last executing test programs:

9m53.535569783s ago: executing program 1 (id=186):
setns(0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x2, 0x2ea, 0x0, r2}, &(0x7f0000000240)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
recvmsg(r6, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000b40)=""/4096, 0x1000}], 0x1}, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, 0x0, 0x0)
r7 = gettid()
process_vm_writev(r7, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
mremap(&(0x7f0000a94000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000259000/0x4000)=nil)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x388, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8000000000006, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0)
epoll_create(0x1)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
lstat(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0))

9m50.095961077s ago: executing program 1 (id=192):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket(0x11, 0xa, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000040)={'ip6gre0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @mcast2={0xff, 0x5}, 0x3ce0, 0x0, 0x0, 0x7}})
setsockopt$ARPT_SO_SET_REPLACE(r0, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0x1002, 0x4, 0x3f0, 0x0, 0x0, 0xe0, 0x2f8, 0x2f8, 0x2f8, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1ec}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@multicast, @rand_addr=0x64010104, @rand_addr=0x64010101, 0x4, 0x1}}}, {{@arp={@initdev={0xac, 0x1e, 0x1, 0x0}, @remote, 0xff000000, 0x80800000, 0x6, 0x0, {@mac=@multicast, {[0x0, 0x0, 0x0, 0x0, 0xff, 0xff]}}, {@mac, {[0x0, 0xff, 0x0, 0xff, 0xff, 0xff]}}, 0x6, 0x81, 0x1, 0x1, 0xd13, 0xe106, 'pimreg1\x00', 'veth1_virt_wifi\x00', {0xff}, {0xff}, 0x0, 0x3}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @empty, @private=0xa010102, @broadcast}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440)

9m49.211136458s ago: executing program 1 (id=196):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$kcm(0x29, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$radio(0x0, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$igmp6(0xa, 0x3, 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8b04, &(0x7f0000000000)={'wlan1\x00', @random="0200"})
mount(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='qnx6\x00', 0x200000, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
io_setup(0x1, &(0x7f0000000380)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f00000002c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0, 0x0, 0xc4a, 0x0, 0x2}])
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)
syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x109001)
close_range(r4, r5, 0x0)
r6 = openat$smackfs_netlabel(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x40, r8, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x40}}, 0x0)
write$smackfs_netlabel(r6, &(0x7f0000000140)=ANY=[@ANYBLOB="30303030303030303030303030303030323334322e303030303230303030303030303030302e30303030303030303030303030303032373232332e30303030303030303030303030303030303038312e2000df619ac30cd5cbfcb800cfbce5ac60ad47a8ce75f50b538e34ec96d29e86457d82aadc8db3eac839c1e61ef3cad96e4b89b88bed794f15c2a251ceb9ec263e1c5e5df342c21e8a6737afe8dc719c7c0a26e34a1ce0e629010e819d837a2379ae4094cb5ef5c10ece0d1f7867b55857c4e8930ade6a11de9cc4ba27f279dc2b033e85d2bb299ba024c6bac09e3b85f38bf6f5525da8cfc1bda8ba0059da4b8e6eec55ed548cd1db293a4e832d161ba2eeb4dead24bea4b19694"], 0x56)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

9m47.13640428s ago: executing program 1 (id=200):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='400:\x00\x8e\xf7\xd4\t\xe1\xae\x19\xe5\xf7c\x84\x9c\x06\x00\x00\x00\x11\x01\xf2 \xec\xbe#\'S\xc4\xbd\xb5\x1e\x98MM\x06\x1a\x7f5U\x18\x90\x99\xb2\xfa\')Z\x9ew\xae\xe8\xdd\b\t\xf0\xc4\xbfj\xb6\x88/)~\x93E\x1d4\xa7\xcb\xeb\x0f\xd4(\xb6>\x87\xc3\t\xb0\x80\xf7\xe6\x8b?\xa4\xb3\b\x00\x81\xbe\xea\x1f\xfe\xed\x9d\x1a\x8aQ\xafQ\x06\x0fJ\xc0\xc0=}\x7f\xaeB\xb1\xed\xa4\xf3c#\xbe\b\x1f\xa4L[\xfa\x01Uu\xe0\x8b\x94E\xda\xd9j\x93\xc8~\xd9\x82\x8f\xcam\x17\xa2\xed\xf3\xc3_h\xfc6\t\x96@\xaf\xe6\xd0!)\xc3\xcfe\xe1g\xe7\xe5F\xbdC\xd9$\x9b@\xaf\xc2j1p\xa9\xb2d\x92\x8fo\xcbg\x9fZ\xd7\xef\xb2z\xf5\x0fq\x7f\b\xc2\xa7\x90\xc5\xf5Y\xbc\xf1s\x93X\xb6\xeb\x86&\xa7\x14%B', 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x8, 0x1, 0x3)
sendmsg$nl_route(r5, 0x0, 0x4000002)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8)
sendto$inet6(r6, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x0, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000380)={0x0, 0x0, 0xfffb}, 0x8)
sendto$inet6(r0, &(0x7f0000000080)="800009e92208a1ce", 0xfdef, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c)
r7 = socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x10, 0x2, 0x10)
r8 = syz_io_uring_complete(0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x18, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0xb0}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x5, 0x40, 0x8}], {0x95, 0x0, 0x9}}, &(0x7f0000003ff6)='GPL\x00', 0xfff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, r8, 0x8, &(0x7f0000000000)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000210400001037fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adf9aa88e16000001c0012800b00010067656e65766500000c000280060005004e2000"], 0x3c}}, 0x2)
openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/doi\x00', 0x2, 0x0)

9m45.471523009s ago: executing program 1 (id=205):
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="020e000010000000000000000004830008001200000001000000ff000000400000001ea0abff7f00000000000000d41f9ab9000100700000ebdf000008000000c4fc0000100000000000e2ffff1c004f030006000020"], 0x80}}, 0x4814)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$BTRFS_IOC_FS_INFO(r0, 0x8400941f, &(0x7f00000002c0))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r2, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x208, 0x98, 0x8, 0xfa04, 0x98, 0x6c02, 0x1e0, 0x194, 0x194, 0x1e0, 0x194, 0x3, 0x0, {[{{@ip={@broadcast, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'batadv_slave_0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x268)

9m42.807403104s ago: executing program 1 (id=212):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793b10d10501200029010203010902120001000080000904"], 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x6)
setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000300)=0x200, 0x4)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x5502000000000000, 0x0, 0x40000}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r4, 0x80045700, &(0x7f0000000340))
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000180)={0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="0023fe000000fe0aa9ac4be0db0a9751b20ad07c6a30e86a19edb5d94673227db4760dac354cc0b707274e8ac4115fdb4aa22f0c1b043024b4904c59051a06d92a38df697b62a2f7610f90af2605b5ac9ce5b310fb0d561f9754b3642098fa61a2d79f73301afe02adeb0691c5347cb5465805ac9b9ddcd88c814451529a63ad956b1a9c8ca011744c751b65cca683928b873726f888e98fd2e0aa3de03bc4611abae0e29b0e7ce96d8b45fc83f1681a9f77f0d523070f3f5ce96d2876631524dafd51edcca7723858c3953c115060623be573531d83e53517955d2f738263eab50ad93c83a64c727e505fb1af291d5ad5b3231805dbd47082709abc29ce42afeda15585"], &(0x7f0000000140)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000480)={0x44, &(0x7f00000001c0)=ANY=[@ANYBLOB="4012c3000000a3834f09300da2f52c9f9378c08c2a9b50f03122630b997b551aeeed9a0119136818d8e43c6faf2d81faa94d40dca8b5c17581d26f6a2567abc39b5458600c695638ae9a2149153a12fffdfe1a5f37a2a71ea39a432c574d5489930e8723279901d9dca784b84a004bab5cb246a92611fc73d28a897717c25b1fbbc18ee72063f8632c561bbcb93e8325c03cf7ed61583027c3b3e21fee153d57a4d9e4a2d5019d5a735eeddfc311fbee7efdadd7f98080fcda681c1676b8c214d109670fa699c5a39d94bc6eec"], &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000540)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000500)={0x20, 0x80, 0x1c, {0x7, 0x7, 0x1, 0x1, 0x1000, 0x8, 0x7, 0x7, 0x1, 0x3, 0x8000, 0x400}}, &(0x7f0000000380)={0x20, 0x85, 0x4, 0x9}, &(0x7f00000003c0)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000400)={0x20, 0x87, 0x2, 0x9}, &(0x7f0000000440)={0x20, 0x89, 0x2, 0x1}})

