215] RIP: 0033:0x7f865fdbf747
[  667.575962][ T8215] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  667.575978][ T8215] RSP: 002b:00007f865e026038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  667.575998][ T8215] RAX: 0000000000000000 RBX: 00007f8660015fa0 RCX: 00007f865fdbf749
[  667.576012][ T8215] RDX: 000000000000205c RSI: 0000200000001b40 RDI: 0000000000000003
[  667.576024][ T8215] RBP: 00007f865e026090 R08: 0000000000000000 R09: 0000000000000000
[  667.576037][ T8215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  667.576048][ T8215] R13: 00007f8660016038 R14: 00007f8660015fa0 R15: 00007ffe9f254e28
[  667.576078][ T8215]  </TASK>
[  668.449261][ T8222] tmpfs: Bad value for 'mpol'
[  671.269075][ T5854] Bluetooth: hci0: unexpected event for opcode 0x2010
[  671.860768][   T11] block nbd1: Possible stuck request ffff888024a4e000: control (read@0,1024B). Runtime 120 seconds
[  671.860833][   T11] block nbd1: Possible stuck request ffff888024a4e1c0: control (read@1024,1024B). Runtime 120 seconds
[  671.860869][   T11] block nbd1: Possible stuck request ffff888024a4e380: control (read@2048,1024B). Runtime 120 seconds
[  671.860898][   T11] block nbd1: Possible stuck request ffff888024a4e540: control (read@3072,1024B). Runtime 120 seconds
[  671.984971][ T8281] FAULT_INJECTION: forcing a failure.
[  671.984971][ T8281] name failslab, interval 1, probability 0, space 0, times 0
[  671.985001][ T8281] CPU: 1 UID: 0 PID: 8281 Comm: syz.8.481 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  671.985021][ T8281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  671.985032][ T8281] Call Trace:
[  671.985039][ T8281]  <TASK>
[  671.985046][ T8281]  dump_stack_lvl+0xe8/0x150
[  671.985074][ T8281]  should_fail_ex+0x46c/0x600
[  671.985103][ T8281]  should_failslab+0xa8/0x100
[  671.985123][ T8281]  __kmalloc_noprof+0xe0/0x7e0
[  671.985149][ T8281]  ? copy_splice_read+0x143/0xa60
[  671.985173][ T8281]  copy_splice_read+0x143/0xa60
[  671.985200][ T8281]  ? __pfx_copy_splice_read+0x10/0x10
[  671.985222][ T8281]  ? look_up_lock_class+0x57/0x110
[  671.985246][ T8281]  ? register_lock_class+0x31/0x2e0
[  671.985272][ T8281]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  671.985309][ T8281]  ? alloc_pipe_info+0x374/0x4d0
[  671.985341][ T8281]  ? __pfx_filemap_splice_read+0x10/0x10
[  671.985374][ T8281]  splice_direct_to_actor+0x4db/0xcd0
[  671.985414][ T8281]  ? __pfx_direct_splice_actor+0x10/0x10
[  671.985433][ T8281]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  671.985462][ T8281]  do_splice_direct+0x187/0x270
[  671.985485][ T8281]  ? __pfx_do_splice_direct+0x10/0x10
[  671.985506][ T8281]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  671.985532][ T8281]  ? rw_verify_area+0x25b/0x4e0
[  671.985558][ T8281]  do_sendfile+0x4ec/0x7f0
[  671.985577][ T8281]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  671.985601][ T8281]  ? __pfx_do_sendfile+0x10/0x10
[  671.985628][ T8281]  __se_sys_sendfile64+0x13e/0x190
[  671.985649][ T8281]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  671.985678][ T8281]  do_syscall_64+0xec/0xf80
[  671.985696][ T8281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.985714][ T8281]  ? trace_irq_disable+0x37/0x100
[  671.985731][ T8281]  ? clear_bhb_loop+0x60/0xb0
[  671.985752][ T8281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.985769][ T8281] RIP: 0033:0x7f2bc67ff749
[  671.985793][ T8281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  671.985807][ T8281] RSP: 002b:00007f2bc4a5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  671.985827][ T8281] RAX: ffffffffffffffda RBX: 00007f2bc6a55fa0 RCX: 00007f2bc67ff749
[  671.985840][ T8281] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  671.985851][ T8281] RBP: 00007f2bc4a5e090 R08: 0000000000000000 R09: 0000000000000000
[  671.985863][ T8281] R10: 0000000000040008 R11: 0000000000000246 R12: 0000000000000001
[  671.985875][ T8281] R13: 00007f2bc6a56038 R14: 00007f2bc6a55fa0 R15: 00007fff80bb16a8
[  671.985905][ T8281]  </TASK>
[  672.390030][ T8292] netlink: 12 bytes leftover after parsing attributes in process `syz.8.486'.
[  673.966707][ T8279] openvswitch: netlink: Key 6 has unexpected len 0 expected 2
[  674.250152][    C1] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96
[  674.430866][   T11] block nbd0: Possible stuck request ffff8880249ae000: control (read@0,1024B). Runtime 150 seconds
[  674.430912][   T11] block nbd0: Possible stuck request ffff8880249ae1c0: control (read@1024,1024B). Runtime 150 seconds
[  674.430941][   T11] block nbd0: Possible stuck request ffff8880249ae380: control (read@2048,1024B). Runtime 150 seconds
[  674.430969][   T11] block nbd0: Possible stuck request ffff8880249ae540: control (read@3072,1024B). Runtime 150 seconds
[  674.823751][ T8328] netlink: 'syz.0.493': attribute type 2 has an invalid length.
[  674.823767][ T8328] netlink: 'syz.0.493': attribute type 8 has an invalid length.
[  674.823774][ T8328] netlink: 132 bytes leftover after parsing attributes in process `syz.0.493'.
[  675.936178][ T8339] FAULT_INJECTION: forcing a failure.
[  675.936178][ T8339] name failslab, interval 1, probability 0, space 0, times 0
[  675.936212][ T8339] CPU: 1 UID: 0 PID: 8339 Comm: syz.7.496 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  675.936234][ T8339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  675.936245][ T8339] Call Trace:
[  675.936253][ T8339]  <TASK>
[  675.936261][ T8339]  dump_stack_lvl+0xe8/0x150
[  675.936289][ T8339]  should_fail_ex+0x46c/0x600
[  675.936319][ T8339]  should_failslab+0xa8/0x100
[  675.936340][ T8339]  __kmalloc_noprof+0xe0/0x7e0
[  675.936365][ T8339]  ? tomoyo_encode+0x28b/0x550
[  675.936388][ T8339]  tomoyo_encode+0x28b/0x550
[  675.936409][ T8339]  ? tomoyo_mount_permission+0x27a/0x970
[  675.936435][ T8339]  tomoyo_mount_permission+0x331/0x970
[  675.936464][ T8339]  ? stack_depot_save_flags+0x33/0x810
[  675.936488][ T8339]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  675.936575][ T8339]  security_sb_mount+0xec/0x350
[  675.936597][ T8339]  path_mount+0xbc/0xff0
[  675.936616][ T8339]  ? user_path_at+0x44/0x60
[  675.936646][ T8339]  __se_sys_mount+0x313/0x410
[  675.936671][ T8339]  ? __pfx___se_sys_mount+0x10/0x10
[  675.936697][ T8339]  ? __x64_sys_mount+0x20/0xc0
[  675.936718][ T8339]  do_syscall_64+0xec/0xf80
[  675.936737][ T8339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.936755][ T8339]  ? trace_irq_disable+0x37/0x100
[  675.936773][ T8339]  ? clear_bhb_loop+0x60/0xb0
[  675.936795][ T8339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.936813][ T8339] RIP: 0033:0x7f865fdbf749
[  675.936829][ T8339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  675.936846][ T8339] RSP: 002b:00007f865e026038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  675.936867][ T8339] RAX: ffffffffffffffda RBX: 00007f8660015fa0 RCX: 00007f865fdbf749
[  675.936881][ T8339] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000000
[  675.936893][ T8339] RBP: 00007f865e026090 R08: 0000000000000000 R09: 0000000000000000
[  675.936904][ T8339] R10: 0000000000820061 R11: 0000000000000246 R12: 0000000000000001
[  675.936916][ T8339] R13: 00007f8660016038 R14: 00007f8660015fa0 R15: 00007ffe9f254e28
[  675.936948][ T8339]  </TASK>
[  677.239827][ T8349] netlink: 12 bytes leftover after parsing attributes in process `syz.7.498'.
[  677.563215][ T8355] bond1: option packets_per_slave: mode dependency failed, not supported in mode active-backup(1)
[  677.603232][ T8355] bond1 (unregistering): Released all slaves
[  677.900904][ T5864] Bluetooth: hci5: command 0x0406 tx timeout
[  677.900957][ T5856] Bluetooth: hci6: command 0x0406 tx timeout
[  679.966370][ T8383] syzkaller1: entered promiscuous mode
[  679.966395][ T8383] syzkaller1: entered allmulticast mode
[  680.263358][ T5942] IPVS: starting estimator thread 0...
[  680.368882][ T8392] IPVS: using max 7 ests per chain, 16800 per kthread
[  681.178216][ T8410] fuse: Bad value for 'fd'
[  682.960713][ T8430] netlink: 168 bytes leftover after parsing attributes in process `syz.6.511'.
[  682.990762][ T5971] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  683.028342][ T5854] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  683.042214][ T5854] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  683.049448][ T5854] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  683.077686][ T5854] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  683.078894][ T5854] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  683.154476][ T5971] usb 8-1: Using ep0 maxpacket: 32
[  683.157925][ T5971] usb 8-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  683.157954][ T5971] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  683.163655][ T5971] usb 8-1: config 0 descriptor??
