last executing test programs:

21.369413615s ago: executing program 3 (id=65):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000005c0))
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c0000001600010025bd7000fddbdf250a000000f69e27a3d2a61135b5cdbb1034b02a1a21fc07043621dcd2a25b6b17a08134191fcddb553ff3081dca7fb7b18ace2c9bdb3f09c2d1bb96a561e67a626c82a4", @ANYRES32=0x0, @ANYBLOB="14000600390000000700000008"], 0x2c}}, 0x24080)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007500000095"], 0x0, 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000600)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000780)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10)
recvfrom$inet_nvme(0xffffffffffffffff, &(0x7f0000000000)=""/136, 0x88, 0x0, &(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1, 0x4}, 0x80)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000002c0)="4a2b5af6b9c8af77a75979705a07", 0xe)
fsetxattr$trusted_overlay_upper(r3, &(0x7f0000000280), &(0x7f00000004c0)={0x0, 0xfb, 0x8f, 0x1, 0xc, "ff4a635bc48ac1a11e421e42075c8a9a", "32dfd58f215cfebb8c3448e0a1de828b0be119310c991c8d88177ab470d0de4a33acbc40dffb1e91b399b084c6ee0bc4cc536cd5f98a0c75c3127ba02f7bd52734cb4c09072467a583a43fd418f5ed06900c795b64c8b7876e542e65e6ea4b9378e4176de73cc9a57cd224dbceb099bbcc50ec4874fd3d0c43b7"}, 0x8f, 0x1)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r5, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0xc38, &(0x7f0000000dc0)=ANY=[])

17.672393706s ago: executing program 3 (id=73):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x400000a, 0x12, 0xffffffffffffffff, 0x1000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8102, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x50, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, &(0x7f0000004340)=@vmx={0x0, 0x0, 0x2080, {0xffffffff}, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ddb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200"}})
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x8004, &(0x7f0000000240)={[], [{@smackfstransmute={'smackfstransmute', 0x3d, 'binder\x00'}}, {@fscontext={'fscontext', 0x3d, 'root'}}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffdb1, &(0x7f0000000280)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
ioctl$KVM_TDX_INIT_MEM_REGION(r1, 0xc008aeba, &(0x7f0000000200)={0x3, 0x0, &(0x7f0000000180)={&(0x7f0000450000/0x1000)=nil, 0x80a0000, 0x2}})
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x20000, 0x0)

14.25744365s ago: executing program 3 (id=84):
syz_init_net_socket$x25(0x9, 0x5, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, &(0x7f0000000080)={'enc=', 'oaep', ' hash=', {'blake2s-224-generic\x00'}}, 0x0, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
r3 = dup(r2)
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x103, 0x0, 0xe0, 0x0, 0x0})

12.004270447s ago: executing program 1 (id=88):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)=ANY=[@ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
pread64(0xffffffffffffffff, &(0x7f0000000480)=""/210, 0xd2, 0x4f)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002d80)={r2, r1, 0x25, 0x8, @void}, 0x10)
r3 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r3, 0x8, &(0x7f00000002c0)=0x2)
openat$udambuf(0xffffff9c, &(0x7f00000000c0), 0x2)
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r5, 0x6, 0x1b, &(0x7f0000000040)=0x7, 0x4)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000340)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e", 0x1e}, {0x0}], 0x2)
ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, &(0x7f00000000c0))

11.508742944s ago: executing program 1 (id=92):
io_setup(0x2, &(0x7f0000000040)=<r0=>0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])

11.200431566s ago: executing program 0 (id=93):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r0, &(0x7f0000000f00)=[{{&(0x7f00000000c0)={0x2, 0x4e22, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000007c0)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x4000800)

11.194329398s ago: executing program 1 (id=94):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000002900)={0x0, 0x0, 0x0}, 0x40000010)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000011}, 0x20000084)

10.977056592s ago: executing program 1 (id=95):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f0000000140)=[{&(0x7f0000000900)="580000001400192340834b80040d8c560a066e0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200060c10000000010000000000", 0x58}], 0x1)

10.967335938s ago: executing program 0 (id=96):
socket$key(0xf, 0x3, 0x2)
io_uring_setup(0x667, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x3, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r1 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x90)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001500)={0x84, 0x0, &(0x7f0000001380)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x18, &(0x7f00000012c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/4096, 0x1000, 0x1, 0x3b}, @flat=@weak_binder={0x77622a85, 0x100a, 0x3}, @ptr={0x70742a85, 0x1, &(0x7f0000001280)=""/17, 0x11, 0x0, 0xd}}, &(0x7f0000001340)={0x0, 0x28, 0x40}}}, @increfs_done={0x40106308, 0x3}, @increfs={0x40046304, 0x1}, @increfs={0x40046304, 0x2}, @release, @increfs={0x40046304, 0x3}, @free_buffer={0x40086303, r1}], 0x90, 0x0, &(0x7f0000001440)="cd8e4acb007606fb5ac8ec750d402f1c2a63d07ae3915125e37f3823298983e4cf8d83d74bc0a66f97ee7d0b7d2a5c9d1834fbb814a297446603ce8df8fface14aab538810950efa94be703c620751c50cb5c7f6618376b8a2a173ebfc9113d83910fd348aedfb12076a8d0146c316bcb05a3a435bcc79423ff9da699625bfc9b41c23b313f7145ca60099c9560e2ac2"})
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000180), 0x220200, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r5 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
ftruncate(r5, 0x40000000000ffff)
socket$qrtr(0x2a, 0x2, 0x0)
fcntl$addseals(r5, 0x409, 0x7)
syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/cgroup\x00')
r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x0, 0x8000})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001540)=ANY=[@ANYBLOB="0e00000004000000eaef10040000000c0400f7ff000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r8}, 0xc)
ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000001c0)=0x1)
r9 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000000240)=0x1)
dup3(0xffffffffffffffff, r9, 0x80000)
ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000000080)=0x7)