9m27.737363331s ago: executing program 32 (id=212):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793b10d10501200029010203010902120001000080000904"], 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x6)
setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000300)=0x200, 0x4)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x5502000000000000, 0x0, 0x40000}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r4, 0x80045700, &(0x7f0000000340))
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000180)={0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="0023fe000000fe0aa9ac4be0db0a9751b20ad07c6a30e86a19edb5d94673227db4760dac354cc0b707274e8ac4115fdb4aa22f0c1b043024b4904c59051a06d92a38df697b62a2f7610f90af2605b5ac9ce5b310fb0d561f9754b3642098fa61a2d79f73301afe02adeb0691c5347cb5465805ac9b9ddcd88c814451529a63ad956b1a9c8ca011744c751b65cca683928b873726f888e98fd2e0aa3de03bc4611abae0e29b0e7ce96d8b45fc83f1681a9f77f0d523070f3f5ce96d2876631524dafd51edcca7723858c3953c115060623be573531d83e53517955d2f738263eab50ad93c83a64c727e505fb1af291d5ad5b3231805dbd47082709abc29ce42afeda15585"], &(0x7f0000000140)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000480)={0x44, &(0x7f00000001c0)=ANY=[@ANYBLOB="4012c3000000a3834f09300da2f52c9f9378c08c2a9b50f03122630b997b551aeeed9a0119136818d8e43c6faf2d81faa94d40dca8b5c17581d26f6a2567abc39b5458600c695638ae9a2149153a12fffdfe1a5f37a2a71ea39a432c574d5489930e8723279901d9dca784b84a004bab5cb246a92611fc73d28a897717c25b1fbbc18ee72063f8632c561bbcb93e8325c03cf7ed61583027c3b3e21fee153d57a4d9e4a2d5019d5a735eeddfc311fbee7efdadd7f98080fcda681c1676b8c214d109670fa699c5a39d94bc6eec"], &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000540)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000500)={0x20, 0x80, 0x1c, {0x7, 0x7, 0x1, 0x1, 0x1000, 0x8, 0x7, 0x7, 0x1, 0x3, 0x8000, 0x400}}, &(0x7f0000000380)={0x20, 0x85, 0x4, 0x9}, &(0x7f00000003c0)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000400)={0x20, 0x87, 0x2, 0x9}, &(0x7f0000000440)={0x20, 0x89, 0x2, 0x1}})

5m45.220755127s ago: executing program 3 (id=732):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000004a00000a140000000c0a0101000000000000000007000000140900000000000000bb8617fe0000000084000a"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r1 = syz_io_uring_setup(0x110, &(0x7f0000000200)={0x0, 0x2555, 0x800, 0x800005, 0x3b2}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582020002"], 0x0)
syz_usb_ep_write$ath9k_ep1(r4, 0x82, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r5, 0x6, 0x19, 0xfffffffffffffffd, &(0x7f0000000100)=0x2)
r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
pidfd_send_signal(r6, 0x0, &(0x7f0000000640)={0x0, 0x0, 0xfffffffa}, 0x2)
io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000000)={0x8, 0xffffffffffffffff, 0x4, {0x4, 0x1}, 0x8}, 0x1)

5m42.822024485s ago: executing program 3 (id=738):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz0\x00', {0xfff7, 0xc, 0x100, 0x81}, 0x1d, [0x7b, 0xb7e2, 0x3, 0x9, 0x100, 0x3, 0x1, 0x7, 0x9, 0x2, 0x7, 0xa, 0x3, 0x0, 0x7f, 0xc, 0x7fff, 0x6, 0x6, 0x5, 0x6, 0x6, 0x7, 0x6, 0xff, 0x2, 0xfffff5ee, 0x401, 0x0, 0xfc75, 0x8, 0x9, 0x4, 0x2, 0xffffffff, 0x81, 0xfffff765, 0x2, 0x3, 0xfffffff9, 0xa, 0xffffffff, 0x5, 0x0, 0x3ff, 0x6, 0x7, 0x4c, 0xfffffffd, 0x80, 0x8, 0x9, 0x9, 0x7, 0x8000101, 0xc3c, 0x1733, 0x7fff, 0x7ffc, 0x1, 0x6, 0x5, 0x1, 0x4], [0x8, 0x3, 0x8, 0x8, 0x0, 0x8, 0x4, 0x0, 0x25, 0x10, 0x6, 0x7, 0x8, 0xe62, 0xffffff73, 0x1000, 0x6, 0x13e5, 0x3, 0x3, 0x1000, 0x7, 0x1, 0x3b40, 0x4, 0x1000, 0x5, 0xe4, 0x8, 0x5a, 0xffff2503, 0x7fffffff, 0x6995, 0x1, 0x80000000, 0x8, 0xdaa, 0x5, 0x2, 0x76c4, 0xfffffffd, 0x5, 0x4, 0x10000, 0xd, 0x2, 0x9, 0x10, 0x4000e, 0x9, 0x7, 0xa, 0x9, 0xffffffff, 0x8, 0x3, 0x2, 0x3a6, 0x27f8, 0xc0d, 0xfffffffd, 0x9, 0x9, 0xfffffffb], [0x8a3, 0x6, 0x3, 0x9, 0x1000, 0x0, 0x80000000, 0x5, 0x7f, 0xa, 0x100, 0x1000, 0xf1, 0x6, 0xc, 0x10000, 0x72, 0xc, 0x633, 0xd, 0x7, 0x6, 0x80000000, 0x6, 0x0, 0x7, 0x8, 0x2ef3adcb, 0x10, 0x2, 0x8, 0x8, 0x74, 0x4, 0x7, 0x7ff, 0xfffffff2, 0x63, 0x7, 0x2, 0x3, 0x3, 0x20a7fd9e, 0xfffffffd, 0x2, 0xa1, 0x0, 0x9d, 0x7, 0xa8a, 0x2, 0x6, 0x77, 0x8, 0x1ff, 0x7, 0x7, 0x2, 0x0, 0x2, 0x8, 0x2, 0x3, 0x5], [0x4, 0x4, 0x5, 0x7ffe, 0x493e, 0x3, 0x35ff4447, 0x7, 0x5, 0x4, 0x7fff, 0x5, 0x5, 0x3ff, 0xb88f, 0xffff0000, 0x9, 0xf7df, 0x2, 0x10, 0x8, 0x2, 0xff, 0x6, 0x4, 0x4, 0x0, 0x0, 0x7, 0x4e6, 0x8, 0x6, 0x5ef, 0x8000, 0xc, 0x4, 0x401, 0x1, 0x5, 0x0, 0x9a8, 0x99f, 0x231, 0x3ff, 0x8, 0x1, 0xffff0001, 0x1, 0x1, 0x10, 0x8, 0x5396, 0x6161, 0x9, 0x101, 0x1ff, 0x8, 0x431, 0x6, 0x5, 0x4, 0x7b, 0x7fc, 0x9]}, 0x45c)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0xfffe}, [@IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x9efffffd}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x5c}}, 0x0)