[  683.414251][ T5971] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  683.502341][ T5971] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  683.503400][ T5971] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  683.503456][ T5971] usb 8-1: media controller created
[  683.563379][ T5971] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  683.892596][ T5971] az6027: usb out operation failed. (-71)
[  683.892616][ T5971] stb0899_attach: Driver disabled by Kconfig
[  683.892625][ T5971] az6027: no front-end attached
[  683.892625][ T5971] 
[  683.892985][ T5971] az6027: usb out operation failed. (-71)
[  683.892999][ T5971] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  683.898381][ T5971] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb8/8-1/input/input6
[  683.942498][ T5971] dvb-usb: schedule remote query interval to 400 msecs.
[  683.942523][ T5971] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  683.960974][ T5971] usb 8-1: USB disconnect, device number 4
[  684.047294][ T8431] chnl_net:caif_netlink_parms(): no params data found
[  684.439088][ T5971] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  684.606219][ T8464] netlink: 168 bytes leftover after parsing attributes in process `syz.7.523'.
[  686.530319][ T5854] Bluetooth: hci2: command tx timeout
[  686.534726][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  686.534817][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  686.950708][ T5921] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  686.999266][ T8483] fuse: Unknown parameter '00000000000000000003'
[  687.032239][ T8486] fuse: Unknown parameter '00000000000000000003'
[  687.103420][ T5921] usb 8-1: Using ep0 maxpacket: 8
[  687.105722][ T5921] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  687.105779][ T5921] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  687.105802][ T5921] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  687.105827][ T5921] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  687.105851][ T5921] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  687.105903][ T5921] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  687.105927][ T5921] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.218094][ T8431] bridge0: port 1(bridge_slave_0) entered blocking state
[  687.218239][ T8431] bridge0: port 1(bridge_slave_0) entered disabled state
[  687.218406][ T8431] bridge_slave_0: entered allmulticast mode
[  687.319169][ T8431] bridge_slave_0: entered promiscuous mode
[  687.320833][ T6136] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  687.385039][ T5921] usb 8-1: usb_control_msg returned -32
[  687.385092][ T5921] usbtmc 8-1:16.0: can't read capabilities
[  687.411364][ T8431] bridge0: port 2(bridge_slave_1) entered blocking state
[  687.411433][ T8431] bridge0: port 2(bridge_slave_1) entered disabled state
[  687.411601][ T8431] bridge_slave_1: entered allmulticast mode
[  687.413116][ T8431] bridge_slave_1: entered promiscuous mode
[  687.490769][ T6136] usb 9-1: device descriptor read/64, error -71
[  687.572003][ T8494] netlink: 'syz.6.531': attribute type 2 has an invalid length.
[  687.572023][ T8494] netlink: 'syz.6.531': attribute type 1 has an invalid length.
[  687.730724][ T6136] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  687.813588][ T8497] usbtmc 8-1:16.0: stb usb_control_msg returned -32
[  687.836442][ T8244] usb 8-1: USB disconnect, device number 5
[  687.870734][ T6136] usb 9-1: device descriptor read/64, error -71
[  687.981573][ T6136] usb usb9-port1: attempt power cycle
[  688.246685][ T8431] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  688.276294][ T8431] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  688.350772][ T6136] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  688.371673][ T6136] usb 9-1: device descriptor read/8, error -71
[  688.541338][ T5854] Bluetooth: hci2: command tx timeout
[  688.620985][ T6136] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  688.785129][ T6136] usb 9-1: device descriptor read/8, error -71
[  688.800792][ T5942] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  688.827192][ T8431] team0: Port device team_slave_0 added
[  689.635009][ T5942] usb 8-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  689.635042][ T5942] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  689.646849][ T5942] usb 8-1: config 0 descriptor??
[  689.697703][ T6136] usb usb9-port1: unable to enumerate USB device
[  689.926872][ T5942] cp210x 8-1:0.0: cp210x converter detected
[  689.946588][ T8507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  689.947257][ T8507] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  690.680496][ T5854] Bluetooth: hci2: command tx timeout
[  690.736723][ T8431] team0: Port device team_slave_1 added
[  690.928271][ T5942] cp210x 8-1:0.0: failed to get vendor val 0x000e size 3: -32
[  690.981596][ T5942] usb 8-1: cp210x converter now attached to ttyUSB0
[  691.071714][ T8527] FAULT_INJECTION: forcing a failure.
[  691.071714][ T8527] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  691.071748][ T8527] CPU: 1 UID: 0 PID: 8527 Comm: syz.8.541 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  691.071770][ T8527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  691.071781][ T8527] Call Trace:
[  691.071789][ T8527]  <TASK>
[  691.071798][ T8527]  dump_stack_lvl+0xe8/0x150
[  691.071826][ T8527]  should_fail_ex+0x46c/0x600
[  691.071856][ T8527]  prepare_alloc_pages+0x22b/0x6c0
[  691.071883][ T8527]  __alloc_frozen_pages_noprof+0x123/0x370
[  691.071906][ T8527]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  691.071933][ T8527]  ? policy_nodemask+0x27c/0x720
[  691.071953][ T8527]  alloc_pages_mpol+0xd1/0x380
[  691.071974][ T8527]  vma_alloc_folio_noprof+0xe4/0x280
[  691.071995][ T8527]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  691.072014][ T8527]  ? ___pte_offset_map+0x29/0x200
[  691.072037][ T8527]  ? ___pte_offset_map+0x29/0x200
[  691.072063][ T8527]  folio_prealloc+0x30/0x180
[  691.072090][ T8527]  do_pte_missing+0x86a/0x27a0
[  691.072116][ T8527]  ? handle_mm_fault+0xd1/0x1330
[  691.072144][ T8527]  ? handle_mm_fault+0xd1/0x1330
[  691.072167][ T8527]  handle_mm_fault+0xcc1/0x1330
[  691.072199][ T8527]  ? handle_mm_fault+0xd1/0x1330
[  691.072224][ T8527]  ? __pfx_handle_mm_fault+0x10/0x10
[  691.072268][ T8527]  ? lock_mm_and_find_vma+0x9c/0x300
[  691.072288][ T8527]  do_user_addr_fault+0x764/0x1380
[  691.072321][ T8527]  exc_page_fault+0x71/0xd0
[  691.072350][ T8527]  asm_exc_page_fault+0x26/0x30
[  691.072368][ T8527] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  691.072391][ T8527] Code: 1f 05 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  691.072408][ T8527] RSP: 0018:ffffc90015fffb48 EFLAGS: 00050206
[  691.072426][ T8527] RAX: ffffffff847d8d01 RBX: 0000000000001000 RCX: 0000000000001000
[  691.072439][ T8527] RDX: 0000000000000000 RSI: ffff8880217ec000 RDI: 0000200000001240
[  691.072452][ T8527] RBP: ffffc90015fffc90 R08: ffff8880217ecfff R09: 1ffff110042fd9ff
[  691.072465][ T8527] R10: dffffc0000000000 R11: ffffed10042fda00 R12: 0000200000002240
[  691.072478][ T8527] R13: 00007ffffffff000 R14: ffff8880217ec000 R15: 0000200000001240
[  691.072500][ T8527]  ? _copy_from_user+0x31/0xb0
[  691.072524][ T8527]  _copy_to_user+0x8a/0xb0
[  691.072543][ T8527]  pagemap_read+0x4d7/0x7b0
[  691.072575][ T8527]  ? __pfx_pagemap_read+0x10/0x10
[  691.072603][ T8527]  ? rw_verify_area+0x2ac/0x4e0
[  691.072626][ T8527]  ? __pfx_pagemap_read+0x10/0x10
[  691.072649][ T8527]  vfs_read+0x206/0xa30
[  691.072680][ T8527]  ? __pfx_vfs_read+0x10/0x10
[  691.072704][ T8527]  ? __fget_files+0x2a/0x420
[  691.072727][ T8527]  ? __fget_files+0x2a/0x420
[  691.072745][ T8527]  ? __fget_files+0x3a6/0x420
[  691.072763][ T8527]  ? __fget_files+0x2a/0x420
[  691.072790][ T8527]  __x64_sys_pread64+0x196/0x220
[  691.072818][ T8527]  ? __pfx___x64_sys_pread64+0x10/0x10
[  691.072855][ T8527]  do_syscall_64+0xec/0xf80
[  691.072874][ T8527]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.072891][ T8527]  ? trace_irq_disable+0x37/0x100
[  691.072911][ T8527]  ? clear_bhb_loop+0x60/0xb0
[  691.072934][ T8527]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.072952][ T8527] RIP: 0033:0x7f2bc67ff749
[  691.072969][ T8527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  691.072984][ T8527] RSP: 002b:00007f2bc4a5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[  691.073003][ T8527] RAX: ffffffffffffffda RBX: 00007f2bc6a55fa0 RCX: 00007f2bc67ff749
[  691.073017][ T8527] RDX: 0000000000200000 RSI: 0000200000001240 RDI: 0000000000000003
[  691.073027][ T8527] RBP: 00007f2bc4a5e090 R08: 0000000000000000 R09: 0000000000000000
[  691.073036][ T8527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  691.073045][ T8527] R13: 00007f2bc6a56038 R14: 00007f2bc6a55fa0 R15: 00007fff80bb16a8
[  691.073068][ T8527]  </TASK>
[  691.140857][ T8244] usb 8-1: USB disconnect, device number 6
[  691.196929][ T8244] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  691.352969][ T8244] cp210x 8-1:0.0: device disconnected
[  691.923796][ T8431] batman_adv: batadv0: Adding interface: batadv_slave_0
[  691.923814][ T8431] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  691.923841][ T8431] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  691.926059][ T8431] batman_adv: batadv0: Adding interface: batadv_slave_1
[  691.926073][ T8431] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  691.926095][ T8431] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  692.403764][ T8431] hsr_slave_0: entered promiscuous mode
[  692.405644][ T8431] hsr_slave_1: entered promiscuous mode
[  692.406563][ T8431] debugfs: 'hsr0' already exists in 'hsr'
[  692.406584][ T8431] Cannot create hsr debugfs directory
[  692.701436][ T5854] Bluetooth: hci2: command tx timeout
[  692.787248][ T8555] FAULT_INJECTION: forcing a failure.