10.35544324s ago: executing program 2 (id=98):
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e88330009050202000202000009"], 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev\x00')
close_range(r0, r0, 0x0)
statx(r0, 0x0, 0x1000, 0x6000, 0x0)
r1 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{0x18, 0x110, 0x1, '\x00'}, {0x18, 0x110, 0xe, "b8a5"}], 0x30}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="09000000010000006d05000002"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r2}, 0x38)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="200000001a1401"], 0x20}, 0x1, 0x0, 0x0, 0x4000015}, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r2, 0x0, 0x11000000}, 0x38)
close$binfmt(0xffffffffffffffff)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040f0307010604"], 0x7)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001e00)={&(0x7f0000000400)="3685c08c341894bf6b0fe097aff470d697c6f80c1f65002228869617bfff2ca93b50beb2432d1a63849904f31392801acb88bf4c3d7ee2275ac40e30c93aa3d5d09b2753320ce0145be1c0de94db4e22258aa6d3dd02ccf715a28edf78952a89710590e31d044747b6fb6d330cd4e3834c62f4579ff9a4032e3ac4d260ce7206c68516f45ecb9c27d28f9fe43555b94a161d9d7850eae699881912c8085fcab1be3f", &(0x7f0000000540)=""/173, &(0x7f0000000700)="2fa897932cca4abec6f215e1e9bcd5b92b1f9f8e8fbde20a58d7077f1b04a6296ad2c51aefe31cc270b980ffbea09ac2092cd71f291427fb261d62fca153bb85a63e11e983939501160f75d034fb455b695a17217507914ec8cb0fa4b7aab3f5454280565327e6d438647d11dd7a7d85404774b400cadcbecda10405185bffb45a47d33c8516b9dbc5bdd23bb95a6c7c517b3f8a2386cbcec2feb69d0f2964515e8eec337ee496662f65d2", &(0x7f0000000e00)="3792e2c34ecfa6393c2b21bf328be2a03c90eb7ceac571436264bf5614f2a40363cbbc197c4a0befd112a06ddfbfa59c864e92fd3ea7e1bf2fc7820d5db18ce1b47fa947b050d3d7d5258282afb87cd7126162ac4394cb386088f1d2977e9682e38daf14a6057a2b3260e564ada6643d086716146b79af581c20cf059bf574f66685215ab6d8b115126ec4162cd70b354d57a5e45cc2ab38b1247918ca0caea39dc38e3fb6a07b245652879c024483b222dbb2eca2a0c09234131169b5b640047264f6baf618dd9422d5ea2828f3716af4eb1f8640624f53eed346a98946f91a069c4501bba595294b413aa7d21187769a0d15046cb4cdb0772a1e2b58aeaa5d4f5c8d161c436d3887cdebf0f10789ec2da3a1c25bfec4160fd4f11acc51f0e2c264168293aac49dec9db47e095720be67e765c00d8fdd8c0a9c9a60b91d3d87c4e013a12d07e28595ff62aa6090bd6cf510606a25442b22f9fbaf28558cbb48cf2704f18cbb2af6c1d18d82b5b583deca9a891d48b3d95dae7fc3d9bb4d9f084136a1dbe6cc48225ee3a5e6f9fac1101e3915c03fec2d6a60298c618f7dc2f2ced671b8ad652275ea7064225478618e4ecc6b25d3e26bc6e31d459c7deb01586b4efa527b325ea29d8dea19e8d0bbe62edd36bcd5e6fbfa56938e6a28e7930b2cfd18f7a66a77764e15f0a9a52b9ab5a0adda57eb3f382b2a6150b077070dccd103682d26e1bb5eff3ff62ecf10595d53959e0e6d706b540cc0326802cf8206716eeb16775bc8a1d5dd76f51fe5adf0961cace9bf19c17d78b25a87b9c3b18d3bb962a44b3016a85bcc9b51fec946a2d9226fffd5acec79ebc565351bb8fef5ffd8d3af3acc7d684d1bbbe1b4372cf7d8baa4efb6feff8c5a8128a1755ab9e6a987b3066754a2ab6f4feda29961e92557d434df83c88c77e9e1f0029786db7590c880c51012c3028fe2ab3b190b54d5543082b44c799d83fddb42fca1ebfa451cfee0112b4d0e9e27c881f343e12909c0826265cc2b8a7ac36c92850f5cc7216c4f38ed9486fc0e681baaba42331ce163d2e275ba51a3289bc82dbbb554ce37782fed90f866648f7db1fe52f5fab930a784f00bcde673f07110a8abe40f15cbc2494f95274b048d29f7e85b5c743a76f290f52b78c6aeb6741c86ff3c19ffb48ddc1d688f54420dbeb3592d9940394b9a50becf5819e08dd27af8f3ffa82795fe67398c4342e57446d7b5563da4a42c98a09b2eadfee38d3c3f358733a519ef5cee3d389a7a9beb290eff31f8951920ce0e48c09645e1ad470ab0a6bfd6e8ad066b7662e7654d21774c8b519354f2d185f132a60a3c35bdfe3f0b01c8d45323fc58210e6f766f5f548b5ef8b125c9c5dfa51b29c405abbc1eeaa23d40e3ea6b40625d4831144de85e68538c7fd06de65b811077dac2f05c38f47d39370526eab7d48b90dadcc78d9900eb823316e31d03e354c073632c47acc34e7c3ef653257ea1d66b3d2b89117d5b2a917b9ff643a9f905257c23455b21b7621042f08067740a879c96f03dfdcb65c52c2ad7ce9f61683308a7c87f6c6f0e64d135a60d0a4f037de4b01477dfccc8a8c80458067a2a9d75a7fcae97f2347940b826bfab159b84b6128a759fb96ab235556ce196b00b09d8fc515bf8149e8496b9f5aa2254da31b393f0aced3c79e25bae700679c1d0766a4b0ed4de39e6dc81a6099149f1a959a06c7288a482d9b921c038f4cc2cdea147d80c6f03c9e17c2cd3536a0b734c93ac837e67b01a0c0b8d3b9e2a09423f7441e011bd8c37c94f6bea125b45feaedb47208a9ec4803fe43096448cda7b1b3a88d709785fc569dcfc8d6e2d5cff1be4f5800e810253102eb6915e670013a7e007a397c7a54c7e10e139ee43c16292e1e79aab7831ae77cb72a5445ed1e33a568041ee3918d9c5f9207a80f90e47ce4ef92b6f0b57fd1e6e6159cbefd6b48f3f0e4aca2404e9f075748dd81924c9c37a329df2013cc0ea1dd49c2c61359da690b02fd9382c14d5f0b2716e6c95238c297168519469b6c8f8b22ffa2ef5bda498000cacd139c0b672d65b57979b78290902ad8ef44825109c33bf4aaebee29244884e6b5615e1c20f41546651e4281b1bdae152a85b2dd8e1ae25686c8bda82945442c85f14f725bcb24d1287d810adb5d729465edf038355a0fe3f052ccbefe081515dbf5cc3bf4ae5f86b98b0d7d33c48f84e78d7b450c7d5adb237f33ca5360eba85b93e203eb26bf77448d24075052939b7e4b004b4d19d61095c291ce4a359c25c9cd46aa2f404aaab6b4888b7c5e75a1eb5c6b2d9b07b53916316122b230f6c8f9b5304c06cea9f501f14555665ab4c75533582451a06f02dce5ccec3c99faec0385d5d784d2e168cacc8aaa82e2c461f1636f77a9a1cdd493d0cf78cbf311930d100d9c52dc9e8d6083845c0227cb02124b006895f3adab35d11c6159eb0fe5c25e77c9e5054597ef5c35966495712c40b0f7f94f764ad36fd01ef31f3182c3d4abdf9b26f9aa3cf8ac0650b362844efb69b8eda806b22538c49a8861801e6fd2497c6df05fbaa9089f7d5248f4df3d90242357ce00b1ded38c48e791b1455685142b8317d9a2818beab3fcf52ba8c2236d44b2bcbee0a217d8b12b5b7e63af7441b7a531fbbafbc4f5ad7f82bc3e360211d134fd38b493685e664c2409cf0d27e7a308ed53de981ed6332f620a41eee91ef633277fe48065032bc355e0842141b9fb3932754f433ef31efb0aa644b27f2e6d428eaf373755e8f030128701a7f38effbf09a159dd65784db4685eba02588ce1f47268795d7adbcc784cf6c46d5260da17cfdec12f4d827d541483ca3ff98e6d29a72ed80bab4936aea1678304bf01fe4704669d319cc208e18a35b69c0a70186f1659f95d2c54765fd0c43d41528765200b1dbc2b9ef0472b288c690da4549a86313c446584e6b891aaddeb84aeee30544bd35716fd161dfaa54fd67fec37f1a99e0a30295a4982ed3239482eb362ef908dd180191f98d39c88ce02c99d6479fcff41efab4e91b49b8797c21a3bde4dc5e34cbf7e1e65dbaa00b39eb69aa33cbf76383ef217429096904da2ad72cb22d169e6e7291d990a8c15f97c027c420548430885d505c0c1592096dc1e7fb5c89c82d949edebee747c8e8838ed046eac8ac6ceea600ed69afff55f17b3c788c8f8b31c5d7b4eb02132d301ce29a0aa852bc83ed19e050a6ea9fe1f7fcdb5cf65f1fc8897a2d835e3c98165d984681e8997f8d23b21126c3ad4d4abd8c3ac181c6b3bb4d759d0a0a08877abc64f9c62f00b13b8b8f20cbb61a11638622b6c2c2e8f9b76c433c1ca8d2d272bfa2c4596e77fca96b6b6e71c193d2c2803bb2bcbc318a3484738d5509a464fc68833887c5087a73006c8edba21352ca72de50319d27a5cb9eae84acbe40d9056d5623e6f261bd6952b92fa575d6d5b561a13dab626548918b9cadcdb4f95b2391fc60ac77ddf905a88ff01deb465fa79a8e05433e737440e045adab34044056edcee2040fac5c5376cb23c522aa8865d8560d4a76789ee9566f93642060d0a374df0d2cdcbe06897acc27e7a73871367230fe3abe3c791078210811405695042c1eeec1301f49123cfed8bc8660640831dcd0367cd834942afa0996010a3239ebe21409e0c8ec3a5124225ad28fd8f4c0928a0668abfe9d4d806748a1f7624d0786bb9c945d5be63827f7d08792e94ba20b93e33ddfbe657d85388fffd9362e2c41e2b342ae9629c95639d5bb07b0a7d07eacafd9c6b95636b95b934d559c185a4d249ad9003a6912f7fcef35d9edb7beb74506eb371ef2dbc28a9084202ad21d6064bcc6fb45eb94204046fb881df0a57c338ea67fbb12073a897e56b4d240d333654ce20e67923b952ec8f4ec7dbd77908bc7e16de1284a57b2807fc3b5c250420041166ddb21d977e4bd6d8965abcd4b0cbf5af35d75fc0ba5b88f699709f79af41e8e436c026ec87d1427d26002c513194a4af94cdeb01bbdbf044f48e7970123bbff2845223a2be87346006023b5285ba0986cfab1110610256e00bff4d75b9c3359242eecb72ed10e3241d85949e2e2b2fcb325e46165ab560c1fa846e3e98c7b7dbd6ce1188eabfb3c4d24f4ba66036479f669e49e676143dd43816d0cc944dcaf8a0145e5578511ad5fb9233b100fe782d2b8a7ad4f14a5c2074bac5a8210b37ee7e18a5e4a344c2357e2ab0ecf1c21ed5030c95f217649ea60848573de04f99721f3bb7f95162c92a97e451f2465027488da0640bf41ed09cdf2ea139b777d289ed733e17afd2856557917648ded62a65eff67bd874599b6c9adf6a82df8839d53f80605ed2891feef113298fcdd339202834d481b74b21867294dd0a71829f6a74dc2aad4e0df698cb4213da54c99349d129b92ce8f08d316a4d403c254385f9ff6757d39eeb85de0373224d6955b6fd334a60dbf401165c845047837a413d145c662e33a2232b67128da23b4200954b25196dc2225ac066f8710d7ce6fe42c6630bb08c1c234d3b63742ff96d0ad88ad284fc54d9f270910acc0a9f6ada344ddb9f0cfa41f9c37ab53eeb7ee664e933c4d5e0f96d934265a860fecf1835ecf8479fa1f98f732519b085503208dddbf50772a75da2864822ec1d89343bf3e03aff1ecfe3daf76c7f685b1a258a262b54791b2f66c0a814881289677c84ab45eeb4a9388fdcd4021d4b95273dbbc9e03586600408f6b7f45d12fe466fd49c041fa94bfe276e4689e9625a1de5b6ff997d8cf971a5d5460a21f4e05633ee6620710bfec13778cfc9239c171200f81ae2bbc15f38023f17d21f5e92fcc18f5239edcd5a26f8ad467e4c5cb0a189182ef0c1e24777da0fa2681ff58c0dc46701f329ad58cc1c4956bad66923c38326f0851271742c119e7303593aa0f9d9cc929d1b799df7d965cd268e16af6a28ca9a9576ac21a557bfb2cbbe0f136d74469e40bff1e65edbb9216814a4e4075f055fc543968186181dcd575d208141f48fd3c67c1965d81fbecd6c33b52fce8a22b4111bb579e3c13e2717e12a3e033b30c204a96d1f0fd2bb82dd92b2c366694ea37058eb5aab5fe47b8a0a5592d3177d553bff713e59656bbfe28c3174f09cb00be481b01d57f2364ed369181383c55d997986e0bb1111785abb51b37b39351a08cc107777d73581043c53f306a9f18931e0224c21ae0a9b4ef6d3228812baa4b872622291dbee33dedcf0d139bb231bb799659e1cf4b5d7f63b33620966528e0a4bd4535685a51cd6982513a96fe8c6bcfa8479c957bb0d244106cc6cee533f739fc055ea69fbda8c19aade6e22e46a07aef1ecca55478adb29de4ba15ebf74dbe965d96fb8812689885085a250fe5d4826385f571da24b5af8bad1508abeff585ea8f105caa2122f5e770fbfbf396466f1fcaab27435baf1a1cd1005bce9a019f5d98f4e187d65fde875f3a1927e9f3babb7f89d542ad309854a9fa5d4dbe5594a4372189c0bfba3e2cea9baa93c80a046d3a0800122e9a2be4bc422390deb88edf2921021d1c99ce2ddeb1af7cdd05ff780c9bff7b419831177f92a3465cb79777682503a94c29f9c19d178e7f756a8d82bae10c94a24cdc84f4aff1f7212b525165f1fb2ca0be2283023b84d44c8be8b47c3148dfe64e5fa243c35aa6803b978cbd3b1db86c2df43afa9b92e7da579515d2a8cd3173248c8765b8ff74b136ac98149549464e9e2fb1f6a4965b5b1780586ce958bf1d7d15ff184593587fed25a97ac7b78ac154ea4335", 0xf57, r2}, 0x38)
connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0), 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
pidfd_getfd(r0, r4, 0x0)

9.732960274s ago: executing program 3 (id=100):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000005c0))
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c0000001600010025bd7000fddbdf250a000000f69e27a3d2a61135b5cdbb1034b02a1a21fc07043621dcd2a25b6b17a08134191fcddb553ff3081dca7fb7b18ace2c9bdb3f09c2d1bb96a561e67a626c82a462", @ANYRES32=0x0, @ANYBLOB="14000600390000000700000008"], 0x2c}}, 0x24080)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000040000000000000000000000850000002c000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007500000095"], 0x0, 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000600)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000780)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10)
recvfrom$inet_nvme(0xffffffffffffffff, &(0x7f0000000000)=""/136, 0x88, 0x0, &(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1, 0x4}, 0x80)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000002c0)="4a2b5af6b9c8af77a75979705a07", 0xe)
fsetxattr$trusted_overlay_upper(r3, &(0x7f0000000280), &(0x7f00000004c0)={0x0, 0xfb, 0x8f, 0x1, 0xc, "ff4a635bc48ac1a11e421e42075c8a9a", "32dfd58f215cfebb8c3448e0a1de828b0be119310c991c8d88177ab470d0de4a33acbc40dffb1e91b399b084c6ee0bc4cc536cd5f98a0c75c3127ba02f7bd52734cb4c09072467a583a43fd418f5ed06900c795b64c8b7876e542e65e6ea4b9378e4176de73cc9a57cd224dbceb099bbcc50ec4874fd3d0c43b7"}, 0x8f, 0x1)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r5, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0xc38, &(0x7f0000000dc0)=ANY=[])

7.360188332s ago: executing program 4 (id=102):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)=ANY=[@ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
pread64(0xffffffffffffffff, &(0x7f0000000480)=""/210, 0xd2, 0x4f)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002d80)={r2, r1, 0x25, 0x8, @void}, 0x10)
r3 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r3, 0x8, &(0x7f00000002c0)=0x2)
openat$udambuf(0xffffff9c, &(0x7f00000000c0), 0x2)
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r5, 0x6, 0x1b, &(0x7f0000000040)=0x7, 0x4)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000340)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e", 0x1e}, {0x0}], 0x2)
ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, &(0x7f00000000c0))

7.173871088s ago: executing program 4 (id=103):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299", 0xb}, {&(0x7f0000000740)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f1", 0x64}], 0x2, &(0x7f0000000540)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x6008830}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
getrandom(0x0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="400000001000ffff000018000000000000000000", @ANYRES32=0x0, @ANYBLOB="0500040023080000180012800e0001007769726567756172640000000400028008001f0004"], 0x40}, 0x1, 0x0, 0x0, 0x804}, 0x20040000)
r3 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r3, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty=0x48000000}, 0xffac, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f815108f6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9b245c8c68eebf247e25ba8d26f8b95b21ac9ceb50c0aa2e4bdc032024db216b92f9350a90ac79341af14d3fa8ba908096e1b503341aed667bb184c672dac85fc4f335b3871c3b4e55ea219a857d2d2e135358f6b45a20b3e7de8e09b2041eb7c5084a80258fb524a983752659298a251e178b56f96bc67ae0a78ec92f92d92c9cf0edb5dcb11e739d69410ad44c8df00caa030d7d89f2ec38bd7698115c423cf3e6048793aca08ffbcdac766f1553773fa00031c1d75246e4e1eddf8948d02a3de6d67fd7329e45070f29044587f1e0db50d04e673191a63e30f96ee0d8d52738fab36a7fe2c6ab9301d401e7ca5b1f039193a580e40abbdf40c2d7e27809dec80815d37adae9fe7fb9d3a974c9fc03944d7338d000b81170be4c6792ed6b3b827194b3ae11e2acfca48498d1126aacf80f3d574256ef7f75552ff087a819e", 0xffa0}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x5, &(0x7f00000010c0), 0x19}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000100)={0x792fe798, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108)
r7 = socket(0xa, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0)
writev(r8, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0, 0xff2b}], 0x2)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x84, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e23, @loopback}}, 0xc, 0x2a}, 0x90)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r6, 0xc018620c, &(0x7f00000000c0)={0x1})
io_uring_register$IORING_UNREGISTER_NAPI(0xffffffffffffffff, 0x1c, &(0x7f00000010c0), 0x1)
mkdir(&(0x7f0000000180)='./file0\x00', 0x1)
r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4b564d02, 0xec000000, 0xcd}]})