5m42.226191393s ago: executing program 3 (id=739):
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x7ffffffa, 0x0, 0x0, 0xb000000000000000, 0x0, 0xa, 0x7})
ioctl$vim2m_VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000080)={0x1, @pix_mp={0xfffffff6, 0x9, 0x32314d54, 0x5, 0xb, [{0x7, 0x9}, {0x10, 0x5c}, {0x7ff, 0x5}, {0x0, 0x7fffffff}, {0x5, 0xfffffff8}, {0x7, 0xc7e}, {0x4}, {0x10001, 0x7}], 0xed, 0x7, 0x3, 0x2, 0x6}})
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x10000, 0x0, 0x3, "311842a9dd0c63d16f39cd717f798c9be8afd1660e48b693203e736a2e6d0827", 0x7761731e})

5m41.74296203s ago: executing program 3 (id=741):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) (async, rerun: 32)
mkdir(&(0x7f00000000c0)='./file1\x00', 0x154) (async, rerun: 32)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000640)='./file0\x00', 0x0, 0x2901090, 0x0) (async)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
accept$inet(r0, 0x0, 0x0)
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
pivot_root(&(0x7f0000000340)='.\x00', &(0x7f0000000180)='./file0/../file0/../file0\x00') (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000340), 0x20a4000, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@index_off}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000900)={0x0, 0x2, 0x1, [0xffff, 0x13a0000000000, 0x0, 0x88, 0x5], [0xffffffffffffff63, 0x8, 0xffffffffffffff4a, 0xfffffffffffffff8, 0x10000, 0x2, 0x2d9, 0x4, 0x4000000000003, 0xc7, 0x4, 0x9, 0x4, 0x7e, 0x7d, 0x7, 0x8, 0x101, 0x6, 0xffffffffffff8000, 0x3, 0x9, 0x7f, 0x6, 0x1, 0xc, 0x5, 0xff800000000000, 0x401, 0x7fffffff, 0xc333, 0x809, 0x6, 0x8001, 0x1, 0xd5d, 0x8, 0x1, 0x2, 0x5, 0x6cf2, 0x2, 0x9, 0xa, 0xa, 0xffffffff00000001, 0x7fffffffffffffff, 0x2, 0x5, 0x4cc2, 0xfffffffffffffff7, 0x6, 0x0, 0x2000003a67, 0x7f, 0x0, 0xfff, 0x8, 0xa, 0x3, 0x706, 0x2, 0x5b4, 0x8, 0xfffffffffffffffb, 0xe, 0xb88a, 0x6, 0x3, 0x8, 0x2, 0x77, 0x8, 0x346, 0x0, 0xfffffffffffffff9, 0x8, 0xffff800000000000, 0x7, 0x806, 0x9, 0x935, 0x7, 0x5, 0xe36, 0x3, 0x9, 0x5, 0x8, 0x6, 0x40000000000000, 0x6, 0x684, 0x2, 0x401, 0x34, 0x6fc, 0xc90, 0xfff, 0xfffffffffffffeff, 0x0, 0x3, 0x6, 0x28, 0x3, 0x1, 0x8d45, 0x100000000, 0x3ff, 0xf2, 0x800, 0x8, 0x8, 0x8001, 0x5, 0x9, 0xa, 0x1fb, 0x2, 0x6b, 0x334]})
open(&(0x7f0000000380)='./bus\x00', 0x20000, 0x0) (async)
r1 = syz_usb_connect$printer(0x5, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x54, 0x10, 0x40, [{{0x9, 0x4, 0x0, 0x1a, 0x2, 0x7, 0x1, 0x1, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x200, 0x52, 0x5, 0xd}}, [{{0x9, 0x5, 0x82, 0x2, 0x8, 0x1, 0x8, 0x5}}]}}}]}}]}}, &(0x7f0000000700)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x200, 0xf, 0xd, 0x3, 0x40, 0x4}, 0x38, &(0x7f0000000400)={0x5, 0xf, 0x38, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0xf, 0x9, 0x4}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x8, 0x8, 0x2}, @wireless={0xb, 0x10, 0x1, 0x4, 0x0, 0x8, 0x7f, 0x8, 0x5}, @ss_container_id={0x14, 0x10, 0x4, 0xff, "db9779b7a0ddbadf2db731bf3936aa0b"}, @ptm_cap={0x3}]}, 0x5, [{0x95, &(0x7f0000000440)=@string={0x95, 0x3, "fb8a3c8f00c8006cc92183a416088780f28236142b69bccf0030664cab10c7c99ba430b8f2b89e2cd8e3184a24867dfc77e73d63268c2f5589a4a588183a4642c3e228e63247fec80c426e547bd42e137d072d58a2a5d8ae8464a1fe00ab74686944c0b2d19a2ff1b7b62489e6526dc87178997187b433c6f22f9e07b36eaffa5e094f987159b26f2fad4068913112000c8302"}}, {0x58, &(0x7f0000000500)=@string={0x58, 0x3, "0c8b2c2a88ee9d5d34b9109dc020715f6584597f6367d3690cead0ba79527d509205e6458af2a4bb3048845a1c7e0765375bca7e1105e76b1676591eec3c2c090b7b9297abc42b4f6ed29af1ecb689f76188d84b7f7c"}}, {0x72, &(0x7f0000000580)=@string={0x72, 0x3, "d5d05bc03085e1737efafbfdd1d1f03e6c3584dface82bb2172e1583e3f4f1f26bb82277cca999b570b50720fc718324cfff27aa486d8d390694b4b9b1f4fe319935d8677051274842c039e97efad01f2a0f412c4cda5fb057ac8c559c0918e4b3ec1d9a77b0a55fd89dabe50c8d18b6"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x1029}}, {0x5d, &(0x7f0000000680)=@string={0x5d, 0x3, "03920eb0c69d7c5302951fc5927927639372ea67bfd09cbee241db7ae34336720c01953ee0434d5b7d93964ae38c041002d90b5c2176606904956f7c770e330c051510e3b8014fa9ea149eb9a4fbf248f1f2719385fc16ddddc76c"}}]})
syz_usb_control_io$printer(r1, &(0x7f0000000880)={0x14, &(0x7f0000000780)={0x40, 0x31, 0xc4, {0xc4, 0x3, "833f03752f06fad71264a1bb0434544eb4ceb8f02205a87eabe66f6bb51a1926c727b58756783d4e1979bb7907d3a9cc1df5a68c1fdca5420763837491a118ccf030380cbef55392f9187dd1ae45bb3916c666bfcc88e809e678d9d6c327f63065193d8eb1d424d93af08a5cb5b04ce241006582856a914aaee299bb05a22042ece59ae379c6e37cb4b36c8c7f9aec8c0eff7154774161d0967d1325d611344a016865c955361adf434b0f759f4ad0d611f4ef26266388c9f3b52a85fa5535e7c885"}}, &(0x7f0000000d80)={0x0, 0x3, 0xa5, @string={0xa5, 0x3, "e8121f119f81172f31ad02fa25e4cda6936f27eb779c50c6c7e17ee7f307600f9d850b11c464c08b63f848b8c2090c7cce20f1ca8ee072c59283b7b5da0f60711e8b6f22829847fb24233c3e10005b3082c5afc2d57414d2156e262d1e747c850ce67e4f7c5686d492794477478d3dbdc840be34ebc28c2dc54b255bdee7e95bb647efcf9aeaebbf04091c394387508dff562567eba34836a8ef9fbec848a4d46786ad"}}}, &(0x7f0000001040)={0x34, &(0x7f0000000e40)={0x40, 0xd, 0x4d, "1fd70cc27b9b22e5d0c1ede991359c99a7cd91d68bad705b43b9b98f3498ea7cea9db025f0b14e9a1336576dfe8e7ed5158a4771125670470cb271b98c1297f654c9c246e095ca5912025dce4e"}, &(0x7f00000008c0)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000ec0)={0x0, 0x8, 0x1}, &(0x7f0000000f00)={0x20, 0x0, 0xa6, {0xa4, "36836b323c96cd1fac2955f9fbc5e633790a2068b913dfcb63587a2e5f768e7efa3af59d80d430ff337558d7abf223c8e576a54ae8f7b263283d9be1080372c7041158a3f7bc021773338471525745999ca71596caadfad4e3cedb8925b5cd6f76d708891b3eb1e171976e48f76817755b542554a940e3d4419d60bc9e8bc8b6050e0f9ee399c6c87a9293d10a42440c91684a81289f63f7e06c20f796eb76a890e1cef1"}}, &(0x7f0000000fc0)={0x20, 0x1, 0x1, 0x8f}, &(0x7f0000001000)={0x20, 0x0, 0x1, 0x3}}) (async)
chdir(&(0x7f0000000140)='./bus\x00') (async, rerun: 32)
tkill(0x0, 0x0) (rerun: 32)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000280), 0x208e24b) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) (async)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x40408c1)
ioctl$FS_IOC_SETFLAGS(r2, 0xc0189436, &(0x7f0000000140))