[  692.787248][ T8555] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  692.787276][ T8555] CPU: 1 UID: 0 PID: 8555 Comm: syz.7.549 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  692.787292][ T8555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  692.787301][ T8555] Call Trace:
[  692.787307][ T8555]  <TASK>
[  692.787313][ T8555]  dump_stack_lvl+0xe8/0x150
[  692.787336][ T8555]  should_fail_ex+0x46c/0x600
[  692.787359][ T8555]  _copy_from_user+0x2d/0xb0
[  692.787374][ T8555]  bpf_test_init+0xd8/0x150
[  692.787395][ T8555]  bpf_prog_test_run_flow_dissector+0x1e1/0x5c0
[  692.787423][ T8555]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  692.787444][ T8555]  ? __fget_files+0x2a/0x420
[  692.787461][ T8555]  ? __fget_files+0x2a/0x420
[  692.787474][ T8555]  ? __fget_files+0x3a6/0x420
[  692.787489][ T8555]  ? __fget_files+0x2a/0x420
[  692.787506][ T8555]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  692.787525][ T8555]  bpf_prog_test_run+0x2cd/0x340
[  692.787546][ T8555]  __sys_bpf+0x562/0x860
[  692.787563][ T8555]  ? __pfx___sys_bpf+0x10/0x10
[  692.787576][ T8555]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  692.787606][ T8555]  ? ksys_write+0x230/0x260
[  692.787626][ T8555]  ? __pfx_ksys_write+0x10/0x10
[  692.787650][ T8555]  __x64_sys_bpf+0x7c/0x90
[  692.787665][ T8555]  do_syscall_64+0xec/0xf80
[  692.787678][ T8555]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.787691][ T8555]  ? trace_irq_disable+0x37/0x100
[  692.787705][ T8555]  ? clear_bhb_loop+0x60/0xb0
[  692.787723][ T8555]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.787735][ T8555] RIP: 0033:0x7f865fdbf749
[  692.787753][ T8555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  692.787765][ T8555] RSP: 002b:00007f865e026038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  692.787781][ T8555] RAX: ffffffffffffffda RBX: 00007f8660015fa0 RCX: 00007f865fdbf749
[  692.787791][ T8555] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a
[  692.787799][ T8555] RBP: 00007f865e026090 R08: 0000000000000000 R09: 0000000000000000
[  692.787808][ T8555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  692.787815][ T8555] R13: 00007f8660016038 R14: 00007f8660015fa0 R15: 00007ffe9f254e28
[  692.787838][ T8555]  </TASK>
[  694.035863][ T8536] capability: warning: `syz.0.544' uses 32-bit capabilities (legacy support in use)
[  694.452795][ T8572] overlayfs: failed to clone upperpath
[  694.630862][ T6077] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  695.000716][ T6077] usb 9-1: Using ep0 maxpacket: 32
[  695.114052][ T6077] usb 9-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  695.114070][ T6077] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  695.114081][ T6077] usb 9-1: Product: syz
[  695.114089][ T6077] usb 9-1: Manufacturer: syz
[  695.114097][ T6077] usb 9-1: SerialNumber: syz
[  695.255984][ T6077] usb 9-1: config 0 descriptor??
[  696.930864][ T6077] peak_usb 9-1:0.0 can0: unable to request usb[type=0 value=0] err=-71
[  696.930896][ T6077] peak_usb 9-1:0.0: unable to read PCAN-USB Pro bootloader info (err -71)
[  697.992427][ T6077] peak_usb 9-1:0.0: probe with driver peak_usb failed with error -71
[  697.998838][ T6077] usb 9-1: USB disconnect, device number 9
[  698.224920][ T5854] Bluetooth: hci1: command 0x0406 tx timeout
[  699.395070][ T8431] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  699.436375][ T8431] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  699.465159][ T8431] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  699.542169][ T8431] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  699.943123][ T8431] 8021q: adding VLAN 0 to HW filter on device bond0
[  700.010267][ T8431] 8021q: adding VLAN 0 to HW filter on device team0
[  700.043213][ T1226] bridge0: port 1(bridge_slave_0) entered blocking state
[  700.043414][ T1226] bridge0: port 1(bridge_slave_0) entered forwarding state
[  700.095587][ T6025] bridge0: port 2(bridge_slave_1) entered blocking state
[  700.095726][ T6025] bridge0: port 2(bridge_slave_1) entered forwarding state
[  700.792540][ T8629] FAULT_INJECTION: forcing a failure.
[  700.792540][ T8629] name failslab, interval 1, probability 0, space 0, times 0
[  700.792575][ T8629] CPU: 1 UID: 0 PID: 8629 Comm: syz.7.570 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  700.792607][ T8629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  700.792618][ T8629] Call Trace:
[  700.792625][ T8629]  <TASK>
[  700.792634][ T8629]  dump_stack_lvl+0xe8/0x150
[  700.792664][ T8629]  should_fail_ex+0x46c/0x600
[  700.792692][ T8629]  should_failslab+0xa8/0x100
[  700.792710][ T8629]  __kmalloc_cache_node_noprof+0x8b/0x700
[  700.792737][ T8629]  ? __get_vm_area_node+0x172/0x350
[  700.792766][ T8629]  __get_vm_area_node+0x172/0x350
[  700.792793][ T8629]  __vmalloc_node_range_noprof+0x371/0x16a0
[  700.792818][ T8629]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  700.792855][ T8629]  ? is_bpf_text_address+0x26/0x2b0
[  700.792880][ T8629]  ? kernel_text_address+0xa5/0xe0
[  700.792910][ T8629]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  700.792938][ T8629]  ? __lock_acquire+0x6b6/0x2cf0
[  700.792969][ T8629]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  700.792988][ T8629]  __vmalloc_noprof+0xd2/0x120
[  700.793012][ T8629]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  700.793035][ T8629]  bpf_prog_alloc_no_stats+0x4a/0x4d0
[  700.793060][ T8629]  bpf_prog_alloc+0x3c/0x1a0
[  700.793083][ T8629]  bpf_prog_load+0x735/0x1a10
[  700.793110][ T8629]  ? get_pid_task+0x20/0x1f0
[  700.793135][ T8629]  ? __pfx_bpf_prog_load+0x10/0x10
[  700.793156][ T8629]  ? __might_fault+0xb0/0x130
[  700.793198][ T8629]  ? bpf_lsm_bpf+0x9/0x20
[  700.793214][ T8629]  ? security_bpf+0x7e/0x300
[  700.793241][ T8629]  __sys_bpf+0x507/0x860
[  700.793263][ T8629]  ? __pfx___sys_bpf+0x10/0x10
[  700.793279][ T8629]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  700.793317][ T8629]  ? ksys_write+0x230/0x260
[  700.793343][ T8629]  ? __pfx_ksys_write+0x10/0x10
[  700.793374][ T8629]  __x64_sys_bpf+0x7c/0x90
[  700.793393][ T8629]  do_syscall_64+0xec/0xf80
[  700.793410][ T8629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.793427][ T8629]  ? trace_irq_disable+0x37/0x100
[  700.793447][ T8629]  ? clear_bhb_loop+0x60/0xb0
[  700.793469][ T8629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.793488][ T8629] RIP: 0033:0x7f865fdbf749
[  700.793504][ T8629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  700.793518][ T8629] RSP: 002b:00007f865e026038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  700.793538][ T8629] RAX: ffffffffffffffda RBX: 00007f8660015fa0 RCX: 00007f865fdbf749
[  700.793552][ T8629] RDX: 0000000000000094 RSI: 0000200000000280 RDI: 0000000000000005
[  700.793565][ T8629] RBP: 00007f865e026090 R08: 0000000000000000 R09: 0000000000000000
[  700.793577][ T8629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  700.793589][ T8629] R13: 00007f8660016038 R14: 00007f8660015fa0 R15: 00007ffe9f254e28
[  700.793626][ T8629]  </TASK>
[  700.793888][ T8629] syz.7.570: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  700.794457][ T8629] CPU: 1 UID: 0 PID: 8629 Comm: syz.7.570 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  700.794479][ T8629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  700.794491][ T8629] Call Trace:
[  700.794498][ T8629]  <TASK>
[  700.794507][ T8629]  dump_stack_lvl+0xe8/0x150
[  700.794534][ T8629]  warn_alloc+0x22e/0x3b0
[  700.794559][ T8629]  ? should_fail_ex+0x344/0x600
[  700.794589][ T8629]  ? __pfx_warn_alloc+0x10/0x10
[  700.794623][ T8629]  ? __kmalloc_cache_node_noprof+0x2aa/0x700
[  700.794649][ T8629]  ? __get_vm_area_node+0x172/0x350
[  700.794677][ T8629]  ? __get_vm_area_node+0x2e2/0x350
[  700.794707][ T8629]  __vmalloc_node_range_noprof+0x396/0x16a0
[  700.794750][ T8629]  ? is_bpf_text_address+0x26/0x2b0
[  700.794777][ T8629]  ? kernel_text_address+0xa5/0xe0
[  700.794807][ T8629]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  700.794835][ T8629]  ? __lock_acquire+0x6b6/0x2cf0
[  700.794866][ T8629]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  700.794886][ T8629]  __vmalloc_noprof+0xd2/0x120
[  700.794911][ T8629]  ? bpf_prog_alloc_no_stats+0x4a/0x4d0
[  700.794935][ T8629]  bpf_prog_alloc_no_stats+0x4a/0x4d0
[  700.794959][ T8629]  bpf_prog_alloc+0x3c/0x1a0
[  700.794983][ T8629]  bpf_prog_load+0x735/0x1a10
[  700.795011][ T8629]  ? get_pid_task+0x20/0x1f0
[  700.795036][ T8629]  ? __pfx_bpf_prog_load+0x10/0x10
[  700.795057][ T8629]  ? __might_fault+0xb0/0x130
[  700.795100][ T8629]  ? bpf_lsm_bpf+0x9/0x20
[  700.795114][ T8629]  ? security_bpf+0x7e/0x300
[  700.795140][ T8629]  __sys_bpf+0x507/0x860
[  700.795161][ T8629]  ? __pfx___sys_bpf+0x10/0x10
[  700.795178][ T8629]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  700.795215][ T8629]  ? ksys_write+0x230/0x260
[  700.795241][ T8629]  ? __pfx_ksys_write+0x10/0x10
[  700.795270][ T8629]  __x64_sys_bpf+0x7c/0x90
[  700.795288][ T8629]  do_syscall_64+0xec/0xf80
[  700.795306][ T8629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.795322][ T8629]  ? trace_irq_disable+0x37/0x100
[  700.795341][ T8629]  ? clear_bhb_loop+0x60/0xb0
[  700.795363][ T8629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.795380][ T8629] RIP: 0033:0x7f865fdbf749