6.644283543s ago: executing program 4 (id=104):
mkdir(&(0x7f0000000180)='./bus\x00', 0xa0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000140)='./file0/../file0\x00', 0x0, 0x961899, 0x0)
unshare(0x22020400)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, 0x0, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00')
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='15', 0x2}], 0x8)
r3 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@RTM_GETNSID={0x34, 0x5a, 0x4, 0x70bd27, 0x25dfdbfd, {}, [@NETNSA_FD={0x8, 0x3, r2}, @NETNSA_NSID={0x8, 0x1, 0x1}, @NETNSA_FD={0x8, 0x3, r3}, @NETNSA_NSID={0x8, 0x1, 0x101}]}, 0x34}, 0x1, 0x40000, 0x0, 0x28001}, 0x8000002)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4000000040000100feffffffffdbdf25017c0c00000042800c00018006000600800a00001c000200180017801400"], 0x40}, 0x1, 0x0, 0x0, 0x48815}, 0x800c000)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)
r4 = socket$inet6(0xa, 0x2, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x6, 0x0, 0x4}]}, 0x10)
sendto$inet6(r4, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
sendto$inet6(r4, &(0x7f0000000040), 0x3000, 0x0, 0x0, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0xd)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x22)

6.407603124s ago: executing program 2 (id=105):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x202, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414"], 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000280), 0x80010a, 0x1cb600)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82803, 0x8e)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r3, 0x4c09, 0x400)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000070000001400018005000200010000000800"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8)

5.211957294s ago: executing program 0 (id=106):
socket$key(0xf, 0x3, 0x2)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r4 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
ftruncate(r4, 0xffff)
socket$qrtr(0x2a, 0x2, 0x0)
fcntl$addseals(r4, 0x409, 0x7)
r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000000)={r4, 0x0, 0x0, 0x8000})
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f00000001c0)=0x1)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800})
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000080)=0x7)

5.203695823s ago: executing program 2 (id=107):
syz_open_dev$tty1(0xc, 0x4, 0x3)
io_submit(0x0, 0x1, &(0x7f00000013c0)=[&(0x7f0000001400)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x44, 0x4, 0x2}, 0x50)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r0, 0x0, &(0x7f0000000480)=@tcp=r2}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r0, &(0x7f00000003c0)="01b4", &(0x7f0000000300)=@tcp=r1, 0x1}, 0x20)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18)
r7 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085", 0xcb}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
write$binfmt_misc(r3, &(0x7f0000000240), 0xfffffecc)

5.202529084s ago: executing program 3 (id=108):
syz_usb_connect(0x5, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="120110010928fc10ac059102254301020301090212000100004000090484000003e102"], 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000002800000028000000030000000000000004000003"], 0x0, 0x43, 0x0, 0x1, 0x3}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000006080)={0x6, 0xc, 0x0, &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000380)={r0, r2, 0x25, 0x0, @val=@tracing={0x0, 0x5a7}}, 0x20)
syz_emit_ethernet(0x56, &(0x7f0000000480)={@local, @empty, @void, {@canfd={0xd, {{0x0, 0x0, 0x1, 0x1}, 0x3a, 0x1, 0x0, 0x0, "2675fff519e189457ae5d2df1ade7f4e51485f8da0cc633333f1a8eb0b6323da5864251ba7a02c2f232d868215dd0234a269ac7ba4ee89feb8d02cfd1a515ae5"}}}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x8, 0x94, 0x7fff0000}]})
unshare(0x2c020400)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000016c0)=ANY=[@ANYRESOCT=0x0], 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
r5 = syz_open_procfs$pagemap(0x0, &(0x7f00000000c0))
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, 0x0)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_CONTINUE(r6, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
ioctl$PAGEMAP_SCAN(r5, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x4, 0x0, 0x0, 0xbff, 0x1e, 0x0, 0x2c, 0x6e})
r7 = add_key$user(&(0x7f0000000000), &(0x7f0000000340)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r8 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$sock_buf(r9, 0x1, 0x1c, 0xfffffffffffffffc, &(0x7f0000000000)=0x9)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r7, r8, r7}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r10 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r4, &(0x7f0000000080)={0x80000017})
syz_usb_connect$uac1(0x5, 0x9a, &(0x7f00000002c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x1235, 0x8002, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x88, 0x3, 0x1, 0x6, 0x10, 0x73, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x9, 0xa}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x7, 0x1a00, 0x2, 0x1}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x8, 0x5, 0x40, "9b"}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x1, 0x9, 0x4b, 0x2}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x80, 0x0, 0x5, 0x5}]}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0xb, 0xd, 0x3, {0x7, 0x25, 0x1, 0x8, 0x6, 0x3}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x2, 0x65, 0xd, {0x7, 0x25, 0x1, 0x18, 0x9, 0x6}}}}}}}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1cb, &(0x7f00000005c0)={0x5, 0xf, 0x1cb, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x3, "af0c78aa17f0da0ca20208e9b9629379"}, @ssp_cap={0x20, 0x10, 0xa, 0xe, 0x5, 0x4, 0xff0f, 0x1, [0xf, 0x0, 0x3f, 0xcf, 0xff3f]}, @generic={0x7a, 0x10, 0x1, "78c4bdaaf251a387ca2cf12ded98150bac52150f58737e0ed677cd9416785cd2addaf5f4f5650b7f794a7a8a66d337b798e5ea166217d389ce5a65af343c1417f8eb2e08b36eb7642988fce10fcd14834719807c17300595480df6ac0b1b2b752b7304d03ceabc2bea52d51447441c0ef0a71df5ac66ef"}, @generic={0xa7, 0x10, 0xa, "4cf15d0fa358daa156ef38010cddf79ba61e0a7611871afe7cf11c3dc5502a34f45294d728d83d0287dfe1edd36e55959aa6e16723543abf85034b741f5b6d0907cceea92461eaae4513f07e57f1449762e2e7a398407cc56f9c53ddc26029ea23f3d4a8c569551ad51278a4922736d40e051b7a65795e2a9fb727b1b5fc6c98e20eda500b66e34749788addbf4fb6cb71ff64e87689bdd44bcfbb9af94468321ff19d0e"}, @generic={0x71, 0x10, 0xb, "b0cf963be8cc4f0e24c1c2f3d844abfbf14c5985a2f5b1ea1c1ed05d0204b6c569eb1af31416443b20e74fcc4b37d208a1b4c318a47be9ca10a22bc696e881c60d602c39ffd1602b0af83ba44dd83bbcaca0f1e2db9cd9f330e1811502c7311f2cf7b980a9d02d5240a178ee2f93"}]}, 0x4, [{0x94, &(0x7f00000007c0)=@string={0x94, 0x3, "5671e21463e6410dbe883474a1507fb5408427b20ce47afc4a334956aa8690bec60c465300a926c758e7c57cfa22ce79db8952b5f38640aba72bdce055e78ec7c5a374a70ad0e8303f256b3d8d592bbbc99d2b730e0c4456b2d0a861ab84729c8a9766805fa4ba9fc9b9cf0adebfb5efec2dd6dcadbd7cf67793efc15e62e20d97cf075be18f46681d3805c99cb3be3be291"}}, {0xd9, &(0x7f0000000880)=@string={0xd9, 0x3, "30521b9743cfa2bc28dfed483f6a6cd8d4ef2d718ad696782900f539c9cec5f690f9228420399c0db516dd85bcffe7dac754207004ba1d9752c62280d7a87bc087f05648b40ae35d2de154690cd07994fe3506af58dc18b78f621503f927a20df2b303e24a249f7fd8c06e026d82e9fc3845dd3a3ce12bd7fcc75329960a3bdb674b56ec808d9302c579a17d0c134a45d42053fc70d0cac253c2d07ddc51c53553f1dd028d43b6c0b26c5bfb1d2491b9426565972d43a87e19477d62daf058b20f84ffbe32228ee3daa0ba11c3a796a7782f40a96435ff"}}, {0x4, &(0x7f0000000980)=@lang_id={0x4, 0x3, 0x405}}, {0xd4, &(0x7f00000009c0)=@string={0xd4, 0x3, "9edea87c3322e51e42b9308b110dad8e0508d810f40a1930a9434939289af57235548278feefac8dbfc3e7fc5854743bb8ffde8d472d9ae82fa414b16ad1c14b79eb46d5a6521223445d6ce9c0620511f01b88dbbc645b65e673c1a5cb36e8eb15e263ddffc89243127b057a9e2caaa30f26a6b60f992396cc6f5d20e7bdcf1f1c557ba314ebbf3116d81c9ea28cd702552fa8e10c2046e5209a3c6d544927433d19de8ab96793a868450c71a715cf972dd7028354c521f1715afeb6e3779715c1cbeb9f634bc889a774d8d0c3fc2105376c"}}]})
syz_usb_control_io$hid(r3, &(0x7f0000000280)={0x24, &(0x7f0000000c00)=ANY=[@ANYBLOB="3f105d0000005d31115f"], 0x0, 0x0, 0x0}, 0x0)

4.839078462s ago: executing program 4 (id=109):
syz_open_dev$tty1(0xc, 0x4, 0x3)
io_submit(0x0, 0x1, &(0x7f00000013c0)=[&(0x7f0000001400)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x44, 0x4, 0x2}, 0x50)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r0, 0x0, &(0x7f0000000480)=@tcp=r1}, 0x20)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18)
r6 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed88", 0x3a}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
write$binfmt_misc(r2, &(0x7f0000000240), 0xfffffecc)

4.83763467s ago: executing program 1 (id=110):
syz_init_net_socket$x25(0x9, 0x5, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, &(0x7f0000000080)={'enc=', 'oaep', ' hash=', {'blake2s-224-generic\x00'}}, 0x0, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2)
r3 = dup(r2)
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x103, 0x0, 0xe0, 0x0, 0x0})

3.717686215s ago: executing program 2 (id=111):
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0)
fsopen(0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={<r2=>0x0, 0x2c, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @remote, 0x7}, @in={0x2, 0x4e22, @loopback}]}, &(0x7f0000000080)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000000c0)={r2, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xce024d}, 0x9c)
open(&(0x7f0000000040)='./file0\x00', 0x4001, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000000340)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000001100)={'ip6tnl0\x00', &(0x7f00000010c0)=@ethtool_stats})
getpid()
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
ptrace$peekuser(0x3, r3, 0x5)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000000)

3.650483624s ago: executing program 0 (id=112):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRES8])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_GET_STATS(r0, 0x80f86406, &(0x7f0000000900)=""/4096)

2.524220139s ago: executing program 0 (id=113):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000009c0)=ANY=[@ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
pread64(0xffffffffffffffff, &(0x7f0000000480)=""/210, 0xd2, 0x4f)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002d80)={r2, r1, 0x25, 0x8, @void}, 0x10)
r3 = getpgrp(0xffffffffffffffff)
sched_setaffinity(r3, 0x8, &(0x7f00000002c0)=0x2)
openat$udambuf(0xffffff9c, &(0x7f00000000c0), 0x2)
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r5, 0x6, 0x1b, &(0x7f0000000040)=0x7, 0x4)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000340)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65", 0x1f}, {0x0}], 0x2)
ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, &(0x7f00000000c0))

2.437253727s ago: executing program 4 (id=114):
r0 = open(&(0x7f0000000b00)='./file1\x00', 0x143bc2, 0x1cc) (async, rerun: 64)
close(0x3) (rerun: 64)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x101042, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={0x0, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x1}}, 0x40) (async)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84) (async)
socket$nl_sock_diag(0x10, 0x3, 0x4)
shutdown(r3, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={<r4=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000001280)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000340)={r4, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) (async)
sendmmsg$inet_sctp(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x492492492492775, 0x0) (async)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000d80), &(0x7f0000001dc0)=0x8) (async)
write$cgroup_int(r0, &(0x7f0000000000)=0xfff, 0x12)

2.058316556s ago: executing program 4 (id=115):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000034000000340000000600000004000000000000010400000001040000000000000000000d040000000000000000000010040000000400000000000008030000000000000061"], 0x0, 0x52}, 0x28)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYRES16=r1, @ANYRES32, @ANYBLOB="0000000000040100000000000000000000000100", @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="010000000300"/28], 0x50)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x1, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1021, 0x800b}, [@IFLA_GROUP={0x8}, @IFLA_MTU={0x8, 0x4, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x801}, 0x4000000)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r2, 0x0, 0x0, 0xb, 0x0, 0x0)
ioctl$XFS_IOC_FSGROWFSRT(r1, 0x40105870, &(0x7f00000000c0)={0x2, 0x9})
r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB='P\x00\b\x00', @ANYRES16=r4, @ANYBLOB="0100e2741f26e4d96dc60100000008000100020000002c000480050003000200000005000300050000000500030000000000050003000100000005000300010000000800020002"], 0x50}, 0x1, 0x0, 0x0, 0xc082}, 0x20004080)
r5 = mq_open(&(0x7f0000000000)='batadv_slave_1\x00', 0x8c2, 0x30, &(0x7f0000000080)={0x8000000000000000, 0x8, 0x1, 0xc05})
mq_getsetattr(r5, &(0x7f0000000040)={0x0, 0x40, 0x4, 0xffff}, 0x0)
mq_timedreceive(r5, &(0x7f0000000100)=""/90, 0x5a, 0x0, 0x0)
mq_timedsend(r5, 0x0, 0x0, 0x5, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000002000bd7000ffdbdf2502000000ff00000800000000080018004e214e21000000"], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x4040)
r7 = syz_open_procfs(0x0, &(0x7f0000000100)='oom_adj\x00')
pread64(r7, 0x0, 0x0, 0x2000000000000000)
r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r9 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x1, 0x8f}, 0x0)
socket$caif_seqpacket(0x25, 0x5, 0x2)
r10 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r10])
write$cgroup_int(r10, &(0x7f0000000340)=0xffffffffffffffff, 0x12)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r7, 0xc0189371, &(0x7f0000000300)={{0x1, 0x1, 0x18, r8}, './file0\x00'})