5m41.574064473s ago: executing program 3 (id=743):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x7734, 0x80, 0x40000, 0x34f}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x2000)

5m38.557118315s ago: executing program 3 (id=748):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
getpid()
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000680), 0x100, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000006c0)={0x1, 0x1, 0x3989c9edc21ef138, "523c2fdd7d69755fbd486d671dbae472d98af3cc00169f13b9e0839cc4e2732b", 0x30324c4a})

5m36.062186344s ago: executing program 33 (id=748):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
getpid()
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000680), 0x100, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000006c0)={0x1, 0x1, 0x3989c9edc21ef138, "523c2fdd7d69755fbd486d671dbae472d98af3cc00169f13b9e0839cc4e2732b", 0x30324c4a})

1m13.699272604s ago: executing program 6 (id=1474):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {}, 0x2b, [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x800, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x20, 0x401, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x100000, 0x6000000, 0xfffffffd, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x8000, 0x0, 0x1, 0x0, 0x0, 0xffffe, 0x0, 0x1, 0x5, 0x3, 0xffffffff, 0x401, 0x0, 0x0, 0xc, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0xfffffffb, 0xfffffffd, 0x0, 0x0, 0xffffffff], [0xffffffff, 0x0, 0x5, 0x0, 0x10000000, 0x0, 0x0, 0x44a, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d93, 0x5, 0x0, 0x0, 0x4, 0x4, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180d, 0xfffffffd, 0x1, 0x0, 0x0, 0x80, 0x40, 0x0, 0x58000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffe, 0x0, 0xfffffffe, 0x0, 0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffd, 0xd9be, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x553, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8, 0xb0d, 0x0, 0x0, 0xfffefffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3, 0x7f, 0x7, 0x0, 0x0, 0x100100, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0xef86, 0x1, 0x401, 0x98c7]}, 0x45c)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
read(r0, &(0x7f00000007c0)=""/4096, 0x1000)

1m11.134470671s ago: executing program 6 (id=1482):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000800), r0)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x40, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010102}, @NLBL_UNLABEL_A_SECCTX={0x24, 0x7, 'system_u:object_r:var_lock_t:s0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x60008000}, 0x44)

1m9.743704353s ago: executing program 6 (id=1487):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = memfd_create(0x0, 0x1)
write$binfmt_script(r1, 0x0, 0x0)
ftruncate(r1, 0x1)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
accept4(r0, &(0x7f0000001f00)=@l2tp6, &(0x7f0000001f80)=0x80, 0x80000)
writev(r4, &(0x7f0000000700)=[{0x0}], 0x1)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r3, 0x0, r5, 0x0, 0x80, 0x0)
listen(r0, 0xfffffffd)
ioctl$int_in(r0, 0x5452, 0x0)
syz_open_dev$vim2m(&(0x7f0000001880), 0x7fffffff, 0x2)
r6 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001d80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/196, 0xc4}, {&(0x7f00000003c0)=""/205, 0xcd}, {&(0x7f0000000200)=""/33, 0x21}, {0x0}], 0x4}, 0x59b1}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000300)=""/88, 0x58}, {0x0}, {&(0x7f0000000740)=""/208, 0xd0}, {&(0x7f0000000840)=""/141, 0x8d}, {&(0x7f00000006c0)=""/22, 0x16}, {&(0x7f0000000a40)=""/236, 0xec}, {&(0x7f0000000b40)=""/155, 0x9b}], 0x7}, 0xada}, {{0x0, 0x0, 0x0}, 0x80000000}, {{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001100)=""/107, 0x6b}], 0x1, &(0x7f00000011c0)=""/42, 0x2a}}, {{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001200)=""/6, 0x6}, {0x0}, {&(0x7f0000001280)=""/241, 0xf1}, {0x0}, {&(0x7f00000013c0)=""/46, 0x2e}, {&(0x7f0000001400)=""/59, 0x3b}], 0x6, &(0x7f00000016c0)=""/42, 0x2a}, 0x5}, {{0x0, 0x0, &(0x7f0000001c40)=[{&(0x7f0000001780)=""/200, 0xc8}, {0x0}, {&(0x7f00000018c0)=""/10, 0xa}, {&(0x7f0000001900)=""/60, 0x3c}, {0x0}, {&(0x7f0000001b40)=""/236, 0xec}], 0x6, &(0x7f0000001cc0)=""/157, 0x9d}, 0xc}], 0x6, 0x40012001, 0x0)
keyctl$reject(0x13, 0x0, 0x80000000, 0x1856, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x10, 0x2, 0xff, 0x5a, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x22, 0x20}, 0xe)

1m7.710168718s ago: executing program 6 (id=1494):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f006bbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mount$9p_rdma(0x0, &(0x7f0000000400)='.\x00', 0x0, 0x0, &(0x7f00000005c0)={'trans=rdma,', {'port', 0x3d, 0x4e21}})
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
getpeername$packet(r3, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r4, 0x84, 0x7, &(0x7f0000000100)={0x3}, 0x4)
sendto$inet6(r4, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000340)={'ipvlan0\x00', @remote})
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r5, 0x1, 0x0, 0xfffffffd, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0xa00, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x5410, 0x0)
mmap(&(0x7f0000894000/0x4000)=nil, 0x4000, 0x0, 0x40030, 0xffffffffffffffff, 0x0)

1m3.483513181s ago: executing program 6 (id=1505):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1a3089, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount(0x0, &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x800, 0x0)

1m2.69899707s ago: executing program 6 (id=1506):
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x50}, 0x4, 0x700000000000000}, 0x0)
r3 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r3, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
read(r4, &(0x7f0000001140)=""/130, 0x82)
sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x58}}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc, 0x1})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