[  700.795396][ T8629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  700.795413][ T8629] RSP: 002b:00007f865e026038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  700.795431][ T8629] RAX: ffffffffffffffda RBX: 00007f8660015fa0 RCX: 00007f865fdbf749
[  700.795445][ T8629] RDX: 0000000000000094 RSI: 0000200000000280 RDI: 0000000000000005
[  700.795457][ T8629] RBP: 00007f865e026090 R08: 0000000000000000 R09: 0000000000000000
[  700.795469][ T8629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  700.795481][ T8629] R13: 00007f8660016038 R14: 00007f8660015fa0 R15: 00007ffe9f254e28
[  700.795511][ T8629]  </TASK>
[  700.795527][ T8629] Mem-Info:
[  700.795540][ T8629] active_anon:281 inactive_anon:11783 isolated_anon:0
[  700.795540][ T8629]  active_file:24095 inactive_file:37963 isolated_file:0
[  700.795540][ T8629]  unevictable:768 dirty:513 writeback:0
[  700.795540][ T8629]  slab_reclaimable:12373 slab_unreclaimable:108201
[  700.795540][ T8629]  mapped:38662 shmem:4246 pagetables:1757
[  700.795540][ T8629]  sec_pagetables:0 bounce:0
[  700.795540][ T8629]  kernel_misc_reclaimable:0
[  700.795540][ T8629]  free:1292180 free_pcp:2581 free_cma:0
[  700.795599][ T8629] Node 0 active_anon:1124kB inactive_anon:47132kB active_file:96176kB inactive_file:151852kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:154648kB dirty:2052kB writeback:0kB shmem:15448kB kernel_stack:15056kB pagetables:6884kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  700.795645][ T8629] Node 1 active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:64kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  700.795687][ T8629] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  700.795747][ T8629] lowmem_reserve[]: 0 2514 2515 2515 2515
[  700.795779][ T8629] Node 0 DMA32 free:1245568kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1124kB inactive_anon:47132kB active_file:96176kB inactive_file:151852kB unevictable:1536kB writepending:2052kB zspages:0kB present:3129332kB managed:2574692kB mlocked:0kB bounce:0kB free_pcp:10364kB local_pcp:5188kB free_cma:0kB
[  700.795839][ T8629] lowmem_reserve[]: 0 0 1 1 1
[  700.797276][ T8629] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  700.797330][ T8629] lowmem_reserve[]: 0 0 0 0 0
[  700.797360][ T8629] Node 1 Normal free:3907792kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  700.797414][ T8629] lowmem_reserve[]: 0 0 0 0 0
[  700.797443][ T8629] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  700.797546][ T8629] Node 0 DMA32: 90*4kB (UM) 81*8kB (UM) 673*16kB (UME) 537*32kB (UME) 359*64kB (UME) 163*128kB (UME) 131*256kB (UM) 79*512kB (UM) 53*1024kB (UME) 54*2048kB (UME) 228*4096kB (UM) = 1245536kB
[  700.797694][ T8629] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  700.797788][ T8629] Node 1 Normal: 166*4kB (UE) 49*8kB (UME) 23*16kB (UME) 198*32kB (UME) 88*64kB (UME) 25*128kB (UME) 14*256kB (UM) 7*512kB (UM) 3*1024kB (UME) 1*2048kB (E) 947*4096kB (M) = 3907792kB
[  700.797932][ T8629] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  700.797949][ T8629] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  700.797966][ T8629] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  700.797981][ T8629] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  700.797997][ T8629] 66300 total pagecache pages
[  700.798011][ T8629] 0 pages in swap cache
[  700.798018][ T8629] Free swap  = 124996kB
[  700.798025][ T8629] Total swap = 124996kB
[  700.798033][ T8629] 2097051 pages RAM
[  700.798039][ T8629] 0 pages HighMem/MovableOnly
[  700.798046][ T8629] 421352 pages reserved
[  700.798052][ T8629] 0 pages cma reserved
[  701.690890][ T5921] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  702.792892][ T8431] 8021q: adding VLAN 0 to HW filter on device batadv0
[  702.990791][ T5921] usb 9-1: Using ep0 maxpacket: 8
[  702.995342][ T5921] usb 9-1: config index 0 descriptor too short (expected 30, got 18)
[  702.998146][ T5921] usb 9-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  702.998175][ T5921] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  702.998194][ T5921] usb 9-1: Product: syz
[  702.998209][ T5921] usb 9-1: Manufacturer: syz
[  702.998223][ T5921] usb 9-1: SerialNumber: syz
[  703.036014][ T5921] usb 9-1: config 0 descriptor??
[  703.057991][ T5921] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  703.058050][ T5921] usb 9-1: setting power ON
[  703.058736][ T5921] dvb-usb: bulk message failed: -22 (2/0)
[  703.076173][   T11] block nbd1: Possible stuck request ffff888024a4e000: control (read@0,1024B). Runtime 150 seconds
[  703.076220][   T11] block nbd1: Possible stuck request ffff888024a4e1c0: control (read@1024,1024B). Runtime 150 seconds
[  703.076249][   T11] block nbd1: Possible stuck request ffff888024a4e380: control (read@2048,1024B). Runtime 150 seconds
[  703.076278][   T11] block nbd1: Possible stuck request ffff888024a4e540: control (read@3072,1024B). Runtime 150 seconds
[  703.095280][ T5921] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  703.097479][ T5921] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  703.097537][ T5921] usb 9-1: media controller created
[  703.225474][ T5921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  703.323238][ T8633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  703.323798][ T8633] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  703.363947][ T8633] dvb-usb: bulk message failed: -22 (3/0)
[  703.418965][ T5921] usb 9-1: selecting invalid altsetting 6
[  703.418990][ T5921] usb 9-1: digital interface selection failed (-22)
[  703.419006][ T5921] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  703.428396][ T5921] usb 9-1: setting power OFF
[  703.428697][ T5921] dvb-usb: bulk message failed: -22 (2/0)
[  703.428714][ T5921] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  703.428727][ T5921] (NULL device *): no alternate interface
[  703.658269][ T5921] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  703.686989][ T5921] usb 9-1: USB disconnect, device number 10
[  703.833755][ T8431] veth0_vlan: entered promiscuous mode
[  703.848502][ T8431] veth1_vlan: entered promiscuous mode
[  703.932061][ T8431] veth0_macvtap: entered promiscuous mode
[  703.965879][ T8431] veth1_macvtap: entered promiscuous mode
[  704.029160][ T8431] batman_adv: batadv0: Interface activated: batadv_slave_0
[  704.085668][ T8431] batman_adv: batadv0: Interface activated: batadv_slave_1
[  704.130016][ T5903] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  704.189044][ T5903] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  704.189094][ T5903] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  704.189128][ T5903] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  704.501494][   T11] block nbd0: Possible stuck request ffff8880249ae000: control (read@0,1024B). Runtime 180 seconds
[  704.501541][   T11] block nbd0: Possible stuck request ffff8880249ae1c0: control (read@1024,1024B). Runtime 180 seconds
[  704.501578][   T11] block nbd0: Possible stuck request ffff8880249ae380: control (read@2048,1024B). Runtime 180 seconds
[  704.501606][   T11] block nbd0: Possible stuck request ffff8880249ae540: control (read@3072,1024B). Runtime 180 seconds
[  704.510881][ T5921] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  705.582162][ T5921] usb 9-1: Using ep0 maxpacket: 8
[  705.587967][ T5921] usb 9-1: config 162 has an invalid interface number: 197 but max is 0
[  705.587994][ T5921] usb 9-1: config 162 has no interface number 0
[  705.588026][ T5921] usb 9-1: config 162 interface 197 has no altsetting 0
[  705.649655][ T5921] usb 9-1: New USB device found, idVendor=0c10, idProduct=0000, bcdDevice=95.a7
[  705.649685][ T5921] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  705.649704][ T5921] usb 9-1: Product: syz
[  705.649717][ T5921] usb 9-1: Manufacturer: syz
[  705.649731][ T5921] usb 9-1: SerialNumber: syz
[  706.126019][ T8659] Bluetooth: MGMT ver 1.23
[  706.200203][ T5921] usb 9-1: USB disconnect, device number 11
[  706.252705][ T6070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  706.252727][ T6070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  706.337760][ T8671] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  706.372557][ T6015] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  706.372573][ T6015] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  708.241283][ T8714] netlink: 168 bytes leftover after parsing attributes in process `syz.8.596'.
[  709.328996][ T8748] 9pnet_fd: Insufficient options for proto=fd
[  709.361095][ T8748] 9pnet_fd: Insufficient options for proto=fd
[  709.739009][ T8756] netlink: 168 bytes leftover after parsing attributes in process `syz.8.610'.
[  709.855002][ T8766] vivid-004: disconnect
[  710.615107][ T8760] vivid-004: reconnect
[  712.990728][ T5942] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  713.150786][ T5942] usb 9-1: Using ep0 maxpacket: 32
[  713.155155][ T5942] usb 9-1: config 0 has an invalid interface number: 4 but max is 0
[  713.155181][ T5942] usb 9-1: config 0 has no interface number 0
[  713.155227][ T5942] usb 9-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  713.155253][ T5942] usb 9-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  713.155276][ T5942] usb 9-1: config 0 interface 4 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  713.155315][ T5942] usb 9-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00
[  713.155337][ T5942] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.188564][ T5942] usb 9-1: config 0 descriptor??