1.979278396s ago: executing program 0 (id=116):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000002900)={0x0, 0x0, 0x0}, 0x40000010)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'macvtap0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x3, 0x3, 0xda8}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r3)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000018000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c0001c006000100d9030000080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000e"], 0x70}, 0x1, 0x0, 0x0, 0x28008890}, 0x40)
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000200)=""/184, &(0x7f00000002c0)=0xb8)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x5000, 0xfffffdfc, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {}, {0x2, 0xfff1}}, [@qdisc_kind_options=@q_red={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0xff, 0x5}}]}, 0x38}}, 0x4008000)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000011}, 0x20000084)

1.923837881s ago: executing program 3 (id=117):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10000, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = socket$rds(0x15, 0x5, 0x0)
r2 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$inet(r1, &(0x7f0000000480)={&(0x7f0000000000)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000001c0)="91cfdfefdb", 0x1a000}], 0x1}, 0x0)
sendmsg$rds(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)

1.885814318s ago: executing program 2 (id=118):
socket$key(0xf, 0x3, 0x2)
io_uring_setup(0x667, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r4 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
ftruncate(r4, 0xffff)
socket$qrtr(0x2a, 0x2, 0x0)
fcntl$addseals(r4, 0x409, 0x7)
r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000000)={r4, 0x0, 0x0, 0x8000})
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f00000001c0)=0x1) (fail_nth: 3)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
dup3(0xffffffffffffffff, r6, 0x80000)
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000080)=0x7)

121.212µs ago: executing program 1 (id=119):
r0 = socket$key(0xf, 0x3, 0x2)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x140, 0x10, 0x713, 0x0, 0x25dfdbff, {{@in=@multicast1, @in6=@mcast2, 0x4, 0x0, 0x4e21, 0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0xee00}, {@in6=@dev={0xfe, 0x80, '\x00', 0x37}, 0x4d2, 0x32}, @in6=@private2, {0x400000000000005, 0x0, 0x0, 0x9, 0xffffffff00000001, 0x0, 0x80000001, 0x543}, {0x4, 0x7fffffffffffffff, 0x100, 0x1}, {}, 0x70bd2c, 0x3505, 0xa, 0x4, 0x0, 0x50}, [@algo_aead={0x50, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x20, 0x80, "210466d3"}}]}, 0x140}, 0x1, 0x0, 0x0, 0x880}, 0x2014)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='rdma.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r5, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r5, 0xc0189373, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x800}}, './file0\x00'})
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000180), 0x4)
r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r7 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
socket$qrtr(0x2a, 0x2, 0x0)
dup(r7)
fcntl$addseals(r7, 0x409, 0x7)
r8 = ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f0000000000)={r7, 0x0, 0x0, 0x8000})
ioctl$DMA_BUF_IOCTL_SYNC(r8, 0x40086200, &(0x7f00000001c0)=0x1)
r9 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
msgctl$IPC_RMID(0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800})
ioctl$DMA_BUF_IOCTL_SYNC(r8, 0x40086200, &(0x7f0000000080)=0x7)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)