46.909841877s ago: executing program 34 (id=1506):
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x50}, 0x4, 0x700000000000000}, 0x0)
r3 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r3, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
read(r4, &(0x7f0000001140)=""/130, 0x82)
sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x58}}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc, 0x1})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

14.706113181s ago: executing program 0 (id=1610):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/138, 0x8a}], 0x1}}], 0x1, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r2, r1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace(0x10, r5)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$ptys(0xc, 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0)
readv(r6, &(0x7f00000002c0)=[{&(0x7f0000001500)=""/4110, 0x100e}], 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0)

11.589501259s ago: executing program 0 (id=1615):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = memfd_create(0x0, 0x1)
write$binfmt_script(r1, 0x0, 0x0)
ftruncate(r1, 0x1)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
accept4(r0, &(0x7f0000001f00)=@l2tp6, &(0x7f0000001f80)=0x80, 0x80000)
writev(r4, &(0x7f0000000700)=[{0x0}], 0x1)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r3, 0x0, r5, 0x0, 0x80, 0x0)
listen(r0, 0xfffffffd)
ioctl$int_in(r0, 0x5452, 0x0)
syz_open_dev$vim2m(&(0x7f0000001880), 0x7fffffff, 0x2)
r6 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001d80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/196, 0xc4}, {0x0}, {&(0x7f0000000200)=""/33, 0x21}, {&(0x7f00000004c0)=""/183, 0xb7}], 0x4}, 0x59b1}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000300)=""/88, 0x58}, {0x0}, {&(0x7f0000000740)=""/208, 0xd0}, {&(0x7f0000000840)=""/141, 0x8d}, {&(0x7f00000006c0)=""/22, 0x16}, {&(0x7f0000000a40)=""/236, 0xec}, {&(0x7f0000000b40)=""/155, 0x9b}], 0x7}, 0xada}, {{0x0, 0x0, 0x0}, 0x80000000}, {{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001100)=""/107, 0x6b}], 0x1, &(0x7f00000011c0)=""/42, 0x2a}}, {{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001200)=""/6, 0x6}, {0x0}, {&(0x7f0000001280)=""/241, 0xf1}, {0x0}, {&(0x7f00000013c0)=""/46, 0x2e}, {&(0x7f0000001400)=""/59, 0x3b}], 0x6, &(0x7f00000016c0)=""/42, 0x2a}, 0x5}, {{0x0, 0x0, &(0x7f0000001c40)=[{&(0x7f0000001780)=""/200, 0xc8}, {0x0}, {&(0x7f00000018c0)=""/10, 0xa}, {&(0x7f0000001900)=""/60, 0x3c}, {0x0}, {&(0x7f0000001b40)=""/236, 0xec}], 0x6, &(0x7f0000001cc0)=""/157, 0x9d}, 0xc}], 0x6, 0x40012001, 0x0)
keyctl$reject(0x13, 0x0, 0x80000000, 0x1856, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x10, 0x2, 0xff, 0x5a, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x22, 0x20}, 0xe)

10.433794805s ago: executing program 0 (id=1617):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/138, 0x8a}], 0x1}}], 0x1, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r2, r1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace(0x10, r5)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$ptys(0xc, 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0)
readv(r6, &(0x7f00000002c0)=[{&(0x7f0000001500)=""/4110, 0x100e}], 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0)