[  713.418971][ T8827] nbd4: detected capacity change from 0 to 127
[  713.490364][ T5863] block nbd4: Receive control failed (result -32)
[  713.504951][ T6752] block nbd4: Dead connection, failed to find a fallback
[  713.504976][ T6752] block nbd4: shutting down sockets
[  713.504990][ T6752] blk_print_req_error: 286 callbacks suppressed
[  713.505002][ T6752] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  713.505028][ T6752] buffer_io_error: 286 callbacks suppressed
[  713.505039][ T6752] Buffer I/O error on dev nbd4, logical block 0, async page read
[  713.505107][ T6752] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  713.505131][ T6752] Buffer I/O error on dev nbd4, logical block 1, async page read
[  713.505180][ T6752] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  713.505203][ T6752] Buffer I/O error on dev nbd4, logical block 2, async page read
[  713.505250][ T6752] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  713.505271][ T6752] Buffer I/O error on dev nbd4, logical block 3, async page read
[  713.505331][ T6752] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  713.505354][ T6752] Buffer I/O error on dev nbd4, logical block 0, async page read
[  713.505399][ T6752] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  713.505419][ T6752] Buffer I/O error on dev nbd4, logical block 1, async page read
[  713.505464][ T6752] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  713.505486][ T6752] Buffer I/O error on dev nbd4, logical block 2, async page read
[  713.505531][ T6752] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  713.505550][ T6752] Buffer I/O error on dev nbd4, logical block 3, async page read
[  713.505601][ T6752] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  713.505621][ T6752] Buffer I/O error on dev nbd4, logical block 0, async page read
[  713.505700][ T6752] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  713.505705][ T8818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  713.505722][ T6752] Buffer I/O error on dev nbd4, logical block 1, async page read
[  713.506494][ T8818] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  713.506642][ T6752] ldm_validate_partition_table(): Disk read failed.
[  713.507292][ T6752] Dev nbd4: unable to read RDB block 0
[  713.508132][ T6752]  nbd4: unable to read partition table
[  713.884657][ T6752] ldm_validate_partition_table(): Disk read failed.
[  713.885418][ T6752] Dev nbd4: unable to read RDB block 0
[  713.886178][ T6752]  nbd4: unable to read partition table
[  714.334937][ T8813] veth0: entered promiscuous mode
[  714.403155][ T8834] netlink: 4 bytes leftover after parsing attributes in process `syz.9.627'.
[  714.722095][ T8839] vivid-004: disconnect
[  714.997267][ T5942] usbhid 9-1:0.4: can't add hid device: -71
[  714.997473][ T5942] usbhid 9-1:0.4: probe with driver usbhid failed with error -71
[  715.037152][ T5942] usb 9-1: USB disconnect, device number 12
[  715.223389][ T8835] vivid-004: reconnect
[  715.431451][ T8842] netlink: 'syz.6.635': attribute type 13 has an invalid length.
[  716.859133][ T8842] gretap0: refused to change device tx_queue_len
[  716.859161][ T8842] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  717.705166][ T8871] nbd5: detected capacity change from 0 to 127
[  717.708229][ T5863] block nbd5: Receive control failed (result -32)
[  717.718818][ T6752] block nbd5: Send control failed (result -32)
[  717.718954][ T6752] block nbd5: Request send failed, requeueing
[  717.810939][   T11] block nbd5: Dead connection, failed to find a fallback
[  717.810966][   T11] block nbd5: shutting down sockets
[  717.815471][ T6752] ldm_validate_partition_table(): Disk read failed.
[  717.816131][ T6752] Dev nbd5: unable to read RDB block 0
[  717.816971][ T6752]  nbd5: unable to read partition table
[  717.866539][ T6752] ldm_validate_partition_table(): Disk read failed.
[  717.867003][ T6752] Dev nbd5: unable to read RDB block 0
[  717.867578][ T6752]  nbd5: unable to read partition table
[  718.441715][ T8881] vivid-008: disconnect
[  718.767405][ T8888] netlink: 12 bytes leftover after parsing attributes in process `syz.8.649'.
[  720.223705][ T8877] vivid-008: reconnect
[  720.892527][ T8900] netlink: 52 bytes leftover after parsing attributes in process `syz.9.655'.
[  723.322804][ T8942] netlink: 52 bytes leftover after parsing attributes in process `syz.0.667'.
[  724.268545][ T5863] block nbd6: Receive control failed (result -32)
[  724.444275][ T8943] nbd6: detected capacity change from 0 to 127
[  724.453577][ T6752] block nbd6: Dead connection, failed to find a fallback
[  724.453602][ T6752] block nbd6: shutting down sockets
[  724.453615][ T6752] blk_print_req_error: 286 callbacks suppressed
[  724.453627][ T6752] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  724.453650][ T6752] buffer_io_error: 286 callbacks suppressed
[  724.453660][ T6752] Buffer I/O error on dev nbd6, logical block 0, async page read
[  724.453730][ T6752] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  724.453753][ T6752] Buffer I/O error on dev nbd6, logical block 1, async page read
[  724.453802][ T6752] I/O error, dev nbd6, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  724.453823][ T6752] Buffer I/O error on dev nbd6, logical block 2, async page read
[  724.453867][ T6752] I/O error, dev nbd6, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  724.453889][ T6752] Buffer I/O error on dev nbd6, logical block 3, async page read
[  724.453945][ T6752] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  724.453965][ T6752] Buffer I/O error on dev nbd6, logical block 0, async page read
[  724.454011][ T6752] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  724.454033][ T6752] Buffer I/O error on dev nbd6, logical block 1, async page read
[  724.454078][ T6752] I/O error, dev nbd6, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  724.454100][ T6752] Buffer I/O error on dev nbd6, logical block 2, async page read
[  724.454145][ T6752] I/O error, dev nbd6, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  724.454167][ T6752] Buffer I/O error on dev nbd6, logical block 3, async page read
[  724.454221][ T6752] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  724.454243][ T6752] Buffer I/O error on dev nbd6, logical block 0, async page read
[  724.454315][ T6752] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  724.454338][ T6752] Buffer I/O error on dev nbd6, logical block 1, async page read
[  724.455421][ T6752] ldm_validate_partition_table(): Disk read failed.
[  724.456142][ T6752] Dev nbd6: unable to read RDB block 0
[  724.457024][ T6752]  nbd6: unable to read partition table
[  724.484979][ T6752] ldm_validate_partition_table(): Disk read failed.
[  724.485556][ T6752] Dev nbd6: unable to read RDB block 0
[  724.526055][ T6752]  nbd6: unable to read partition table
[  727.565177][ T8984] netlink: 'syz.9.680': attribute type 10 has an invalid length.
[  727.690969][ T6077] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  729.847100][ T8984] team0: Port device netdevsim0 added
[  730.056281][ T6077] usb 9-1: device descriptor read/all, error -71
[  730.302550][ T8997] netlink: 52 bytes leftover after parsing attributes in process `syz.0.684'.
[  733.770980][   T11] block nbd1: Possible stuck request ffff888024a4e000: control (read@0,1024B). Runtime 180 seconds
[  733.771028][   T11] block nbd1: Possible stuck request ffff888024a4e1c0: control (read@1024,1024B). Runtime 180 seconds
[  733.771058][   T11] block nbd1: Possible stuck request ffff888024a4e380: control (read@2048,1024B). Runtime 180 seconds
[  733.771086][   T11] block nbd1: Possible stuck request ffff888024a4e540: control (read@3072,1024B). Runtime 180 seconds
[  734.760740][ T5941] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  734.781818][   T11] block nbd0: Possible stuck request ffff8880249ae000: control (read@0,1024B). Runtime 210 seconds
[  734.781862][   T11] block nbd0: Possible stuck request ffff8880249ae1c0: control (read@1024,1024B). Runtime 210 seconds
[  734.781891][   T11] block nbd0: Possible stuck request ffff8880249ae380: control (read@2048,1024B). Runtime 210 seconds
[  734.782051][   T11] block nbd0: Possible stuck request ffff8880249ae540: control (read@3072,1024B). Runtime 210 seconds
[  734.931073][ T5941] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  734.931105][ T5941] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  734.931151][ T5941] usb 10-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice= 0.00
[  734.931174][ T5941] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  735.069249][ T5941] usb 10-1: config 0 descriptor??
[  736.117455][ T5941] usb 10-1: string descriptor 0 read error: -71
[  736.135518][ T5941] usbhid 10-1:0.0: can't add hid device: -71
[  736.135705][ T5941] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  736.139797][ T5941] usb 10-1: USB disconnect, device number 2
[  736.335939][ T9055] vivid-006: disconnect
[  737.016624][ T9053] vivid-006: reconnect
[  739.100779][ T5942] usb 10-1: new low-speed USB device number 3 using dummy_hcd
[  740.223235][ T5942] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  740.223300][ T5942] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 200, setting to 8
[  740.223329][ T5942] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  740.223352][ T5942] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  740.223394][ T5942] usb 10-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  740.223419][ T5942] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  740.327759][ T5942] usb 10-1: config 0 descriptor??
[  740.331539][ T9075] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  740.440384][ T5863] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  740.543012][ T5942] usb 10-1: USB disconnect, device number 3
[  740.700833][ T5862] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  740.960724][ T5862] usb 9-1: device descriptor read/64, error -71
[  742.200846][ T5862] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  743.330780][ T5862] usb 9-1: device descriptor read/64, error -71
[  743.445243][ T5862] usb usb9-port1: attempt power cycle
[  743.592582][ T9099] vivid-006: disconnect
[  744.040138][ T9097] vivid-006: reconnect
[  746.965662][ T9126] netlink: 'syz.0.724': attribute type 13 has an invalid length.