0s ago: executing program 2 (id=120):
r0 = openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x40, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(r0, 0xc0045401, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.45' (ED25519) to the list of known hosts.
[   83.481232][ T5782] cgroup: Unknown subsys name 'net'
[   83.722127][ T5782] cgroup: Unknown subsys name 'cpuset'
[   83.778152][ T5782] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   85.675868][ T5782] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.881044][    T9] cfg80211: failed to load regulatory.db
[   87.999700][ T5800] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.019942][ T5801] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.022988][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   88.023863][ T5801] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   88.030625][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   88.031489][ T5801] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   88.036426][ T5808] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   88.038056][ T5809] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   88.039053][ T5808] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   88.049742][ T5808] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   88.050297][ T5808] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   88.060698][ T5809] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   88.062656][ T5809] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   88.078088][ T5809] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.079671][ T5809] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.080382][ T5809] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.097583][ T5809] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   88.098100][ T5809] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   88.107176][   T60] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   88.109388][ T5809] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   88.110651][ T5809] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   88.111720][ T5809] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   88.113068][ T5114] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   88.128253][ T5800] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   88.133028][ T5809] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   88.961457][ T5795] chnl_net:caif_netlink_parms(): no params data found
[   88.975594][ T5798] chnl_net:caif_netlink_parms(): no params data found
[   89.099946][ T5797] chnl_net:caif_netlink_parms(): no params data found
[   89.208985][ T5796] chnl_net:caif_netlink_parms(): no params data found
[   89.214734][ T5810] chnl_net:caif_netlink_parms(): no params data found
[   89.386089][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.387067][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.401884][ T5795] bridge_slave_0: entered allmulticast mode
[   89.403660][ T5795] bridge_slave_0: entered promiscuous mode
[   89.407954][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.408073][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.408234][ T5798] bridge_slave_0: entered allmulticast mode
[   89.410850][ T5798] bridge_slave_0: entered promiscuous mode
[   89.461485][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.461601][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.461751][ T5798] bridge_slave_1: entered allmulticast mode
[   89.463263][ T5798] bridge_slave_1: entered promiscuous mode
[   89.477736][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.477859][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.478018][ T5795] bridge_slave_1: entered allmulticast mode
[   89.480532][ T5795] bridge_slave_1: entered promiscuous mode
[   89.573095][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.573236][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.573343][ T5797] bridge_slave_0: entered allmulticast mode
[   89.574882][ T5797] bridge_slave_0: entered promiscuous mode
[   89.638237][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.638385][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.638881][ T5797] bridge_slave_1: entered allmulticast mode
[   89.640468][ T5797] bridge_slave_1: entered promiscuous mode
[   89.645582][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.672109][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.715565][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.715809][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.715941][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.716045][ T5796] bridge_slave_0: entered allmulticast mode
[   89.718772][ T5796] bridge_slave_0: entered promiscuous mode
[   89.725568][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.733958][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.734078][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.734647][ T5810] bridge_slave_0: entered allmulticast mode
[   89.737243][ T5810] bridge_slave_0: entered promiscuous mode
[   89.795450][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.795547][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.795846][ T5796] bridge_slave_1: entered allmulticast mode
[   89.817691][ T5796] bridge_slave_1: entered promiscuous mode
[   89.836190][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.836303][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.836409][ T5810] bridge_slave_1: entered allmulticast mode
[   89.838664][ T5810] bridge_slave_1: entered promiscuous mode
[   89.845735][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.080924][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.082708][ T5798] team0: Port device team_slave_0 added
[   90.090546][ T5808] Bluetooth: hci1: command tx timeout
[   90.106946][ T5795] team0: Port device team_slave_0 added
[   90.146471][ T5798] team0: Port device team_slave_1 added
[   90.151525][ T5795] team0: Port device team_slave_1 added
[   90.156469][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.157545][ T5809] Bluetooth: hci3: command tx timeout
[   90.157667][ T5809] Bluetooth: hci0: command tx timeout
[   90.157837][ T5808] Bluetooth: hci4: command tx timeout
[   90.160782][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.224972][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.227282][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.230643][ T5797] team0: Port device team_slave_0 added
[   90.237622][ T5800] Bluetooth: hci2: command tx timeout
[   90.305499][ T5797] team0: Port device team_slave_1 added
[   90.331837][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.331851][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   90.331866][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.333765][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.333781][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   90.333808][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.442727][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.442746][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   90.442773][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.444472][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.444482][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   90.444495][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.446483][ T5796] team0: Port device team_slave_0 added
[   90.554157][ T5810] team0: Port device team_slave_0 added
[   90.583003][ T5796] team0: Port device team_slave_1 added
[   90.583698][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.583709][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   90.583723][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.586871][ T5810] team0: Port device team_slave_1 added
[   90.645226][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.645238][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   90.645253][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.736690][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.736704][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   90.736718][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.781839][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.781858][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   90.781886][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.827995][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.828012][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   90.828036][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.829731][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.829743][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   90.829765][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.842532][ T5795] hsr_slave_0: entered promiscuous mode
[   90.843920][ T5795] hsr_slave_1: entered promiscuous mode
[   90.856201][ T5798] hsr_slave_0: entered promiscuous mode
[   90.857988][ T5798] hsr_slave_1: entered promiscuous mode
[   90.859017][ T5798] debugfs: 'hsr0' already exists in 'hsr'
[   90.859107][ T5798] Cannot create hsr debugfs directory
[   90.989506][ T5797] hsr_slave_0: entered promiscuous mode
[   90.990493][ T5797] hsr_slave_1: entered promiscuous mode
[   90.991097][ T5797] debugfs: 'hsr0' already exists in 'hsr'
[   90.991122][ T5797] Cannot create hsr debugfs directory
[   91.386384][ T5796] hsr_slave_0: entered promiscuous mode
[   91.387269][ T5796] hsr_slave_1: entered promiscuous mode
[   91.400244][ T5796] debugfs: 'hsr0' already exists in 'hsr'
[   91.400268][ T5796] Cannot create hsr debugfs directory
[   91.448129][ T5810] hsr_slave_0: entered promiscuous mode
[   91.448965][ T5810] hsr_slave_1: entered promiscuous mode
[   91.449527][ T5810] debugfs: 'hsr0' already exists in 'hsr'
[   91.449546][ T5810] Cannot create hsr debugfs directory
[   92.057248][ T5795] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.148813][ T5795] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   92.157526][ T5800] Bluetooth: hci1: command tx timeout
[   92.183738][ T5795] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.235812][ T5795] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   92.237526][ T5800] Bluetooth: hci4: command tx timeout
[   92.237559][ T5800] Bluetooth: hci0: command tx timeout
[   92.237583][ T5800] Bluetooth: hci3: command tx timeout
[   92.317692][ T5808] Bluetooth: hci2: command tx timeout
[   92.358083][ T5798] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   92.395870][ T5798] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   92.427415][ T5798] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   92.477062][ T5798] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   92.587285][ T5797] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   92.620997][ T5797] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   92.666843][ T5797] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   92.716977][ T5797] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   92.836911][ T5796] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   92.880692][ T5796] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   92.916416][ T5796] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   92.971222][ T5796] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   93.104479][ T5810] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   93.145671][ T5810] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   93.171495][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.171751][ T5810] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   93.221157][ T5810] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   93.320809][ T5795] 8021q: adding VLAN 0 to HW filter on device team0
[   93.344360][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.365553][  T167] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.365671][  T167] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.410476][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.411233][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.457075][ T5798] 8021q: adding VLAN 0 to HW filter on device team0
[   93.504770][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.504991][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.530285][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.549000][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.549135][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.621453][ T5797] 8021q: adding VLAN 0 to HW filter on device team0
[   93.633562][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.662390][  T167] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.662474][  T167] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.717246][  T167] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.719942][  T167] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.754635][ T5796] 8021q: adding VLAN 0 to HW filter on device team0
[   93.783503][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.816548][  T192] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.824873][  T192] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.871266][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.871350][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.959323][ T5810] 8021q: adding VLAN 0 to HW filter on device team0
[   94.003071][  T167] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.004036][  T167] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.055440][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.055962][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.226461][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.238737][ T5808] Bluetooth: hci1: command tx timeout
[   94.336574][ T5808] Bluetooth: hci3: command tx timeout
[   94.336612][ T5808] Bluetooth: hci0: command tx timeout
[   94.336626][ T5800] Bluetooth: hci4: command tx timeout
[   94.398235][ T5808] Bluetooth: hci2: command tx timeout
[   94.552115][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.632114][ T5795] veth0_vlan: entered promiscuous mode
[   94.676988][ T5795] veth1_vlan: entered promiscuous mode
[   94.689523][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.774024][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.879479][ T5798] veth0_vlan: entered promiscuous mode
[   94.928080][ T5795] veth0_macvtap: entered promiscuous mode
[   94.945599][ T5798] veth1_vlan: entered promiscuous mode
[   94.980485][ T5795] veth1_macvtap: entered promiscuous mode
[   95.051694][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.094698][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.095037][ T5796] veth0_vlan: entered promiscuous mode
[   95.143551][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.171870][ T5796] veth1_vlan: entered promiscuous mode
[   95.184634][ T5798] veth0_macvtap: entered promiscuous mode
[   95.189028][  T167] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.211863][   T68] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.215990][   T68] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.237090][   T68] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.243187][ T5798] veth1_macvtap: entered promiscuous mode
[   95.453620][ T5810] veth0_vlan: entered promiscuous mode
[   95.467912][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.510526][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.520410][ T5796] veth0_macvtap: entered promiscuous mode
[   95.563246][ T5810] veth1_vlan: entered promiscuous mode
[   95.566054][ T5797] veth0_vlan: entered promiscuous mode
[   95.583600][ T5796] veth1_macvtap: entered promiscuous mode
[   95.584663][   T68] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.587097][   T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.587127][   T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.609851][   T68] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.614693][   T68] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.651227][   T68] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.683491][ T5797] veth1_vlan: entered promiscuous mode
[   95.741038][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.741061][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.805983][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.864270][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.945903][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.965471][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.980204][ T5810] veth0_macvtap: entered promiscuous mode
[   95.982648][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.990915][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.992398][  T167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.992426][  T167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.021502][ T5810] veth1_macvtap: entered promiscuous mode
[   96.071021][ T5797] veth0_macvtap: entered promiscuous mode
[   96.177794][ T5797] veth1_macvtap: entered promiscuous mode
[   96.179300][   T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.179319][   T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.295471][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.328141][ T5808] Bluetooth: hci1: command tx timeout
[   96.349080][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.393727][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.393749][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.399035][ T5809] Bluetooth: hci0: command tx timeout