9.911067872s ago: executing program 5 (id=1620):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x40202, 0x0)
ioprio_set$pid(0x1, 0x0, 0x4007)
sendfile(r1, r1, 0x0, 0x4800000009)
r2 = fcntl$dupfd(r0, 0x406, r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_SET_HARDIF(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xc0200}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x913}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xff}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc0}, 0x4000)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r5, &(0x7f00000016c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000280)="5f485c95f081b3a3de02f5d290b7d160495e63855aa94b25562c1754e49414a58582b9f6dbf35a374b754f8dc9fc670667de4a9939900d930c862050dcd586e456451ca3c72bc706c7aee54b9d220546a3a8a1fa55b2aee60bfd7e10c5", 0x5d}], 0x1, &(0x7f00000003c0)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0xd}}, @rthdrdstopts={{0x30, 0x29, 0x37, {0x2f, 0x2, '\x00', [@padn={0x1, 0x2, [0x0, 0x0]}, @ra={0x5, 0x2, 0x7}, @calipso={0x7, 0x8, {0x0, 0x0, 0x9, 0xbc9}}, @enc_lim={0x4, 0x1, 0x2}]}}}], 0x48}}, {{&(0x7f0000000440)={0xa, 0x4e21, 0x5, @rand_addr=' \x01\x00', 0x80000000}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000480)="9b31ed8ebdf5f66beb360659b9f95af26ccde70a3ba189066cabc6130102e1cf154426c69c69f657373c319a3e73efa09d6960078c4b66a15a831aa1af8aadcf20eed36460dd4d4568c9f6adeac4b58bbaaf6c40e36f2762fab93d12728e400b1e828bf8d8a608bb635581ecd80853b1db310b2ed56fca2e037696a1bcfca0d2a2e734d290d1a2c6366c5520f3c6c31468d5cd78ce409e100df2c0", 0x9b}, {&(0x7f0000000540)="6ecb496448147fcc4e95cdf9cadfd21796edb474937c60f27d4af77c668ea0a2de1777805574ab5b38bfa24021992315cb14e8abde06d57b4094", 0x3a}], 0x2, &(0x7f00000005c0)=[@hopopts_2292={{0x138, 0x29, 0x36, {0x0, 0x24, '\x00', [@ra={0x5, 0x2, 0x9}, @generic={0x9, 0x27, "06518591fa7fa219a25d063541dbf301243df6a59d81e0f75efe36b32405a744d1de5ba36bbe87"}, @jumbo={0xc2, 0x4, 0xe}, @enc_lim={0x4, 0x1, 0x80}, @hao={0xc9, 0x10, @mcast1}, @generic={0x7, 0x9a, "b3f27799fe58faaa1c734fcbae48466c6a7daf8ab449bbf6762e5d88576e891c4ef98d9c0697cd8ce8d28f508e3bef788be43a27990330eaba9c4c5ee94379cd65415136511d25043db9ad3f4b00f3eb8256278798fe9e7a4f5b4af5a2119e47641b09d369c7328a27c092f6862e7579dcdc6b0e8b1b8f7a9e40bc10680ee9ab8e8f24f9d629adde2a8fbb6085bb75efaa4624333253c6a85a02"}, @generic={0x58, 0x3a, "08bf01be425c36fd8c7e4d178a3739a8023d81a872def4b50f86f46abb9d46105c0de4a4eea8259915142dce006bdc97a2a7604606a730978da2"}]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x42}}, @hopopts={{0xa0, 0x29, 0x36, {0x11, 0x10, '\x00', [@jumbo={0xc2, 0x4, 0x7}, @calipso={0x7, 0x18, {0x2, 0x4, 0x5, 0x6b5b, [0xe7, 0x3]}}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @empty}, @enc_lim={0x4, 0x1, 0x76}, @jumbo={0xc2, 0x4, 0x19}, @generic={0x3, 0x3e, "f063213644a4f209ba0addb6839272820393428b89ab81a7bc60961fdcb19f6fdbb0cd9e4f40b959bef42cdeba2da9546136d8f8212feb9e5d4c8ae373ed"}, @pad1]}}}, @rthdrdstopts={{0xe8, 0x29, 0x37, {0xc, 0x19, '\x00', [@pad1, @pad1, @jumbo={0xc2, 0x4, 0x5}, @generic={0x0, 0xaa, "57ac12e925e61dbfdb36ee1548b8b1b24a51742d6b378668cb02918d035f1668c3b33797a6fbd91c93fe60563d3efbbebdd8be6a1c7860650baa85372a987c2ac35092b6ec57b007e8a14e8e9a33af39f07e523ece04b1c6dcaba3b29eb887f7b0ac01e24294e73d8920f157c26d35d13a6bb95fb090e961beff9e42dfe6ae2e49e873bbfc10348b352f16dbc3c8cb53fb37b607b3bfec1d9a68335688011d2e60abeba27f1447e983a0"}, @padn={0x1, 0x2, [0x0, 0x0]}, @calipso={0x7, 0x10, {0x3, 0x2, 0x0, 0x7452, [0x3]}}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x200}}, @dstopts_2292={{0x28, 0x29, 0x4, {0x32, 0x1, '\x00', [@jumbo={0xc2, 0x4, 0x5}, @ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x84}]}}}, @rthdrdstopts={{0xd0, 0x29, 0x37, {0x32, 0x16, '\x00', [@generic={0x2, 0x9c, "8b7509214559de66d8d0e5040f9c8ecb4292ad88bcb9e82796cbbd0d56b3c3a7221afd2361b5929cdba59888f160ce7605cf378133ced2dd105eeb2a73b1f2c50c92c9c3bf920330c82cdaefc0a2fe67fecc5e29aa9c065881dc2d73e87d6c21f18d89b81b70dce699b1c42d6dbd02a0fded85caf221bfbde09f16e33bac97fffef335b837c8b7d789b9b77ddbdaf0a171a4facf482b7f0c21fead9a"}, @ra={0x5, 0x2, 0x7}, @hao={0xc9, 0x10, @local}, @pad1]}}}, @hoplimit_2292={{0x14}}, @hopopts_2292={{0xa8, 0x29, 0x36, {0x1, 0x11, '\x00', [@generic={0x5, 0x44, "fc4885294e67b47b63e1b6e7e17eb5c3906653faf033baa3113fbc3c7fe41b947879ecb3d92caf1b551b6ac2ef1350388d4195bb5cecb648da0c7f5a90fb9993f187371e"}, @jumbo={0xc2, 0x4, 0xfffffffe}, @ra={0x5, 0x2, 0x1}, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @loopback}}, @ra={0x5, 0x2, 0x51}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @hao={0xc9, 0x10, @private2}]}}}, @dstopts_2292={{0x78, 0x29, 0x4, {0x3b, 0xb, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0xf3, 0x33, "968120c3dcebf2af899ef581197880dd8d3912172bd23652c6f4ad2e945ce1f395369cb403c8ec66a54b19d03323d8ac83eb45"}, @ra={0x5, 0x2, 0x6}]}}}], 0x520}}, {{&(0x7f0000000b00)={0xa, 0x4e24, 0x7, @local, 0x3}, 0x1c, &(0x7f0000001080)=[{&(0x7f0000000b40)="6e592c2e707656c0acf4ce31aada86a54adf4471bc80f59a3509833ba9cef6363cb86bb516210a41fe382d0d60eef32b916d9d0a64c5afee17e6febc417d8ee4618ab0f8e779902fda2570d56d1cb1a7da989e7cabc4623f9f0b1d0848baf89dafcb11081693ba8b37629ebfeeaefcbb034da1a1fa0e61c3d642626bb7be47d4bf1000f9b4fe8ebededbe25ae482d0b74091e5aaf43aa285675611b6ad5f52475d98fcf86ade6aba7853f81fbb0e620f05a0c1618088c8ff35e642b81aa8a259d014bc4e51f413f4e27c5b59e95e85ed2ac8de59be80be0f7fdcd5c45f1aef4949fa43d71dc60fc75addb6abd9bc609ee3", 0xf1}, {&(0x7f0000000c40)="3cf3f782b9a87ab755d3a38ff199514be0b51963d0a408de724cab29936dc12bface9f005cb34c4f0dd84d6f23b60135fe4538110a12f01dec6efc64f33f5868a29becfd62bdf50dac76d12ed7296d9bfd9a7de7b6cebe8876f9fb69be512c229ce149d95a5a3191d41bb6e5e968118b8a08714cd083f27ec9adbd444f0531a229", 0x81}, {&(0x7f0000000d00)="1a01e3a604ebf682e451b4561d5def18abb7c1172e47259aceaf44ba9dc63e4afb5ec0feee5dfbbc6a19bd95c649560c47576961ee3aa0e802b985b24044ebe914084f92b3ac96992d59eda9f9dec3f4f82ae6348775033c2b8b4e153a5d1c11ebdbca9ee287e2d93e80af688f7e0b02f8e2195e9102cf1ed0e95c4745c2a6a61649c9741b6f5fbe33b6b9bea1d5a65fd636ab5449886a24afb5763c3e903eb75851be815f50dae53cab9994614d9494ae8b47a931006d840bd7bac92165ea842bda4614f599f1e7a96fac15def186c39a09b4de86c8b778ba167659f1a1d71ebfcc143044e0ea6ac3eb7f9d99f3a1f5cd298b", 0xf3}, {&(0x7f0000000e00)}, {&(0x7f0000000e40)="2ddace0b80a2a65653be9c4cbfe3f9fdbbbb47c43437d12b480f4494f71688f0815b191bcd4c06fea9740295bd2b87257fa72b332df5186f6b342e1ba004d5540995695a2988f517645fb21ce6d850b314c29b45fbd0224cb2c83d41b06899e7cffbe7b85ba29a375a969ef3ce49c24c2b840313c81bfbedce35ae20b33e226b232ba4a3320373580998c7bde3492db7cce1c726b07c1ffa0f6984827e7f655ef5173a466ad4dc4519efc6fdece23a396b03c73052852134b4aba7dfe43e04ad1a045814", 0xc4}, {&(0x7f0000000f40)="71834fa7c3204ab77f4fafd78f312c4562e1861f", 0x14}, {&(0x7f0000000f80)="d5a065f0e808d5733f6b15c109b22957a9120c62560f0a04a7c3c8ab867cf0097ed784167a6c38f3fea91a7899b4bacae4b8c563d91344", 0x37}, {&(0x7f0000000fc0)="4670aa0a4824d73956245ee3b131998f2156bbbb6526edb15d1d59b399b403d5bc31ebfb9027ead851a2440d7c074f72a1fd0849d285ee3e66942071cb76597809e3295fd92b2856e4b6eb9119eeeb243059cc2837324deb9b261945a7734d51f872c4e51869187291e622c951131759aecc240c1c70a93b28b9f1eef93e4acac26b87025ecb4ce73c7f220c119a912749a21c311918adbf4b9f11190a5fcd062c4d773b01280dc587803e254d6370fdfe528e2fc2be7c845d", 0xb9}], 0x8, &(0x7f0000001100)=[@rthdr_2292={{0x28, 0x29, 0x39, {0x3a, 0x2, 0x0, 0xd0, 0x0, [@mcast1]}}}, @dstopts_2292={{0x38, 0x29, 0x4, {0x3a, 0x3, '\x00', [@ra={0x5, 0x2, 0x9a}, @calipso={0x7, 0x18, {0x2, 0x4, 0x1, 0xd, [0x1, 0x8000000000000001]}}]}}}], 0x60}}, {{&(0x7f0000001180)={0xa, 0x4e23, 0x72d, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3}, 0x1c, &(0x7f0000001640)=[{&(0x7f00000011c0)="a344ffdc8473dee00428b70efa8bb874d0e9ec76cbe6fbead658ef3b37af72d478fe7e69640ad34a1c1935a0a01372ccad36a62fe843d329e3112c7a20c8eb1a333375edc43ec023ce47b542e691ae72f7c6fb0782119f8e981abc1950be6a83828ddce7c410f1c5b2d192131b77ee56af2a74876edaaf7e61a9d8c51ddc33e644f087e3cc9ab2ff7dbb33576cbba496279cca404685c475394a8b94064149513e33ad73416de429a0af0226c6d9937b5f8f52a0c4f4c0f5e781a3bda51655d252f8b0d8200e957260a3956b", 0xcc}, {&(0x7f00000012c0)="7b6365dd68f774578772624f79f26c6ff611a52929ef155a84602dc92d9824153d25d99887cae5d9be266b4a1fb66c442a9e0d202bbc7bd2d03437cd74d8c3a8dfe1644db206db1cf0ec667fc719fe337b3c7b6f6966d564d26fecd35b732bae1beef19832232eee8c107ff349e432bf2c131ee0b1770d1a0c80076f0f2b51627a3b89ef3053ea2c7280ec", 0x8b}, {&(0x7f0000001380)="9a94832f28b2f798a9fc78e03a5eca96570edd247f9626b949ff302c47f103df91d066609253d3619a03056317956ade0cc758169dbcb01bffe79d9ba3d478ffe009f68f9a61b059af9d36061f6c54e61958a2ff0b57b98fb116205159a1f01f04245d3dca1654fe9041a73267a3b0cf3fa77d1cf514e2f139bc54beffb4ae765c5f91a7b0dc19691f821c0ff2a075c756dc6df4633358ebad92dfe1e3c19f4cba790cc807ba421b08ff799abd60e3558fafd356f3b0af5bd0e65d2b58c98b230e0d1ef74c6fe0cf55e27a7835066615db5b2cfd858646c03c1b8d", 0xdb}, {&(0x7f0000001480)="9a5c40cd380cb29b32546205abfe9f043247acef462c6e8424ada7db61f2eb0abf79a01d05be3b6673a332cb319a38fa9af4930e656c1b9f7ddd9393d2d1d0759679092b87dca2e9fa308d941b4961e79117515d7e9d06c23c1734c3e6168f92b533c927", 0x64}, {&(0x7f0000001500)}, {&(0x7f0000001540)="db22b6e450e5ba0aad5200bd8aa2e3c1f83e3551c339bd13519cda2fdcf21bca8176c9f2e46dbd670d5bd487b152842fad0fa2510b2cc18c0325eb6da3d8e17ca338390ff156216a1bf2872e72f1229e2e95bb679a87a6b710a71ba0a2d775c6d0d6328ee3098779df35d89b1ba77f36dbfee7fb3d7b05f9ab6102cb06ccd1bef0434601c0c4c61eae897084d4b4665526dc54dcc8aff9d285d26cd127ae765c1ac07cbb0db5fdbe717ef212a53a66182e202b1648bfbb9e8bd78d544c9940a07f780f98c060e3822280ff6a0cee6d4fc022b79719001498270f4be0dc850653416603bea42be9c227251a7974d5", 0xee}], 0x6}}], 0x4, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@bridge_dellink={0x3c, 0x13, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r6}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET={0x18, 0x5, 0x0, 0x1, {0x14, 0x6, 0x0, 0x1, [{0x8, 0x1}, {0x8, 0x2}]}}]}]}, 0x3c}}, 0x0)
r7 = openat$smackfs_ptrace(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0)
write$smackfs_ptrace(r7, &(0x7f0000000300)=0x100, 0x14)