[  747.203496][ T9126] gretap0: refused to change device tx_queue_len
[  747.203514][ T9126] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  748.027016][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  748.027088][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  752.095139][ T9181] netlink: 'syz.0.737': attribute type 13 has an invalid length.
[  752.095493][ T9181] gretap0: refused to change device tx_queue_len
[  752.095512][ T9181] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  752.117250][ T9184] FAULT_INJECTION: forcing a failure.
[  752.117250][ T9184] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  752.117283][ T9184] CPU: 0 UID: 0 PID: 9184 Comm: syz.8.740 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  752.117304][ T9184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  752.117315][ T9184] Call Trace:
[  752.117323][ T9184]  <TASK>
[  752.117330][ T9184]  dump_stack_lvl+0xe8/0x150
[  752.117360][ T9184]  should_fail_ex+0x46c/0x600
[  752.117389][ T9184]  _copy_from_iter+0x1cd/0x1630
[  752.117413][ T9184]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  752.117442][ T9184]  ? __pfx__copy_from_iter+0x10/0x10
[  752.117472][ T9184]  ? set_page_refcounted+0xa0/0x1e0
[  752.117491][ T9184]  ? page_copy_sane+0x4e/0x280
[  752.117515][ T9184]  copy_page_from_iter+0xdd/0x170
[  752.117541][ T9184]  tun_get_user+0x1d40/0x3de0
[  752.117574][ T9184]  ? tun_get_user+0x6fc/0x3de0
[  752.117608][ T9184]  ? __pfx_tun_get_user+0x10/0x10
[  752.117631][ T9184]  ? __lock_acquire+0x6b6/0x2cf0
[  752.117657][ T9184]  ? kstrtoull+0x12f/0x1d0
[  752.117685][ T9184]  ? ref_tracker_alloc+0x2fe/0x450
[  752.117707][ T9184]  ? get_pid_task+0x20/0x1f0
[  752.117733][ T9184]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  752.117758][ T9184]  ? tun_get+0x1c/0x2f0
[  752.117778][ T9184]  ? tun_get+0x1c/0x2f0
[  752.117805][ T9184]  ? tun_get+0x1c/0x2f0
[  752.117824][ T9184]  ? tun_get+0x1c/0x2f0
[  752.117849][ T9184]  tun_chr_write_iter+0x119/0x200
[  752.117872][ T9184]  vfs_write+0x5d5/0xb40
[  752.117900][ T9184]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  752.117922][ T9184]  ? __pfx_vfs_write+0x10/0x10
[  752.117955][ T9184]  ? __fget_files+0x2a/0x420
[  752.117982][ T9184]  ksys_write+0x14b/0x260
[  752.118008][ T9184]  ? __pfx_ksys_write+0x10/0x10
[  752.118041][ T9184]  do_syscall_64+0xec/0xf80
[  752.118067][ T9184]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  752.118084][ T9184]  ? trace_irq_disable+0x37/0x100
[  752.118104][ T9184]  ? clear_bhb_loop+0x60/0xb0
[  752.118126][ T9184]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  752.118143][ T9184] RIP: 0033:0x7f2bc67fe1ff
[  752.118160][ T9184] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  752.118175][ T9184] RSP: 002b:00007f2bc4a5e000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  752.118194][ T9184] RAX: ffffffffffffffda RBX: 00007f2bc6a55fa0 RCX: 00007f2bc67fe1ff
[  752.118208][ T9184] RDX: 0000000000000056 RSI: 0000200000000140 RDI: 00000000000000c8
[  752.118220][ T9184] RBP: 00007f2bc4a5e090 R08: 0000000000000000 R09: 0000000000000000
[  752.118231][ T9184] R10: 0000000000000056 R11: 0000000000000293 R12: 0000000000000001
[  752.118243][ T9184] R13: 00007f2bc6a56038 R14: 00007f2bc6a55fa0 R15: 00007fff80bb16a8
[  752.118271][ T9184]  </TASK>
[  754.230027][ T9205] FAULT_INJECTION: forcing a failure.
[  754.230027][ T9205] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  754.230076][ T9205] CPU: 0 UID: 0 PID: 9205 Comm: syz.7.746 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  754.230098][ T9205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  754.230111][ T9205] Call Trace:
[  754.230119][ T9205]  <TASK>
[  754.230127][ T9205]  dump_stack_lvl+0xe8/0x150
[  754.230152][ T9205]  should_fail_ex+0x46c/0x600
[  754.230170][ T9205]  _copy_from_user+0x2d/0xb0
[  754.230181][ T9205]  sk_setsockopt+0x276/0x2a70
[  754.230198][ T9205]  ? __pfx_sk_setsockopt+0x10/0x10
[  754.230214][ T9205]  ? __fget_files+0x2a/0x420
[  754.230230][ T9205]  ? __fget_files+0x2a/0x420
[  754.230242][ T9205]  ? __fget_files+0x2a/0x420
[  754.230252][ T9205]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  754.230268][ T9205]  do_sock_setsockopt+0x11b/0x1b0
[  754.230283][ T9205]  __x64_sys_setsockopt+0x145/0x1b0
[  754.230298][ T9205]  do_syscall_64+0xec/0xf80
[  754.230309][ T9205]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  754.230319][ T9205]  ? clear_bhb_loop+0x60/0xb0
[  754.230331][ T9205]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  754.230341][ T9205] RIP: 0033:0x7f865fdbf749
[  754.230352][ T9205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  754.230361][ T9205] RSP: 002b:00007f865e005038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  754.230373][ T9205] RAX: ffffffffffffffda RBX: 00007f8660016090 RCX: 00007f865fdbf749
[  754.230381][ T9205] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000006
[  754.230388][ T9205] RBP: 00007f865e005090 R08: 0000000000000010 R09: 0000000000000000
[  754.230394][ T9205] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[  754.230401][ T9205] R13: 00007f8660016128 R14: 00007f8660016090 R15: 00007ffe9f254e28
[  754.230417][ T9205]  </TASK>
[  754.952903][ T9212] Invalid source name
[  756.956420][ T9225] netlink: 'syz.0.754': attribute type 13 has an invalid length.
[  756.956772][ T9225] gretap0: refused to change device tx_queue_len
[  756.956791][ T9225] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  760.559542][ T9246] netlink: 12 bytes leftover after parsing attributes in process `syz.9.762'.
[  763.307854][ T9261] netlink: 88 bytes leftover after parsing attributes in process `syz.8.757'.
[  763.385821][ T9265] netlink: 'syz.0.766': attribute type 13 has an invalid length.
[  763.386167][ T9265] gretap0: refused to change device tx_queue_len
[  763.386186][ T9265] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  764.020968][   T11] block nbd1: Possible stuck request ffff888024a4e000: control (read@0,1024B). Runtime 210 seconds
[  764.021014][   T11] block nbd1: Possible stuck request ffff888024a4e1c0: control (read@1024,1024B). Runtime 210 seconds
[  764.021045][   T11] block nbd1: Possible stuck request ffff888024a4e380: control (read@2048,1024B). Runtime 210 seconds
[  764.021073][   T11] block nbd1: Possible stuck request ffff888024a4e540: control (read@3072,1024B). Runtime 210 seconds
[  764.252633][ T9273] Invalid source name
[  764.920307][ T9284] netlink: 60 bytes leftover after parsing attributes in process `syz.8.770'.
[  764.966858][ T9288] netlink: 12 bytes leftover after parsing attributes in process `syz.0.774'.
[  766.160826][   T11] block nbd0: Possible stuck request ffff8880249ae000: control (read@0,1024B). Runtime 240 seconds
[  766.160874][   T11] block nbd0: Possible stuck request ffff8880249ae1c0: control (read@1024,1024B). Runtime 240 seconds
[  766.160904][   T11] block nbd0: Possible stuck request ffff8880249ae380: control (read@2048,1024B). Runtime 240 seconds
[  766.160933][   T11] block nbd0: Possible stuck request ffff8880249ae540: control (read@3072,1024B). Runtime 240 seconds
[  771.295850][ T9313] netlink: 'syz.0.779': attribute type 13 has an invalid length.
[  771.296263][ T9313] gretap0: refused to change device tx_queue_len
[  771.296282][ T9313] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  775.375695][ T5862] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  776.586129][ T9359] netlink: 'syz.9.795': attribute type 13 has an invalid length.
[  776.802172][ T9359] gretap0: refused to change device tx_queue_len
[  776.802199][ T9359] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  782.027418][ T9417] vivid-008: disconnect
[  782.841922][ T9423] Invalid source name
[  782.871215][ T9413] vivid-008: reconnect
[  783.024420][ T9426] netlink: 'syz.7.814': attribute type 13 has an invalid length.
[  783.079729][ T9426] gretap0: refused to change device tx_queue_len
[  783.079756][ T9426] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  784.880776][ T6046] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  785.190722][ T6046] usb 9-1: Using ep0 maxpacket: 16
[  785.192888][ T6046] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  785.192915][ T6046] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  785.195758][ T6046] usb 9-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  785.195789][ T6046] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  785.195810][ T6046] usb 9-1: Product: syz
[  785.195825][ T6046] usb 9-1: Manufacturer: syz
[  785.195841][ T6046] usb 9-1: SerialNumber: syz
[  785.202275][ T6046] usb 9-1: config 0 descriptor??
[  786.871894][ T5971] usb 9-1: USB disconnect, device number 18
[  787.550791][   T31] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  787.717086][   T31] usb 9-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  787.717118][   T31] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.717139][   T31] usb 9-1: Product: syz
[  787.717154][   T31] usb 9-1: Manufacturer: syz
[  787.717168][   T31] usb 9-1: SerialNumber: syz
[  787.731593][   T31] usb 9-1: config 0 descriptor??
[  787.739019][   T31] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  787.792834][   T31] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  787.793790][   T31] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  787.793849][   T31] usb 9-1: media controller created
[  787.847617][   T31] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  787.983948][ T9470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  787.984502][ T9470] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  788.000399][ T9470] dvb-usb: bulk message failed: -22 (7/0)
[  788.043971][ T9483] netlink: 'syz.0.830': attribute type 13 has an invalid length.