[   96.399064][ T5809] Bluetooth: hci3: command tx timeout
[   96.399104][ T5808] Bluetooth: hci4: command tx timeout
[   96.404409][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.438275][  T173] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.449561][  T173] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.459442][  T173] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.470571][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.473042][  T173] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.477859][ T5800] Bluetooth: hci2: command tx timeout
[   96.602864][ T5910] FAULT_INJECTION: forcing a failure.
[   96.602864][ T5910] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   96.602899][ T5910] CPU: 1 UID: 0 PID: 5910 Comm: syz.0.6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[   96.602924][ T5910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   96.602934][ T5910] Call Trace:
[   96.602940][ T5910]  <TASK>
[   96.602947][ T5910]  dump_stack_lvl+0xe8/0x150
[   96.602978][ T5910]  should_fail_ex+0x46b/0x600
[   96.603006][ T5910]  _copy_from_user+0x2d/0xb0
[   96.603024][ T5910]  ___sys_sendmsg+0x1c6/0x360
[   96.603053][ T5910]  ? __pfx____sys_sendmsg+0x10/0x10
[   96.603122][ T5910]  ? __fget_files+0x2a/0x420
[   96.603146][ T5910]  ? __fget_files+0x3a6/0x420
[   96.603177][ T5910]  __x64_sys_sendmsg+0x1c3/0x2a0
[   96.603202][ T5910]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   96.603235][ T5910]  ? __pfx_ksys_write+0x10/0x10
[   96.603279][ T5910]  do_syscall_64+0x14d/0xf80
[   96.603300][ T5910]  ? trace_irq_disable+0x3b/0x150
[   96.603324][ T5910]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.603347][ T5910]  ? clear_bhb_loop+0x40/0x90
[   96.603371][ T5910]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.603392][ T5910] RIP: 0033:0x7ffabb04c819
[   96.603413][ T5910] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   96.603430][ T5910] RSP: 002b:00007ffab929e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   96.603453][ T5910] RAX: ffffffffffffffda RBX: 00007ffabb2c5fa0 RCX: 00007ffabb04c819
[   96.603467][ T5910] RDX: 0000000000000041 RSI: 0000200000000500 RDI: 0000000000000006
[   96.603480][ T5910] RBP: 00007ffab929e090 R08: 0000000000000000 R09: 0000000000000000
[   96.603491][ T5910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.603504][ T5910] R13: 00007ffabb2c6038 R14: 00007ffabb2c5fa0 R15: 00007ffefa689638
[   96.603538][ T5910]  </TASK>
[   96.610775][  T173] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.640415][  T173] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.668417][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.668436][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.680520][  T173] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.702761][  T173] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.286802][  T143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.286824][  T143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.321242][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   97.450924][  T143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.450950][  T143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.507595][    T9] usb 1-1: Using ep0 maxpacket: 32
[   97.512853][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.512874][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.563622][    T9] usb 1-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   97.563658][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[   97.563692][    T9] usb 1-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[   97.563715][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.634693][    T9] usb 1-1: config 0 descriptor??
[   97.688523][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.688538][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.704744][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   97.908690][   T10] usb 4-1: Using ep0 maxpacket: 16
[   97.945018][   T10] usb 4-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=ba.be
[   97.945289][   T10] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[   97.945321][   T10] usb 4-1: Product: syz
[   97.945336][   T10] usb 4-1: Manufacturer: syz
[   97.945351][   T10] usb 4-1: SerialNumber: syz
[   98.119283][   T10] usb 4-1: config 0 descriptor??
[   98.149298][    T9] dragonrise 0003:0079:0011.0001: unknown main item tag 0x0
[   98.149354][    T9] dragonrise 0003:0079:0011.0001: unknown main item tag 0x0
[   98.149383][    T9] dragonrise 0003:0079:0011.0001: unknown main item tag 0x0
[   98.149409][    T9] dragonrise 0003:0079:0011.0001: unknown main item tag 0x0
[   98.149434][    T9] dragonrise 0003:0079:0011.0001: unknown main item tag 0x0
[   98.149461][    T9] dragonrise 0003:0079:0011.0001: unknown main item tag 0x0
[   98.149487][    T9] dragonrise 0003:0079:0011.0001: unknown main item tag 0x0
[   98.149514][    T9] dragonrise 0003:0079:0011.0001: unknown main item tag 0x0
[   98.149541][    T9] dragonrise 0003:0079:0011.0001: unknown main item tag 0x0
[   98.149566][    T9] dragonrise 0003:0079:0011.0001: unknown main item tag 0x0
[   98.354491][    T9] dragonrise 0003:0079:0011.0001: hidraw0: USB HID v0.81 Device [HID 0079:0011] on usb-dummy_hcd.0-1/input0
[   98.430249][   T10] peak_usb 4-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[   98.430271][   T10] peak_usb 4-1:0.0: unable to read PCAN-Chip USB firmware info (err -71)
[   98.489518][ T5925] Zero length message leads to an empty skb
[   98.613353][ T5783] usb 1-1: USB disconnect, device number 2
[   98.708353][   T10] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -71
[   98.816707][   T10] usb 4-1: USB disconnect, device number 2
[   99.447965][ T5937] syz.4.11 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   99.449418][ T5937] ubi31: attaching mtd0
[   99.510850][ T5945] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11'.
[   99.643974][ T5937] ubi31: scanning is finished
[   99.643998][ T5937] ubi31: empty MTD device detected
[  100.691148][ T5898] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  100.869785][ T5898] usb 2-1: Using ep0 maxpacket: 8
[  100.877115][ T5898] usb 2-1: unable to get BOS descriptor or descriptor too short
[  100.901364][ T5898] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 224, changing to 7
[  100.901419][ T5898] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 184, changing to 7
[  100.911380][ T5898] usb 2-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  100.911413][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.911431][ T5898] usb 2-1: Product: syz
[  100.911445][ T5898] usb 2-1: Manufacturer: syz
[  100.911457][ T5898] usb 2-1: SerialNumber: syz
[  101.167685][ T5959] loop2: detected capacity change from 0 to 7
[  101.227107][ T5788] Dev loop2: unable to read RDB block 7
[  101.227147][ T5788]  loop2: AHDI p1 p2 p3
[  101.227183][ T5788] loop2: partition table partially beyond EOD, truncated
[  101.228520][ T5788] loop2: p1 start 1818582900 is beyond EOD, truncated
[  101.228545][ T5788] loop2: p3 start 335544320 is beyond EOD, truncated
[  101.296140][ T5898] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  101.311825][ T5898] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  101.317778][ T5959] Dev loop2: unable to read RDB block 7
[  101.317810][ T5959]  loop2: AHDI p1 p2 p3
[  101.317840][ T5959] loop2: partition table partially beyond EOD, truncated
[  101.318083][ T5959] loop2: p1 start 1818582900 is beyond EOD, truncated
[  101.318101][ T5959] loop2: p3 start 335544320 is beyond EOD, truncated
[  101.380682][ T5937] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  101.655559][ T5968] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  101.847394][ T5898] usb 2-1: USB disconnect, device number 2
[  102.476747][ T5973] netlink: 16 bytes leftover after parsing attributes in process `syz.1.21'.
[  102.476779][ T5973] netlink: 40 bytes leftover after parsing attributes in process `syz.1.21'.
[  102.555431][ T3122] hid-generic 0002:FFFFFFF9:08E1.0002: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz1
[  102.624214][ T5812] udevd[5812]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  102.865905][ T5973] bond1: option arp_all_targets: invalid value (16187392)
[  102.964297][ T5973] bond1 (unregistering): Released all slaves
[  103.101551][ T5982] fido_id[5982]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  103.266909][ T5987] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17'.
[  104.582350][ T6004] bridge_slave_0: left allmulticast mode
[  104.582392][ T6004] bridge_slave_0: left promiscuous mode
[  104.584041][ T6004] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.672137][ T6004] bridge_slave_1: left allmulticast mode
[  104.672170][ T6004] bridge_slave_1: left promiscuous mode
[  104.672489][ T6004] bridge0: port 2(bridge_slave_1) entered disabled state
[  104.834371][ T6012] FAULT_INJECTION: forcing a failure.
[  104.834371][ T6012] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  104.834408][ T6012] CPU: 0 UID: 0 PID: 6012 Comm: syz.0.32 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  104.834433][ T6012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  104.834445][ T6012] Call Trace:
[  104.834453][ T6012]  <TASK>
[  104.834463][ T6012]  dump_stack_lvl+0xe8/0x150
[  104.834501][ T6012]  should_fail_ex+0x46b/0x600
[  104.834537][ T6012]  _copy_from_user+0x2d/0xb0
[  104.834560][ T6012]  do_ipv6_getsockopt+0x2d9/0x2620
[  104.834602][ T6012]  ? __pfx_do_ipv6_getsockopt+0x10/0x10
[  104.834638][ T6012]  ? kstrtoull+0x12f/0x1d0
[  104.834667][ T6012]  ? kstrtouint+0x6e/0xe0
[  104.834696][ T6012]  ? get_pid_task+0x20/0x1f0
[  104.834725][ T6012]  ? __lock_acquire+0x6b5/0x2cf0
[  104.834761][ T6012]  ? __lock_acquire+0x6b5/0x2cf0
[  104.834793][ T6012]  ipv6_getsockopt+0xbd/0x2b0
[  104.834820][ T6012]  ? __pfx_ipv6_getsockopt+0x10/0x10
[  104.834839][ T6012]  ? sock_common_getsockopt+0x2d/0xb0
[  104.834856][ T6012]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  104.834874][ T6012]  do_sock_getsockopt+0x2d3/0x3f0
[  104.834890][ T6012]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  104.834904][ T6012]  ? __fget_files+0x3a6/0x420
[  104.834919][ T6012]  ? __fget_files+0x2a/0x420
[  104.834938][ T6012]  __x64_sys_getsockopt+0x1aa/0x250
[  104.834958][ T6012]  do_syscall_64+0x14d/0xf80
[  104.834972][ T6012]  ? trace_irq_disable+0x3b/0x150
[  104.834986][ T6012]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.834998][ T6012]  ? clear_bhb_loop+0x40/0x90
[  104.835012][ T6012]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.835024][ T6012] RIP: 0033:0x7ffabb04c819
[  104.835037][ T6012] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  104.835050][ T6012] RSP: 002b:00007ffab929e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  104.835064][ T6012] RAX: ffffffffffffffda RBX: 00007ffabb2c5fa0 RCX: 00007ffabb04c819
[  104.835073][ T6012] RDX: 0000000000000011 RSI: 0000000000000029 RDI: 0000000000000003
[  104.835080][ T6012] RBP: 00007ffab929e090 R08: 00002000000006c0 R09: 0000000000000000
[  104.835087][ T6012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  104.835094][ T6012] R13: 00007ffabb2c6038 R14: 00007ffabb2c5fa0 R15: 00007ffefa689638
[  104.835113][ T6012]  </TASK>
[  104.838263][ T6004] bond0: (slave bond_slave_0): Releasing backup interface
[  105.701970][ T6004] bond0: (slave bond_slave_1): Releasing backup interface
[  105.870222][ T6004] team0: Port device team_slave_0 removed
[  105.965522][ T6004] team0: Port device team_slave_1 removed
[  105.966624][ T6004] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  105.966650][ T6004] batman_adv: batadv0: Removing interface: batadv_slave_0
[  106.033954][ T6004] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  106.033987][ T6004] batman_adv: batadv0: Removing interface: batadv_slave_1
[  106.072948][ T6004] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  106.648489][   T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  106.837415][   T10] usb 3-1: Using ep0 maxpacket: 32
[  106.856978][   T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  106.857041][   T10] usb 3-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  106.857070][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  106.857117][   T10] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  106.857142][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.944196][   T10] usb 3-1: config 0 descriptor??
[  107.818548][   T10] corsair-cpro 0003:1B1C:0C10.0003: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.2-1/input0
[  107.933011][   T10] corsair-cpro 0003:1B1C:0C10.0003: probe with driver corsair-cpro failed with error -38
[  107.961242][   T10] usb 3-1: USB disconnect, device number 2
[  108.518246][ T6042] fido_id[6042]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  109.357512][ T5806] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  109.453379][ T6060] netlink: 20 bytes leftover after parsing attributes in process `syz.0.48'.
[  109.518361][ T5806] usb 3-1: Using ep0 maxpacket: 16
[  109.520922][ T5806] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  109.520989][ T5806] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  109.521018][ T5806] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  109.521041][ T5806] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  109.521065][ T5806] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  109.522626][ T5806] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  109.522652][ T5806] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  109.522673][ T5806] usb 3-1: Manufacturer: syz
[  109.638799][ T5806] usb 3-1: config 0 descriptor??
[  110.025754][ T6062] team0 (unregistering): Port device team_slave_0 removed
[  110.067400][ T5806] rc_core: IR keymap rc-hauppauge not found
[  110.067425][ T5806] Registered IR keymap rc-empty
[  110.067954][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  110.097534][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  110.120858][ T5806] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  110.124842][ T5806] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input5
[  110.159682][ T6062] team0 (unregistering): Port device team_slave_1 removed
[  110.208019][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  110.237896][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  110.257617][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  110.280212][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  110.297757][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  110.317850][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  110.349183][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  110.367522][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  110.387549][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  110.417485][ T5806] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  110.449575][ T5806] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  110.449604][ T5806] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  110.488738][ T5806] usb 3-1: USB disconnect, device number 3
[  110.735987][ T6070] tmpfs: Bad value for 'mpol'
[  113.469401][ T6095] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  113.527880][ T6085] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  113.528011][ T6085] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  113.706288][ T6085] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  113.782139][ T6085] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  113.782196][ T6085] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  113.888338][ T6085] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  113.948724][ T6085] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  113.948779][ T6085] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  114.009486][ T6085] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  114.049690][ T6085] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  114.049757][ T6085] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  114.088351][ T6085] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  114.128464][ T6085] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  114.128519][ T6085] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  114.171161][ T6085] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  114.485028][ T5898] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  114.645336][ T5898] usb 2-1: Using ep0 maxpacket: 16
[  114.655558][ T5898] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  114.655619][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  114.655649][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  114.655671][ T5898] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  114.655695][ T5898] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  114.708240][ T5898] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  114.708270][ T5898] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  114.708289][ T5898] usb 2-1: Manufacturer: syz
[  114.761278][ T6114] netlink: 20 bytes leftover after parsing attributes in process `syz.3.65'.
[  114.774082][ T5898] usb 2-1: config 0 descriptor??
[  115.047611][ T5803] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  115.137479][ T5898] rc_core: IR keymap rc-hauppauge not found
[  115.137505][ T5898] Registered IR keymap rc-empty