9.757280775s ago: executing program 4 (id=1622):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f006bbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mount$9p_rdma(0x0, &(0x7f0000000400)='.\x00', 0x0, 0x0, &(0x7f00000005c0)={'trans=rdma,', {'port', 0x3d, 0x4e21}})
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, &(0x7f0000000100)={0x3}, 0x4)
sendto$inet6(r3, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000340)={'ipvlan0\x00', @remote})
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x5410, 0x0)

8.560615249s ago: executing program 4 (id=1623):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = io_uring_setup(0x2471, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpid()
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x24}}, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r4 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x1)
pwritev(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4)
sendfile(r3, r3, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r3, 0x4c02, &(0x7f0000001480)={0x0, {}, 0x0, {}, 0x49, 0xa, 0xf, 0x10, "28f5c9ea1f1ae4be4911ab18d2da69bde58cd7af40fd150b70aac11c2816bd5bba76630300000081020000dd91b59c98d54b0000000000000200ca0f86240100", "07a9310978040a8bfe1406584a128d7469166f4f07b84839e7df4af14e1df82d", [0xa, 0x7]})
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r3)
setns(0xffffffffffffffff, 0x24020000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'dummy0\x00'})
msgget$private(0x0, 0x0)
msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYRESOCT=r0], 0x2000, 0x800)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.freeze\x00', 0x275a, 0x0)
lseek(r5, 0xfffffffffffffffc, 0x4)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000080)={0x9, 0x0, {0xfffffffffffffffc, 0x0, 0x8e4, 0x2, 0x7fffffff}, 0xa5f2})

8.215226539s ago: executing program 2 (id=1624):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/138, 0x8a}], 0x1}}], 0x1, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r2, r1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace(0x10, r5)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$ptys(0xc, 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0)
readv(r6, &(0x7f00000002c0)=[{&(0x7f0000001500)=""/4110, 0x100e}], 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0)

7.807108585s ago: executing program 0 (id=1625):
r0 = socket(0x10, 0x3, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvfrom$inet(r1, 0x0, 0x0, 0x20, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000002200)='net/ip_mr_vif\x00')
preadv(r2, &(0x7f0000003440)=[{&(0x7f00000023c0)=""/4096, 0x1000}], 0x1, 0x5, 0xfffffff7)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005e00"], 0x1c}}, 0x880)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58)
accept4(r3, 0x0, 0x0, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r4, 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
syz_emit_ethernet(0x4e, &(0x7f0000000580)=ANY=[@ANYBLOB="bbbbbbbbbbbb0000000f000088a836008100050086dd6000000000101100fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000e2200109078020a000000000000c13c80ad299ba27e847e057e52ebca45c486f30147d47ccfa586c41b6cb97146dfb24f93adb86ae95b7874fd555cf240497b81b34728b09cee575c56b868dd43488cc08813c5b461c25bb06868f2ed26622822bcc07277b900a1193f5f4208f3fd4d8951aba774dd01d7b4693c39d83fb03395fce33a88c55d908a17ef25177e56ff4e0f3581b53da4d850d3f6bcc60d0d2240b66628e4da9237b22c9aea83a2543e7961f9e90f35c0f69d1680c3bfcb0809ec98f8fabb5efc458aad7d0980134b6526de1b3b583ea8c012cae0a918d37238332fc5ed724dd371748fd919aed5e5712924033e1576768287da164d8e17ace343dacf1ecd7cf668ea08bd495289f0211f45f93c21ceec43606fe638d63723b5278a594e75667e134864e69b8c5950221522a5cc8d0c41d675f9d66a4bb154c410b5e0bec1459de65883b3cec0"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
clock_settime(0xbcd1940b87aad64b, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$SIOCNRDECOBS(r6, 0x89e2)
get_robust_list(0x0, 0x0, 0x0)
socket$inet(0x10, 0x3, 0x0)