[  788.044213][ T9483] gretap0: refused to change device tx_queue_len
[  788.044224][ T9483] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  788.206257][   T31] DVB: Unable to find symbol mt352_attach()
[  788.339331][   T31] DVB: Unable to find symbol nxt6000_attach()
[  788.339349][   T31] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  788.353300][   T31] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.8/usb9/9-1/input/input7
[  788.401575][   T31] dvb-usb: schedule remote query interval to 1000 msecs.
[  788.401600][   T31] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  788.401617][   T31] dvb-usb: bulk message failed: -22 (7/0)
[  788.401633][   T31] dvb-usb: bulk message failed: -22 (7/0)
[  788.478807][   T31] usb 9-1: USB disconnect, device number 19
[  788.838706][   T31] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  789.227528][ T9502] Invalid source name
[  789.450737][ T5934] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  789.600854][ T5934] usb 9-1: Using ep0 maxpacket: 32
[  789.602753][ T5934] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  789.602787][ T5934] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  789.602825][ T5934] usb 9-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  789.602849][ T5934] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.669665][ T5934] usb 9-1: config 0 descriptor??
[  791.092641][ T5934] ft260 0003:0403:6030.0004: unknown main item tag 0x7
[  791.207050][ T5934] ft260 0003:0403:6030.0004: chip code: 6424 8183
[  791.418345][ T9499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  791.419232][ T9499] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  791.441136][ T5934] ft260 0003:0403:6030.0004: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.8-1/input0
[  791.661013][ T5934] ft260 0003:0403:6030.0004: failed to retrieve status: -32, no wakeup
[  791.666172][ T5934] ft260 0003:0403:6030.0004: i2c bus error: 0xbe
[  792.172857][ T5934] ft260 0003:0403:6030.0004: failed to reset I2C controller: -71
[  792.299641][ T5934] usb 9-1: USB disconnect, device number 20
[  792.327732][ T9527] netlink: 'syz.7.847': attribute type 13 has an invalid length.
[  792.328089][ T9527] gretap0: refused to change device tx_queue_len
[  792.328107][ T9527] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  793.187682][ T6046] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  793.333670][ T6046] usb 10-1: Using ep0 maxpacket: 16
[  793.337555][ T6046] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  793.337582][ T6046] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  794.091616][ T6046] usb 10-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  794.091649][ T6046] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  794.091670][ T6046] usb 10-1: Product: syz
[  794.091686][ T6046] usb 10-1: Manufacturer: syz
[  794.091701][ T6046] usb 10-1: SerialNumber: syz
[  794.145404][ T6046] usb 10-1: config 0 descriptor??
[  794.190772][   T11] block nbd1: Possible stuck request ffff888024a4e000: control (read@0,1024B). Runtime 240 seconds
[  794.190819][   T11] block nbd1: Possible stuck request ffff888024a4e1c0: control (read@1024,1024B). Runtime 240 seconds
[  794.190847][   T11] block nbd1: Possible stuck request ffff888024a4e380: control (read@2048,1024B). Runtime 240 seconds
[  794.190873][   T11] block nbd1: Possible stuck request ffff888024a4e540: control (read@3072,1024B). Runtime 240 seconds
[  796.690793][   T11] block nbd0: Possible stuck request ffff8880249ae000: control (read@0,1024B). Runtime 270 seconds
[  796.690838][   T11] block nbd0: Possible stuck request ffff8880249ae1c0: control (read@1024,1024B). Runtime 270 seconds
[  796.690866][   T11] block nbd0: Possible stuck request ffff8880249ae380: control (read@2048,1024B). Runtime 270 seconds
[  796.690892][   T11] block nbd0: Possible stuck request ffff8880249ae540: control (read@3072,1024B). Runtime 270 seconds
[  796.851779][ T5921] usb 10-1: USB disconnect, device number 5
[  797.206576][ T9572] Invalid source name
[  799.102672][ T9579] netlink: 'syz.8.863': attribute type 13 has an invalid length.
[  799.468224][ T9579] gretap0: refused to change device tx_queue_len
[  799.468252][ T9579] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  800.560777][ T5921] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  800.799955][ T5921] usb 10-1: Using ep0 maxpacket: 32
[  800.809822][ T5921] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[  800.809851][ T5921] usb 10-1: config 0 has no interface number 0
[  800.809896][ T5921] usb 10-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  800.809919][ T5921] usb 10-1: config 0 interface 1 has no altsetting 0
[  801.698119][ T5921] usb 10-1: New USB device found, idVendor=0572, idProduct=58a2, bcdDevice=27.0a
[  801.698155][ T5921] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  801.698177][ T5921] usb 10-1: Product: syz
[  801.698192][ T5921] usb 10-1: Manufacturer: syz
[  801.698207][ T5921] usb 10-1: SerialNumber: syz
[  801.783605][ T5921] usb 10-1: config 0 descriptor??
[  803.127322][ T9583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  803.127908][ T9583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  804.289210][ T5921] cx231xx 10-1:0.1: New device syz syz @ 480 Mbps (0572:58a2) with 1 interfaces
[  804.289247][ T5921] cx231xx 10-1:0.1: Not found matching IAD interface
[  804.401937][ T5921] usb 10-1: USB disconnect, device number 6
[  804.868081][ T9623] Invalid source name
[  805.884099][ T9630] netlink: 'syz.7.876': attribute type 13 has an invalid length.
[  805.884524][ T9630] gretap0: refused to change device tx_queue_len
[  805.884542][ T9630] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  806.100718][ T5863] Bluetooth: hci2: command 0x0406 tx timeout
[  808.829872][   T37] kauditd_printk_skb: 49 callbacks suppressed
[  808.829916][   T37] audit: type=1326 audit(1766933229.327:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9649 comm="syz.8.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bc67ff749 code=0x7ffc0000
[  808.830360][   T37] audit: type=1326 audit(1766933229.327:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9649 comm="syz.8.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bc67ff749 code=0x7ffc0000
[  809.535149][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  809.535228][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  810.814706][ T9673] Invalid source name
[  811.560918][ T5862] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  811.890712][ T5862] usb 8-1: Using ep0 maxpacket: 32
[  812.712146][ T9693] netlink: 'syz.0.894': attribute type 13 has an invalid length.
[  812.712499][ T9693] gretap0: refused to change device tx_queue_len
[  812.712518][ T9693] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  812.916914][ T9699] sctp: [Deprecated]: syz.6.895 (pid 9699) Use of struct sctp_assoc_value in delayed_ack socket option.
[  812.916914][ T9699] Use struct sctp_sack_info instead
[  813.023409][ T5862] usb 8-1: device descriptor read/all, error -71
[  814.232536][ T9710] vivid-008: disconnect
[  814.571327][ T9719] Invalid source name
[  815.735105][ T9703] vivid-008: reconnect
[  817.544088][ T9757] netlink: 'syz.0.910': attribute type 13 has an invalid length.
[  817.544319][ T9757] gretap0: refused to change device tx_queue_len
[  817.544331][ T9757] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  819.181450][ T9775] Invalid source name
[  824.789397][   T38] INFO: task syz.5.468:8222 blocked for more than 144 seconds.