[  115.137682][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  115.157531][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  115.197965][ T5803] usb 4-1: Using ep0 maxpacket: 16
[  115.200328][ T5803] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  115.200399][ T5803] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  115.200429][ T5803] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  115.200452][ T5803] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  115.200475][ T5803] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  115.202020][ T5803] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  115.202048][ T5803] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  115.202068][ T5803] usb 4-1: Manufacturer: syz
[  115.232156][ T5803] usb 4-1: config 0 descriptor??
[  115.437404][ T5800] Bluetooth: hci0: command 0x0c1a tx timeout
[  115.439500][ T5898] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  115.443057][ T5898] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input6
[  115.528803][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  115.660894][ T6125] fuse: Bad value for 'fd'
[  115.967982][    C1] rc rc0: IR event FIFO is full!
[  115.968674][    C1] rc rc0: IR event FIFO is full!
[  115.968713][    C1] rc rc0: IR event FIFO is full!
[  115.969170][    C1] rc rc0: IR event FIFO is full!
[  115.969210][    C1] rc rc0: IR event FIFO is full!
[  115.969256][    C1] rc rc0: IR event FIFO is full!
[  115.970324][    C1] rc rc0: IR event FIFO is full!
[  115.970363][    C1] rc rc0: IR event FIFO is full!
[  115.970402][    C1] rc rc0: IR event FIFO is full!
[  115.970440][    C1] rc rc0: IR event FIFO is full!
[  115.970594][    C1] rc rc0: IR event FIFO is full!
[  115.970633][    C1] rc rc0: IR event FIFO is full!
[  115.970672][    C1] rc rc0: IR event FIFO is full!
[  115.971749][    C1] rc rc0: IR event FIFO is full!
[  115.971787][    C1] rc rc0: IR event FIFO is full!
[  115.971847][    C1] rc rc0: IR event FIFO is full!
[  115.971897][    C1] rc rc0: IR event FIFO is full!
[  115.971937][    C1] rc rc0: IR event FIFO is full!
[  115.971976][    C1] rc rc0: IR event FIFO is full!
[  115.972014][    C1] rc rc0: IR event FIFO is full!
[  115.972053][    C1] rc rc0: IR event FIFO is full!
[  115.972093][    C1] rc rc0: IR event FIFO is full!
[  115.972132][    C1] rc rc0: IR event FIFO is full!
[  115.973052][    C1] rc rc0: IR event FIFO is full!
[  115.973065][    C1] rc rc0: IR event FIFO is full!
[  115.973076][    C1] rc rc0: IR event FIFO is full!
[  115.973095][    C1] rc rc0: IR event FIFO is full!
[  115.973304][ T5800] Bluetooth: hci2: command 0x0c1a tx timeout
[  115.975469][    C1] rc rc0: IR event FIFO is full!
[  115.975515][    C1] rc rc0: IR event FIFO is full!
[  115.975556][    C1] rc rc0: IR event FIFO is full!
[  115.976265][    C1] rc rc0: IR event FIFO is full!
[  115.976304][    C1] rc rc0: IR event FIFO is full!
[  115.976342][    C1] rc rc0: IR event FIFO is full!
[  115.976391][    C1] rc rc0: IR event FIFO is full!
[  115.976430][    C1] rc rc0: IR event FIFO is full!
[  115.976469][    C1] rc rc0: IR event FIFO is full!
[  115.976508][    C1] rc rc0: IR event FIFO is full!
[  115.977064][    C1] rc rc0: IR event FIFO is full!
[  115.977105][    C1] rc rc0: IR event FIFO is full!
[  115.977144][    C1] rc rc0: IR event FIFO is full!
[  115.977272][    C1] rc rc0: IR event FIFO is full!
[  115.977354][    C1] rc rc0: IR event FIFO is full!
[  115.977394][    C1] rc rc0: IR event FIFO is full!
[  115.978125][    C1] rc rc0: IR event FIFO is full!
[  115.978165][    C1] rc rc0: IR event FIFO is full!
[  115.978205][    C1] rc rc0: IR event FIFO is full!
[  115.978367][    C1] rc rc0: IR event FIFO is full!
[  115.978406][    C1] rc rc0: IR event FIFO is full!
[  115.978445][    C1] rc rc0: IR event FIFO is full!
[  115.979814][    C1] rc rc0: IR event FIFO is full!
[  115.979853][    C1] rc rc0: IR event FIFO is full!
[  115.979901][    C1] rc rc0: IR event FIFO is full!
[  115.979940][    C1] rc rc0: IR event FIFO is full!
[  115.979996][    C1] rc rc0: IR event FIFO is full!
[  115.980035][    C1] rc rc0: IR event FIFO is full!
[  115.980073][    C1] rc rc0: IR event FIFO is full!
[  115.980699][    C1] rc rc0: IR event FIFO is full!
[  115.980738][    C1] rc rc0: IR event FIFO is full!
[  115.981851][    C1] rc rc0: IR event FIFO is full!
[  115.981902][    C1] rc rc0: IR event FIFO is full!
[  115.981943][    C1] rc rc0: IR event FIFO is full!
[  115.982012][    C1] rc rc0: IR event FIFO is full!
[  115.982688][    C1] rc rc0: IR event FIFO is full!
[  115.982727][    C1] rc rc0: IR event FIFO is full!
[  115.982766][    C1] rc rc0: IR event FIFO is full!
[  115.982805][    C1] rc rc0: IR event FIFO is full!
[  115.982844][    C1] rc rc0: IR event FIFO is full!
[  115.982891][    C1] rc rc0: IR event FIFO is full!
[  115.982940][    C1] rc rc0: IR event FIFO is full!
[  115.986490][    C1] rc rc0: IR event FIFO is full!
[  115.986533][    C1] rc rc0: IR event FIFO is full!
[  115.986572][    C1] rc rc0: IR event FIFO is full!
[  115.986610][    C1] rc rc0: IR event FIFO is full!
[  115.986650][    C1] rc rc0: IR event FIFO is full!
[  115.986689][    C1] rc rc0: IR event FIFO is full!
[  115.986728][    C1] rc rc0: IR event FIFO is full!
[  115.991756][    C1] rc rc0: IR event FIFO is full!
[  115.991799][    C1] rc rc0: IR event FIFO is full!
[  115.991860][    C1] rc rc0: IR event FIFO is full!
[  115.991900][    C1] rc rc0: IR event FIFO is full!
[  115.993452][    C1] rc rc0: IR event FIFO is full!
[  115.993493][    C1] rc rc0: IR event FIFO is full!
[  115.994015][    C1] rc rc0: IR event FIFO is full!
[  115.994065][    C1] rc rc0: IR event FIFO is full!
[  115.994104][    C1] rc rc0: IR event FIFO is full!
[  115.994142][    C1] rc rc0: IR event FIFO is full!
[  115.994210][    C1] rc rc0: IR event FIFO is full!
[  115.994247][    C1] rc rc0: IR event FIFO is full!
[  115.994285][    C1] rc rc0: IR event FIFO is full!
[  115.994331][    C1] rc rc0: IR event FIFO is full!
[  115.994379][    C1] rc rc0: IR event FIFO is full!
[  115.994536][    C1] rc rc0: IR event FIFO is full!
[  115.994573][    C1] rc rc0: IR event FIFO is full!
[  115.995096][    C1] rc rc0: IR event FIFO is full!
[  115.995136][    C1] rc rc0: IR event FIFO is full!
[  115.995174][    C1] rc rc0: IR event FIFO is full!
[  115.995212][    C1] rc rc0: IR event FIFO is full!
[  115.995248][    C1] rc rc0: IR event FIFO is full!
[  115.995286][    C1] rc rc0: IR event FIFO is full!
[  115.995322][    C1] rc rc0: IR event FIFO is full!
[  115.996180][    C1] rc rc0: IR event FIFO is full!
[  115.996221][    C1] rc rc0: IR event FIFO is full!
[  115.996260][    C1] rc rc0: IR event FIFO is full!
[  115.996300][    C1] rc rc0: IR event FIFO is full!
[  115.996339][    C1] rc rc0: IR event FIFO is full!
[  115.996378][    C1] rc rc0: IR event FIFO is full!
[  115.997065][    C1] rc rc0: IR event FIFO is full!
[  115.997105][    C1] rc rc0: IR event FIFO is full!
[  115.997144][    C1] rc rc0: IR event FIFO is full!
[  115.998611][    C1] rc rc0: IR event FIFO is full!
[  115.998651][    C1] rc rc0: IR event FIFO is full!
[  115.998689][    C1] rc rc0: IR event FIFO is full!
[  115.999705][    C1] rc rc0: IR event FIFO is full!
[  116.000288][    C1] rc rc0: IR event FIFO is full!
[  116.000326][    C1] rc rc0: IR event FIFO is full!
[  116.000366][    C1] rc rc0: IR event FIFO is full!
[  116.000405][    C1] rc rc0: IR event FIFO is full!
[  116.000443][    C1] rc rc0: IR event FIFO is full!
[  116.000492][    C1] rc rc0: IR event FIFO is full!
[  116.000531][    C1] rc rc0: IR event FIFO is full!
[  116.001189][    C1] rc rc0: IR event FIFO is full!
[  116.001230][    C1] rc rc0: IR event FIFO is full!
[  116.001306][    C1] rc rc0: IR event FIFO is full!
[  116.001369][    C1] rc rc0: IR event FIFO is full!
[  116.001413][    C1] rc rc0: IR event FIFO is full!
[  116.001453][    C1] rc rc0: IR event FIFO is full!
[  116.002427][    C1] rc rc0: IR event FIFO is full!
[  116.002468][    C1] rc rc0: IR event FIFO is full!
[  116.002507][    C1] rc rc0: IR event FIFO is full!
[  116.002547][    C1] rc rc0: IR event FIFO is full!
[  116.002587][    C1] rc rc0: IR event FIFO is full!
[  116.002625][    C1] rc rc0: IR event FIFO is full!
[  116.004084][    C1] rc rc0: IR event FIFO is full!
[  116.004125][    C1] rc rc0: IR event FIFO is full!
[  116.004327][    C1] rc rc0: IR event FIFO is full!
[  116.004850][    C1] rc rc0: IR event FIFO is full!
[  116.004889][    C1] rc rc0: IR event FIFO is full!
[  116.004927][    C1] rc rc0: IR event FIFO is full!
[  116.004941][    C1] rc rc0: IR event FIFO is full!
[  116.004979][    C1] rc rc0: IR event FIFO is full!
[  116.005029][    C1] rc rc0: IR event FIFO is full!
[  116.005069][    C1] rc rc0: IR event FIFO is full!
[  116.005109][    C1] rc rc0: IR event FIFO is full!
[  116.005147][    C1] rc rc0: IR event FIFO is full!
[  116.005883][    C1] rc rc0: IR event FIFO is full!
[  116.005924][    C1] rc rc0: IR event FIFO is full!
[  116.005962][    C1] rc rc0: IR event FIFO is full!
[  116.006004][    C1] rc rc0: IR event FIFO is full!
[  116.006043][    C1] rc rc0: IR event FIFO is full!
[  116.006083][    C1] rc rc0: IR event FIFO is full!
[  116.006123][    C1] rc rc0: IR event FIFO is full!
[  116.006785][    C1] rc rc0: IR event FIFO is full!
[  116.006827][    C1] rc rc0: IR event FIFO is full!
[  116.006866][    C1] rc rc0: IR event FIFO is full!
[  116.006905][    C1] rc rc0: IR event FIFO is full!
[  116.009799][    C1] rc rc0: IR event FIFO is full!
[  116.009843][    C1] rc rc0: IR event FIFO is full!
[  116.009883][    C1] rc rc0: IR event FIFO is full!
[  116.009922][    C1] rc rc0: IR event FIFO is full!
[  116.009962][    C1] rc rc0: IR event FIFO is full!
[  116.010002][    C1] rc rc0: IR event FIFO is full!
[  116.010042][    C1] rc rc0: IR event FIFO is full!
[  116.010734][    C1] rc rc0: IR event FIFO is full!
[  116.010784][    C1] rc rc0: IR event FIFO is full!
[  116.010822][    C1] rc rc0: IR event FIFO is full!
[  116.010861][    C1] rc rc0: IR event FIFO is full!
[  116.011348][    C1] rc rc0: IR event FIFO is full!
[  116.011386][    C1] rc rc0: IR event FIFO is full!
[  116.011430][    C1] rc rc0: IR event FIFO is full!
[  116.011572][    C1] rc rc0: IR event FIFO is full!
[  116.012847][    C1] rc rc0: IR event FIFO is full!
[  116.012886][    C1] rc rc0: IR event FIFO is full!
[  116.012943][    C1] rc rc0: IR event FIFO is full!
[  116.013436][    C1] rc rc0: IR event FIFO is full!
[  116.013475][    C1] rc rc0: IR event FIFO is full!
[  116.013513][    C1] rc rc0: IR event FIFO is full!
[  116.013562][    C1] rc rc0: IR event FIFO is full!
[  116.013716][    C1] rc rc0: IR event FIFO is full!
[  116.013765][    C1] rc rc0: IR event FIFO is full!
[  116.013804][    C1] rc rc0: IR event FIFO is full!
[  116.014296][    C1] rc rc0: IR event FIFO is full!
[  116.014335][    C1] rc rc0: IR event FIFO is full!
[  116.014374][    C1] rc rc0: IR event FIFO is full!
[  116.014412][    C1] rc rc0: IR event FIFO is full!
[  116.014449][    C1] rc rc0: IR event FIFO is full!
[  116.015141][    C1] rc rc0: IR event FIFO is full!
[  116.015644][    C1] rc rc0: IR event FIFO is full!
[  116.015682][    C1] rc rc0: IR event FIFO is full!
[  116.015720][    C1] rc rc0: IR event FIFO is full!
[  116.016337][    C1] rc rc0: IR event FIFO is full!
[  116.016376][    C1] rc rc0: IR event FIFO is full!
[  116.016415][    C1] rc rc0: IR event FIFO is full!
[  116.016454][    C1] rc rc0: IR event FIFO is full!
[  116.016493][    C1] rc rc0: IR event FIFO is full!
[  116.016533][    C1] rc rc0: IR event FIFO is full!
[  116.016572][    C1] rc rc0: IR event FIFO is full!
[  116.017155][    C1] rc rc0: IR event FIFO is full!
[  116.017202][    C1] rc rc0: IR event FIFO is full!
[  116.017241][    C1] rc rc0: IR event FIFO is full!
[  116.017279][    C1] rc rc0: IR event FIFO is full!
[  116.017355][    C1] rc rc0: IR event FIFO is full!
[  116.017816][    C1] rc rc0: IR event FIFO is full!
[  116.017855][    C1] rc rc0: IR event FIFO is full!
[  116.017894][    C1] rc rc0: IR event FIFO is full!
[  116.017936][    C1] rc rc0: IR event FIFO is full!
[  116.018099][    C1] rc rc0: IR event FIFO is full!
[  116.018627][    C1] rc rc0: IR event FIFO is full!
[  116.018666][    C1] rc rc0: IR event FIFO is full!
[  116.019258][    C1] rc rc0: IR event FIFO is full!
[  116.019298][    C1] rc rc0: IR event FIFO is full!
[  116.019336][    C1] rc rc0: IR event FIFO is full!
[  116.019385][    C1] rc rc0: IR event FIFO is full!
[  116.019424][    C1] rc rc0: IR event FIFO is full!
[  116.019463][    C1] rc rc0: IR event FIFO is full!
[  116.019503][    C1] rc rc0: IR event FIFO is full!
[  116.019543][    C1] rc rc0: IR event FIFO is full!
[  116.020270][    C1] rc rc0: IR event FIFO is full!
[  116.020310][    C1] rc rc0: IR event FIFO is full!
[  116.020349][    C1] rc rc0: IR event FIFO is full!
[  116.020389][    C1] rc rc0: IR event FIFO is full!
[  116.020428][    C1] rc rc0: IR event FIFO is full!
[  116.020467][    C1] rc rc0: IR event FIFO is full!
[  116.020506][    C1] rc rc0: IR event FIFO is full!
[  116.021118][    C1] rc rc0: IR event FIFO is full!
[  116.021156][    C1] rc rc0: IR event FIFO is full!
[  116.021202][    C1] rc rc0: IR event FIFO is full!
[  116.479116][ T5808] Bluetooth: hci3: command 0x0c1a tx timeout
[  116.497062][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  116.581317][ T5808] Bluetooth: hci1: command 0x0c1a tx timeout
[  116.581429][ T5808] Bluetooth: hci4: command 0x0c1a tx timeout
[  116.595027][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  116.607858][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  116.627616][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  116.656703][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  116.668908][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  116.692126][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  116.711353][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  116.728263][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  116.754301][ T5898] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  116.754325][ T5898] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  116.800968][ T5898] usb 2-1: USB disconnect, device number 3
[  116.897411][ T5803] rc_core: IR keymap rc-hauppauge not found
[  116.897432][ T5803] Registered IR keymap rc-empty
[  116.897599][ T5803] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  116.917488][ T5803] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  116.939433][ T5803] rc rc1: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc1
[  116.943677][ T5803] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc1/input7
[  117.399833][   T37] audit: type=1326 audit(1775892995.240:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffabb04c819 code=0x7ffc0000
[  117.401671][   T37] audit: type=1326 audit(1775892995.250:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffabb04c819 code=0x7ffc0000
[  117.409583][   T37] audit: type=1326 audit(1775892995.260:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffabb04c819 code=0x7ffc0000
[  117.411045][   T37] audit: type=1326 audit(1775892995.260:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffabb04c819 code=0x7ffc0000
[  117.411090][   T37] audit: type=1326 audit(1775892995.260:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffabb04c819 code=0x7ffc0000
[  117.414025][   T37] audit: type=1326 audit(1775892995.260:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffabb04c819 code=0x7ffc0000
[  117.421241][   T37] audit: type=1326 audit(1775892995.260:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffabb04c819 code=0x7ffc0000
[  117.421286][   T37] audit: type=1326 audit(1775892995.270:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffabb04c819 code=0x7ffc0000
[  117.422038][   T37] audit: type=1326 audit(1775892995.260:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ffabb04c819 code=0x7ffc0000
[  117.469789][   T37] audit: type=1326 audit(1775892995.310:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6132 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffabb04c819 code=0x7ffc0000
[  117.517798][ T5800] Bluetooth: hci0: command 0x0c1a tx timeout
[  117.994199][ T6141] netlink: 8 bytes leftover after parsing attributes in process `syz.1.72'.
[  118.399233][ T5803] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  118.417494][ T5803] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  118.442358][ T5803] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  118.457504][ T5803] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  118.487527][ T5803] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  118.507534][ T5803] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  118.527496][ T5803] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  118.547500][ T5803] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  118.558358][ T5800] Bluetooth: hci3: command 0x0c1a tx timeout
[  118.558393][ T5800] Bluetooth: hci2: command 0x0c1a tx timeout
[  118.576806][ T5803] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  118.587488][ T5803] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  118.612797][ T5803] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  118.612813][ T5803] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  118.637912][ T5808] Bluetooth: hci4: command 0x0c1a tx timeout