[  824.789423][   T38]       Not tainted syzkaller #0
[  824.789433][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  824.789443][   T38] task:syz.5.468       state:D stack:26328 pid:8222  tgid:8221  ppid:6931   task_flags:0x400140 flags:0x00080002
[  824.789498][   T38] Call Trace:
[  824.789504][   T38]  <TASK>
[  824.789517][   T38]  __schedule+0x145f/0x5070
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  824.789554][   T38]  ? sched_clock_cpu+0x74/0x430
[  824.789581][   T38]  ? blkdev_writepages+0x10e/0x170
[  824.789608][   T38]  ? rcu_is_watching+0x15/0xb0
[  824.789634][   T38]  ? __pfx___schedule+0x10/0x10
[  824.789677][   T38]  rt_mutex_schedule+0x77/0xf0
[  824.789705][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[  824.789743][   T38]  ? rt_mutex_slowlock_block+0x351/0x6d0
[  824.789771][   T38]  rt_mutex_slowlock+0x2a8/0x6b0
[  824.789797][   T38]  ? rt_mutex_slowlock+0x1c9/0x6b0
[  824.789822][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[  824.789856][   T38]  ? sync_bdevs+0x27e/0x470
[  824.789884][   T38]  ? sync_bdevs+0x27e/0x470
[  824.789913][   T38]  ? sync_bdevs+0x27e/0x470
[  824.789932][   T38]  mutex_lock_nested+0x16a/0x1d0
[  824.789958][   T38]  sync_bdevs+0x27e/0x470
[  824.789985][   T38]  ksys_sync+0xb9/0x150
[  824.790006][   T38]  ? __pfx_ksys_sync+0x10/0x10
[  824.790029][   T38]  ? trace_sys_enter+0x25/0xf0
[  824.790060][   T38]  __ia32_sys_sync+0xe/0x20
[  824.790080][   T38]  do_syscall_64+0xec/0xf80
[  824.790100][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.790119][   T38]  ? clear_bhb_loop+0x60/0xb0
[  824.790142][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  824.790160][   T38] RIP: 0033:0x7fb1f5c3f749
[  824.790175][   T38] RSP: 002b:00007fb1f3e9e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  824.790203][   T38] RAX: ffffffffffffffda RBX: 00007fb1f5e95fa0 RCX: 00007fb1f5c3f749
[  824.790217][   T38] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  824.790228][   T38] RBP: 00007fb1f5e95fa0 R08: 0000000000000000 R09: 0000000000000000
[  824.790240][   T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  824.790252][   T38] R13: 00007fb1f5e96038 R14: 00007fb1f5e95fa0 R15: 00007ffc967e2998
[  824.790285][   T38]  </TASK>
[  824.790316][   T38] 
[  824.790316][   T38] Showing all locks held in the system:
[  824.790326][   T38] 2 locks held by kworker/0:0H/11:
[  824.790337][   T38]  #0: ffff8881404a9d38 ((wq_completion)kblockd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  824.790388][   T38]  #1: ffffc90000107bc0 ((work_completion)(&q->timeout_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  824.790437][   T38] 1 lock held by khungtaskd/38:
[  824.790447][   T38]  #0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  824.790511][   T38] 1 lock held by kworker/u8:8/1111:
[  824.790524][   T38] 6 locks held by kworker/u8:11/1226:
[  824.790535][   T38]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  824.830803][   T11] block nbd1: Possible stuck request ffff888024a4e000: control (read@0,1024B). Runtime 270 seconds
[  824.830850][   T11] block nbd1: Possible stuck request ffff888024a4e1c0: control (read@1024,1024B). Runtime 270 seconds
[  824.830879][   T11] block nbd1: Possible stuck request ffff888024a4e380: control (read@2048,1024B). Runtime 270 seconds
[  824.830906][   T11] block nbd1: Possible stuck request ffff888024a4e540: control (read@3072,1024B). Runtime 270 seconds
[  824.984812][   T38]  #1: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x19c/0x4b0
[  824.984871][   T38]  #2: ffff88803a990878 (&lock->wait_lock){....}-{2:2}, at: rt_mutex_slowunlock+0xaa/0x2e0
[  824.984921][   T38]  #3: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: ieee80211_sta_active_ibss+0xc3/0x330
[  824.984968][   T38]  #4: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[  824.985013][   T38]  #5: ffff888059a3e070 (&lock->wait_lock){....}-{2:2}, at: rt_mutex_slowunlock+0xb0/0x8a0
[  824.985082][   T38] 1 lock held by udevd/5170:
[  824.985094][   T38]  #0: ffff888037280a08 (&ep->lock){+.+.}-{3:3}, at: do_epoll_wait+0x848/0xbb0
[  824.985151][   T38] 2 locks held by getty/5563:
[  824.985162][   T38]  #0: ffff8880356690a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  824.985210][   T38]  #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x44f/0x1460
[  824.985251][   T38] 1 lock held by sshd-session/5837:
[  824.985261][   T38]  #0: ffffffff8d20c0a8 (tasklist_lock){++++}-{3:3}, at: release_task+0x33b/0x16d0
[  824.985308][   T38] 1 lock held by syz-executor/5843:
[  824.985317][   T38]  #0: ffffffff8d20c0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740
[  824.985361][   T38] 2 locks held by syz-executor/5848:
[  824.985371][   T38]  #0: ffffffff8d20c0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740
[  824.985418][   T38]  #1: ffff8880b883b6d8 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  824.985465][   T38] 2 locks held by kworker/u8:4/5905:
[  824.985476][   T38]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  824.985528][   T38]  #1: ffffc900050e7bc0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  824.985576][   T38] 4 locks held by kworker/u8:7/5996:
[  824.985589][   T38] 3 locks held by kworker/1:9/6063:
[  824.985603][   T38] 1 lock held by udevd/6728:
[  824.985613][   T38]  #0: ffff8880248e24c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0
[  824.985662][   T38] 7 locks held by udevd/6752:
[  824.985673][   T38] 1 lock held by udevd/6778:
[  824.985684][   T38]  #0: ffff8880249624c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0
[  824.985731][   T38] 1 lock held by syz-executor/6933:
[  824.985742][   T38] 1 lock held by syz-executor/6934:
[  824.985753][   T38]  #0: ffffffff8d20c0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740
[  824.985801][   T38] 4 locks held by syz-executor/6935:
[  824.985813][   T38] 1 lock held by syz-executor/6936:
[  824.985824][   T38]  #0: ffffffff8d20c0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740
[  824.985876][   T38] 1 lock held by syz-executor/7016:
[  824.985886][   T38]  #0: ffffffff8d20c0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740
[  824.985945][   T38] 1 lock held by syz.5.468/8222:
[  824.985956][   T38]  #0: ffff8880249624c8 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x27e/0x470
[  824.986004][   T38] 1 lock held by syz-executor/8422:
[  824.986014][   T38]  #0: ffffffff8d20c0a8 (tasklist_lock){++++}-{3:3}, at: __do_wait+0xe1/0x740
[  824.986066][   T38] 1 lock held by syz.8.919/9780:
[  824.986075][   T38]  #0: ffff88806c01d6f8 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  824.986138][   T38] 1 lock held by syz.7.921/9789:
[  824.986148][   T38]  #0: ffff88803e143cf8 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  824.986201][   T38] 4 locks held by syz.0.923/9795:
[  824.986212][   T38] 3 locks held by syz.9.925/9802:
[  824.986243][   T38] 
[  824.986248][   T38] =============================================
[  824.986248][   T38] 
[  824.986267][   T38] NMI backtrace for cpu 1
[  824.986281][   T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  824.986299][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  824.986309][   T38] Call Trace:
[  824.986316][   T38]  <TASK>
[  824.986324][   T38]  dump_stack_lvl+0xe8/0x150
[  824.986349][   T38]  nmi_cpu_backtrace+0x274/0x2d0
[  824.986372][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  824.986391][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  824.986410][   T38]  sys_info+0x135/0x170
[  824.986422][   T38]  watchdog+0xf95/0xfe0
[  824.986437][   T38]  ? watchdog+0x20a/0xfe0
[  824.986451][   T38]  kthread+0x711/0x8a0
[  824.986466][   T38]  ? __pfx_watchdog+0x10/0x10
[  824.986477][   T38]  ? __pfx_kthread+0x10/0x10
[  824.986489][   T38]  ? rt_spin_unlock+0x150/0x200
[  824.986505][   T38]  ? rt_spin_unlock+0x161/0x200
[  824.986517][   T38]  ? __pfx_kthread+0x10/0x10
[  824.986531][   T38]  ret_from_fork+0x510/0xa50
[  824.986544][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  824.986554][   T38]  ? __switch_to+0xc9e/0x1480
[  824.986571][   T38]  ? __pfx_kthread+0x10/0x10
[  824.986585][   T38]  ret_from_fork_asm+0x1a/0x30
[  824.986607][   T38]  </TASK>
[  824.986612][   T38] Sending NMI from CPU 1 to CPUs 0:
[  824.986661][    C0] NMI backtrace for cpu 0
[  824.986675][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  824.986693][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  824.986703][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  824.986721][    C0] Code: c3 c2 03 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 c7 16 00 f3 0f 1e fa fb f4 <e9> 98 c2 03 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  824.986735][    C0] RSP: 0018:ffffffff8d207dc0 EFLAGS: 000002c6
[  824.986750][    C0] RAX: 00000000004a113b RBX: ffffffff8195d78e RCX: 0000000080000001
[  824.986761][    C0] RDX: 0000000000000001 RSI: ffffffff8ce0bbf9 RDI: ffffffff8b3f57e0
[  824.986773][    C0] RBP: ffffffff8d207eb0 R08: ffff8880b8833c5b R09: 1ffff1101710678b
[  824.986785][    C0] R10: dffffc0000000000 R11: ffffed101710678c R12: ffffffff8edb3470
[  824.986797][    C0] R13: 1ffffffff1a60668 R14: 0000000000000000 R15: 0000000000000000
[  824.986808][    C0] FS:  0000000000000000(0000) GS:ffff888126cef000(0000) knlGS:0000000000000000
[  824.986822][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  824.986833][    C0] CR2: 00007fad58027d60 CR3: 000000001d768000 CR4: 00000000003526f0
[  824.986848][    C0] Call Trace:
[  824.986854][    C0]  <TASK>
[  824.986860][    C0]  default_idle+0x13/0x20
[  824.986883][    C0]  default_idle_call+0x73/0xb0
[  824.986900][    C0]  do_idle+0x1be/0x4d0
[  824.986918][    C0]  ? __pfx_do_idle+0x10/0x10
[  824.986934][    C0]  ? do_idle+0x4af/0x4d0
[  824.986950][    C0]  cpu_startup_entry+0x44/0x60
[  824.986964][    C0]  rest_init+0x2de/0x300
[  824.986983][    C0]  start_kernel+0x381/0x3d0
[  824.987002][    C0]  x86_64_start_reservations+0x24/0x30
[  824.987021][    C0]  x86_64_start_kernel+0x143/0x1c0
[  824.987041][    C0]  common_startup_64+0x13e/0x147
[  824.987069][    C0]  </TASK>
[  824.991987][   T38] Kernel panic - not syncing: hung_task: blocked tasks
[  824.992011][   T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  824.992034][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  824.992046][   T38] Call Trace:
[  824.992053][   T38]  <TASK>
[  824.992062][   T38]  vpanic+0x1e0/0x670
[  824.992094][   T38]  panic+0xb9/0xc0
[  824.992117][   T38]  ? __pfx_panic+0x10/0x10
[  824.992141][   T38]  ? preempt_schedule_thunk+0x16/0x30
[  824.992168][   T38]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  824.992196][   T38]  watchdog+0xfdf/0xfe0
[  824.992223][   T38]  ? watchdog+0x20a/0xfe0
[  824.992250][   T38]  kthread+0x711/0x8a0
[  824.992277][   T38]  ? __pfx_watchdog+0x10/0x10
[  824.992297][   T38]  ? __pfx_kthread+0x10/0x10
[  824.992318][   T38]  ? rt_spin_unlock+0x150/0x200
[  824.992346][   T38]  ? rt_spin_unlock+0x161/0x200
[  824.992367][   T38]  ? __pfx_kthread+0x10/0x10
[  824.992393][   T38]  ret_from_fork+0x510/0xa50
[  824.992416][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  824.992434][   T38]  ? __switch_to+0xc9e/0x1480
[  824.992464][   T38]  ? __pfx_kthread+0x10/0x10
[  824.992489][   T38]  ret_from_fork_asm+0x1a/0x30
[  824.992529][   T38]  </TASK>
[  824.992672][   T38] Kernel Offset: disabled