[  118.637943][ T5800] Bluetooth: hci1: command 0x0c1a tx timeout
[  118.686608][ T5803] usb 4-1: USB disconnect, device number 3
[  119.635143][ T6158] netlink: 8 bytes leftover after parsing attributes in process `syz.1.77'.
[  120.711180][ T5800] Bluetooth: hci2: command 0x0c1a tx timeout
[  120.711237][ T5800] Bluetooth: hci3: command 0x0c1a tx timeout
[  120.751524][ T5808] Bluetooth: hci1: command 0x0c1a tx timeout
[  120.751571][ T5808] Bluetooth: hci4: command 0x0c1a tx timeout
[  120.906757][ T6175] netlink: 20 bytes leftover after parsing attributes in process `syz.4.83'.
[  121.517723][ T5800] Bluetooth: hci0: command 0x0c1a tx timeout
[  121.524649][ T6153] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  121.540076][ T6153] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  121.541954][ T6153] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  121.542224][ T6153] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  121.543649][ T6153] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  121.789804][ T5879] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  121.937536][ T5879] usb 5-1: Using ep0 maxpacket: 16
[  121.939197][ T5879] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  121.939230][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  121.939246][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  121.939265][ T5879] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  121.939278][ T5879] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  121.940190][ T5879] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  121.940206][ T5879] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  121.940217][ T5879] usb 5-1: Manufacturer: syz
[  121.951679][ T5879] usb 5-1: config 0 descriptor??
[  122.133426][ T6183] netlink: 64 bytes leftover after parsing attributes in process `syz.2.85'.
[  122.133450][ T6183] openvswitch: netlink: Flow key attr not present in new flow.
[  122.330114][ T5879] rc_core: IR keymap rc-hauppauge not found
[  122.330139][ T5879] Registered IR keymap rc-empty
[  122.330285][ T5879] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  122.347501][ T5879] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  122.390050][ T5879] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  122.418076][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.1.86'.
[  122.418094][ T6189] netlink: 8 bytes leftover after parsing attributes in process `syz.1.86'.
[  123.597544][ T5808] Bluetooth: hci4: command 0x0c1a tx timeout
[  123.597590][ T5808] Bluetooth: hci1: command 0x0c1a tx timeout
[  123.597619][ T5808] Bluetooth: hci3: command 0x0c1a tx timeout
[  123.597649][ T5808] Bluetooth: hci2: command 0x0c1a tx timeout
[  123.821781][ T5879] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input8
[  123.853389][ T5879] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.869234][ T5879] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.895683][ T5879] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.928966][ T5879] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.949122][ T5879] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.973868][ T5879] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  123.987646][ T5879] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  124.013537][ T5879] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  124.027629][ T5879] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  124.050855][ T5879] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  124.178860][ T5879] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  124.178890][ T5879] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  124.383354][ T5803] usb 5-1: USB disconnect, device number 2
[  126.217484][ T5879] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[  126.414139][ T6233] netlink: 'syz.4.99': attribute type 2 has an invalid length.
[  126.792093][ T5879] usb 3-1: config 0 has an invalid interface number: 188 but max is 0
[  126.792156][ T5879] usb 3-1: config 0 has no interface number 0
[  126.848240][ T5879] usb 3-1: config 0 interface 188 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  126.850783][ T5879] usb 3-1: config 0 interface 188 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  127.210023][ T5879] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  127.210059][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.210080][ T5879] usb 3-1: Product: syz
[  127.210095][ T5879] usb 3-1: Manufacturer: syz
[  127.210110][ T5879] usb 3-1: SerialNumber: syz
[  127.271671][ T6234] netlink: 20 bytes leftover after parsing attributes in process `syz.3.100'.
[  127.272111][ T5879] usb 3-1: config 0 descriptor??
[  127.274642][ T6226] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  127.331404][ T5879] asix 3-1:0.188: probe with driver asix failed with error -22
[  127.635729][ T6240] FAULT_INJECTION: forcing a failure.
[  127.635729][ T6240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  127.635798][ T6240] CPU: 0 UID: 0 PID: 6240 Comm: syz.4.101 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  127.635822][ T6240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  127.635835][ T6240] Call Trace:
[  127.635844][ T6240]  <TASK>
[  127.635853][ T6240]  dump_stack_lvl+0xe8/0x150
[  127.635904][ T6240]  should_fail_ex+0x46b/0x600
[  127.635942][ T6240]  _copy_from_user+0x2d/0xb0
[  127.635965][ T6240]  bm_register_write+0x101/0x1770
[  127.635994][ T6240]  ? __pfx_bm_register_write+0x10/0x10
[  127.636018][ T6240]  vfs_write+0x2a3/0xba0
[  127.636062][ T6240]  ? __pfx_vfs_write+0x10/0x10
[  127.636098][ T6240]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  127.636124][ T6240]  ? lockdep_hardirqs_on+0x7a/0x110
[  127.636147][ T6240]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  127.636172][ T6240]  ? mutex_lock_nested+0x152/0x1d0
[  127.636197][ T6240]  ? fdget_pos+0x252/0x320
[  127.636226][ T6240]  ksys_write+0x156/0x270
[  127.636253][ T6240]  ? __pfx_ksys_write+0x10/0x10
[  127.636288][ T6240]  do_syscall_64+0x14d/0xf80
[  127.636306][ T6240]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.636322][ T6240]  ? clear_bhb_loop+0x40/0x90
[  127.636343][ T6240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.636358][ T6240] RIP: 0033:0x7fbfa6dfc819
[  127.636375][ T6240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  127.636388][ T6240] RSP: 002b:00007fbfa500c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  127.636407][ T6240] RAX: ffffffffffffffda RBX: 00007fbfa7076180 RCX: 00007fbfa6dfc819
[  127.636419][ T6240] RDX: 0000000000000237 RSI: 00002000000004c0 RDI: 0000000000000006
[  127.636429][ T6240] RBP: 00007fbfa500c090 R08: 0000000000000000 R09: 0000000000000000
[  127.636439][ T6240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  127.636448][ T6240] R13: 00007fbfa7076218 R14: 00007fbfa7076180 R15: 00007ffcbc9262f8
[  127.636475][ T6240]  </TASK>
[  127.642747][ T6240] netlink: 'syz.4.101': attribute type 2 has an invalid length.
[  128.537745][ T6241] netlink: 16 bytes leftover after parsing attributes in process `syz.2.98'.
[  128.539376][ T5800] Bluetooth: hci4: unexpected event for opcode 0x0406
[  128.667735][ T5920] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  128.851105][ T5920] usb 4-1: Using ep0 maxpacket: 16
[  128.853455][ T5920] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  128.853513][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  128.853542][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  128.853566][ T5920] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  128.853589][ T5920] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  128.912509][ T5920] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  128.912538][ T5920] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  128.912556][ T5920] usb 4-1: Manufacturer: syz
[  128.924197][ T5920] usb 4-1: config 0 descriptor??
[  129.319816][ T5920] rc_core: IR keymap rc-hauppauge not found
[  129.319841][ T5920] Registered IR keymap rc-empty
[  129.320016][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  129.348636][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  129.369462][ T5920] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  129.380145][ T5920] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input9
[  129.394437][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  129.407612][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  129.427796][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  129.447483][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  129.467653][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  129.487587][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  129.507488][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  129.537633][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  129.557608][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  129.574214][ T5803] usb 3-1: USB disconnect, device number 4
[  129.578219][ T5920] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  129.693047][ T5920] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  129.693074][ T5920] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  129.745223][ T5920] usb 4-1: USB disconnect, device number 4
[  129.944153][ T6255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.105'.
[  129.944185][ T6255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.105'.
[  129.959728][ T6256] syz.4.104 (6256): /proc/6251/oom_adj is deprecated, please use /proc/6251/oom_score_adj instead.
[  130.055739][ T6254] overlayfs: conflicting lowerdir path
[  130.073393][ T6256] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  131.577165][ T5920] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  132.377547][ T5920] usb 4-1: Using ep0 maxpacket: 16
[  132.379322][ T5920] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  132.379350][ T5920] usb 4-1: config 0 has no interface number 0
[  132.381600][ T5920] usb 4-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  132.381618][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.381630][ T5920] usb 4-1: Product: syz
[  132.381638][ T5920] usb 4-1: Manufacturer: syz
[  132.381647][ T5920] usb 4-1: SerialNumber: syz
[  132.399452][ T5920] usb 4-1: config 0 descriptor??
[  132.415377][ T5920] hub 4-1:0.132: bad descriptor, ignoring hub
[  132.415415][ T5920] hub 4-1:0.132: probe with driver hub failed with error -5
[  132.475524][ T5920] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.132/input/input10
[  132.594653][ T6275] autofs: Bad value for 'fd'
[  132.976714][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  132.978511][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  134.539173][   T31] usb 4-1: USB disconnect, device number 5
[  134.635302][ T6298] FAULT_INJECTION: forcing a failure.
[  134.635302][ T6298] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  134.635363][ T6298] CPU: 0 UID: 0 PID: 6298 Comm: syz.2.118 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  134.635388][ T6298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  134.635401][ T6298] Call Trace:
[  134.635409][ T6298]  <TASK>
[  134.635418][ T6298]  dump_stack_lvl+0xe8/0x150
[  134.635455][ T6298]  should_fail_ex+0x46b/0x600
[  134.635492][ T6298]  _copy_from_user+0x2d/0xb0
[  134.635515][ T6298]  dma_buf_ioctl+0x16b/0x8d0
[  134.635550][ T6298]  ? __pfx_dma_buf_ioctl+0x10/0x10
[  134.635589][ T6298]  ? __rcu_read_unlock+0x83/0xe0
[  134.635621][ T6298]  ? __fget_files+0x2a/0x420
[  134.635648][ T6298]  ? __fget_files+0x3a6/0x420
[  134.635675][ T6298]  ? __fget_files+0x2a/0x420
[  134.635706][ T6298]  ? bpf_lsm_file_ioctl+0x9/0x20
[  134.635730][ T6298]  ? __pfx_dma_buf_ioctl+0x10/0x10
[  134.635761][ T6298]  __se_sys_ioctl+0xff/0x170
[  134.635785][ T6298]  do_syscall_64+0x14d/0xf80
[  134.635811][ T6298]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.635832][ T6298]  ? clear_bhb_loop+0x40/0x90
[  134.635859][ T6298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.635880][ T6298] RIP: 0033:0x7f8ed9c0c819
[  134.635901][ T6298] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  134.635918][ T6298] RSP: 002b:00007f8ed7e24028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  134.635950][ T6298] RAX: ffffffffffffffda RBX: 00007f8ed9e86180 RCX: 00007f8ed9c0c819
[  134.635967][ T6298] RDX: 00002000000001c0 RSI: 0000000040086200 RDI: 0000000000000009
[  134.635981][ T6298] RBP: 00007f8ed7e24090 R08: 0000000000000000 R09: 0000000000000000
[  134.635994][ T6298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.636007][ T6298] R13: 00007f8ed9e86218 R14: 00007f8ed9e86180 R15: 00007ffe8aadf6c8
[  134.636040][ T6298]  </TASK>
[  136.107824][   T31] ==================================================================
[  136.107841][   T31] BUG: KASAN: vmalloc-out-of-bounds in __list_add_valid_or_report+0x4e/0x130
[  136.107888][   T31] Read of size 8 at addr ffffc9000e959008 by task kworker/1:0/31
[  136.107906][   T31] 
[  136.107919][   T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  136.107943][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  136.107956][   T31] Workqueue: usb_hub_wq hub_event
[  136.107985][   T31] Call Trace:
[  136.107993][   T31]  <TASK>
[  136.108002][   T31]  dump_stack_lvl+0xe8/0x150
[  136.108034][   T31]  print_report+0xba/0x230
[  136.108062][   T31]  ? __list_add_valid_or_report+0x4e/0x130
[  136.108087][   T31]  kasan_report+0x117/0x150
[  136.108109][   T31]  ? __list_add_valid_or_report+0x4e/0x130
[  136.108137][   T31]  __list_add_valid_or_report+0x4e/0x130
[  136.108165][   T31]  kcov_remote_stop+0x457/0x680
[  136.108194][   T31]  hub_event+0x49d8/0x4f60
[  136.108242][   T31]  ? __pfx_hub_event+0x10/0x10
[  136.108271][   T31]  ? process_scheduled_works+0xa8d/0x18c0
[  136.108301][   T31]  ? process_scheduled_works+0xa8d/0x18c0
[  136.108330][   T31]  process_scheduled_works+0xb6e/0x18c0
[  136.108372][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  136.108405][   T31]  ? assign_work+0x3d5/0x5e0
[  136.108436][   T31]  worker_thread+0xa53/0xfc0
[  136.108477][   T31]  kthread+0x388/0x470
[  136.108499][   T31]  ? __pfx_worker_thread+0x10/0x10
[  136.108528][   T31]  ? __pfx_kthread+0x10/0x10
[  136.108550][   T31]  ret_from_fork+0x51e/0xb90
[  136.108580][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  136.108609][   T31]  ? __switch_to+0xc7d/0x1450
[  136.108636][   T31]  ? __pfx_kthread+0x10/0x10
[  136.108658][   T31]  ret_from_fork_asm+0x1a/0x30
[  136.108685][   T31]  </TASK>
[  136.108693][   T31] 
[  136.108698][   T31] The buggy address belongs to a vmalloc virtual mapping
[  136.108716][   T31] Memory state around the buggy address:
[  136.108728][   T31]  ffffc9000e958f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  136.108742][   T31]  ffffc9000e958f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  136.108756][   T31] >ffffc9000e959000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  136.108766][   T31]                       ^
[  136.108777][   T31]  ffffc9000e959080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  136.108790][   T31]  ffffc9000e959100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  136.108800][   T31] ==================================================================
[  136.108813][   T31] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  136.108828][   T31] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  136.108851][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  136.108873][   T31] Workqueue: usb_hub_wq hub_event
[  136.108898][   T31] Call Trace:
[  136.108906][   T31]  <TASK>
[  136.108914][   T31]  vpanic+0x56c/0xa60
[  136.108947][   T31]  ? __pfx_vpanic+0x10/0x10
[  136.108982][   T31]  panic+0xc5/0xd0
[  136.109013][   T31]  ? __pfx_panic+0x10/0x10
[  136.109044][   T31]  ? __list_add_valid_or_report+0x4e/0x130
[  136.109071][   T31]  ? rcu_is_watching+0x15/0xb0
[  136.109099][   T31]  ? __list_add_valid_or_report+0x4e/0x130
[  136.109123][   T31]  check_panic_on_warn+0x89/0xb0
[  136.109147][   T31]  ? __list_add_valid_or_report+0x4e/0x130
[  136.109172][   T31]  end_report+0x73/0x180
[  136.109193][   T31]  ? __list_add_valid_or_report+0x4e/0x130
[  136.109218][   T31]  kasan_report+0x128/0x150
[  136.109240][   T31]  ? __list_add_valid_or_report+0x4e/0x130
[  136.109271][   T31]  __list_add_valid_or_report+0x4e/0x130
[  136.109298][   T31]  kcov_remote_stop+0x457/0x680
[  136.109327][   T31]  hub_event+0x49d8/0x4f60
[  136.109373][   T31]  ? __pfx_hub_event+0x10/0x10
[  136.109403][   T31]  ? process_scheduled_works+0xa8d/0x18c0
[  136.109432][   T31]  ? process_scheduled_works+0xa8d/0x18c0
[  136.109462][   T31]  process_scheduled_works+0xb6e/0x18c0
[  136.109505][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  136.109537][   T31]  ? assign_work+0x3d5/0x5e0
[  136.109567][   T31]  worker_thread+0xa53/0xfc0
[  136.109609][   T31]  kthread+0x388/0x470
[  136.109631][   T31]  ? __pfx_worker_thread+0x10/0x10
[  136.109659][   T31]  ? __pfx_kthread+0x10/0x10
[  136.109681][   T31]  ret_from_fork+0x51e/0xb90
[  136.109712][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  136.109741][   T31]  ? __switch_to+0xc7d/0x1450
[  136.109767][   T31]  ? __pfx_kthread+0x10/0x10
[  136.109789][   T31]  ret_from_fork_asm+0x1a/0x30
[  136.109817][   T31]  </TASK>
[  136.109978][   T31] Kernel Offset: disabled