7.805031408s ago: executing program 5 (id=1626):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = memfd_create(0x0, 0x1)
write$binfmt_script(r1, 0x0, 0x0)
ftruncate(r1, 0x1)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
accept4(r0, &(0x7f0000001f00)=@l2tp6, &(0x7f0000001f80)=0x80, 0x80000)
writev(r4, &(0x7f0000000700)=[{0x0}], 0x1)
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r3, 0x0, r5, 0x0, 0x80, 0x0)
listen(r0, 0xfffffffd)
ioctl$int_in(r0, 0x5452, 0x0)
syz_open_dev$vim2m(&(0x7f0000001880), 0x7fffffff, 0x2)
r6 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000001d80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/196, 0xc4}, {0x0}, {&(0x7f0000000200)=""/33, 0x21}, {&(0x7f00000004c0)=""/183, 0xb7}], 0x4}, 0x59b1}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000300)=""/88, 0x58}, {0x0}, {&(0x7f0000000740)=""/208, 0xd0}, {&(0x7f0000000840)=""/141, 0x8d}, {&(0x7f00000006c0)=""/22, 0x16}, {&(0x7f0000000a40)=""/236, 0xec}, {&(0x7f0000000b40)=""/155, 0x9b}], 0x7}, 0xada}, {{0x0, 0x0, 0x0}, 0x80000000}, {{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001100)=""/107, 0x6b}], 0x1, &(0x7f00000011c0)=""/42, 0x2a}}, {{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001200)=""/6, 0x6}, {0x0}, {&(0x7f0000001280)=""/241, 0xf1}, {0x0}, {&(0x7f00000013c0)=""/46, 0x2e}, {&(0x7f0000001400)=""/59, 0x3b}], 0x6, &(0x7f00000016c0)=""/42, 0x2a}, 0x5}, {{0x0, 0x0, &(0x7f0000001c40)=[{&(0x7f0000001780)=""/200, 0xc8}, {0x0}, {&(0x7f00000018c0)=""/10, 0xa}, {&(0x7f0000001900)=""/60, 0x3c}, {0x0}, {&(0x7f0000001b40)=""/236, 0xec}], 0x6, &(0x7f0000001cc0)=""/157, 0x9d}, 0xc}], 0x6, 0x40012001, 0x0)
keyctl$reject(0x13, 0x0, 0x80000000, 0x1856, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x10, 0x2, 0xff, 0x5a, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x22, 0x20}, 0xe)

6.686871327s ago: executing program 2 (id=1627):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xd2, 0xb6, 0x8f, 0x8, 0x1c9e, 0x9b02, 0xbdba, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x4e, 0x0, 0x0, 0x7f, 0x54, 0xba}}]}}]}}, 0x0)

6.531127972s ago: executing program 5 (id=1628):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000000)=0xffffffff)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r0, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"])
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYRESOCT, @ANYRES8])
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000a80)={0x4000, 0xd, 0x0, "134600cea4dd512d97d4188cbf770637bc747721f37af54dd1dc03030096c337"})
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$ttys(0xc, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfe33)

6.46409263s ago: executing program 4 (id=1629):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
rt_sigprocmask(0x1, &(0x7f0000001fc0)={[0x8]}, &(0x7f0000002000), 0x8)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
socket$inet(0x2, 0x1, 0x100)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r0, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001c40)="0349ee47070c03607b5bae292ac8b762044157dd1ea30758ca9a7bfbd23efe5ba3cf173f0478438cbae7a57fe81ae074996dfd64d0c8db1c53c331a33a95a0d2cb94d0cd09f710c11df6be5cc730821bae016a0ea4073e7e4bd62cc1aff09c799d1ebe2a8388a02e50dd19c4b7b1e91a0a1d8904b32b45710d16dc796b719e7adabac89602c834ff01f6b5839643d5a2d8edb9d77af834a7fb82c2fdbdedbab80f961971ed25e2cee13220d342969544a6ce40ead993604e38deb309b330177ed7d23f919596f483ece2d540a95568272a0e879281d83615f589c89e1a7b0cea2a2fac406dbe67256f354a79cb99de0f7e1f4aa617405f284bca8cea6048f1155a89e98746e6912a7509caca768fd2b1ae942cce6a29d848f660b18ca860f9e5f9d95562c4a19fdd9b59932a453a934f0b98fa91129d29dfa2f8f21424c590ed8fe31a79ba09ef72c497ddd5ce7826e096e30746772e34cfc47e9eb5b56187132d87702b56e40d6751a58f9e6aa732d610f7aa631759a3afa266f730a0ee4a8d93555ba710d1bfb9ea4d633faee1529b8565af53eb34cfaca3e31dda587c2be2df3fe5a5a0e2a500eb8cc40db50854a6ec225fca2900148eb7a83c9189cedd69b7eb874f92f00f7635510d2dc062cfcfd8c9a473ac15c7ffbcc56399f6150750d7090917358870f16f684528a9d69bac3046256ad4e101073115712a89b0dd76fe5e8648696ce8dfe82b3220807dd7a446cd158fdf9426b7ddab8584eefb4152d25757e2642b77a21b364327ea38e911f60e6e6718730942c1db47cf80f16aac0950a5c2d412c620b526dca7f601a25b0089f69652889f0ac0667980d074e48dd8d20096097b772317cb8ba11531bd353d584f278e5b2565456f4997f73541add2e336a9beba29baeea7df3bbc5ad5f00c7c6f3c1ba93fbc1dba159497752eefa611d14f26b7c9a07aacda2e9b7572ea3fa66f67c04ee30f0e8f94038c01de81689c12fc44c71ed2b93b31ddc0d9acf62e6e9d71699d0d987ae87c529fcd79ab48433a43ed86d09095bf8d9798f80bbdd36d4ddeb90e752ac9e96079cfa4595daaed34df23e3771b791f3a54f86be3fe4a41f41c8d0f3a28cac2bf926eb95c8badf9fd2d0eb767664872417a08dade17937cadc00a8e3afe349d0e7a3cdfc1b1af108a7a5142a2b5832e99aff5ef27b525d4ea83d1523210c6cc673bcf42cc2e4561d2e8abad128992074d0aaa467eae584f62d347b70fa4f282f463ea0c916ec2e5b8490c87347bc70a11e9748a844d45cc744847e89acbb2e0bc03014c4865d426f52a460b1c0354fb90e4b882e23b674606737e5b878d1f18628f8f2389a071b0d2c64bcdb634b59e2effaabed7ee7812002956e776c039b16bd1cb0b663f4c8a16ad422856f7e6de282b33f268ff11f7972678bd337373b399e514c4dbebfcb812edc05f0e60b68df71682244b458009b85ee038722fc4b6b0c322d6d59ae9d290870d9c86707ad7f080f53d883454526ca942d6b6232cac0b378f0f2bb5209d93e2487a80a9677ac6b850d88cf1f8d47a5f5b534ad4cbf459235fd3662513ac1c53f0ba321b3cf9ede7b9a7e712fc5bf0b17cd164ef34178b3b06ec995106af31c7ffbe5a2bda35a9df9cd31d877d304dd1bd16caf5560ed991dadf378d9deb8f495b0d084ff28f87b305a3a849efcabd48b3e515dc6acd7b61589c10bb0e68dc10eef57e9e59aaba78c04c59c6f8c1d860227133fca4ff352634eb6caad1afbbbfe47fa2646819ec282ca1fb73bcbbc7315782", 0x4f6}, {&(0x7f0000002640)="67bc1270103215f70ba82603356704de3f11", 0x12}, {&(0x7f0000000200)="8fd26291dc7d67b112d3e8b82fa2c2c44486653b44834d66239fa66393c45a6031f6c1bd07000000000000000903e1c5863cc58490e29936da789cff4b90234d9c63654eaf2fac23d471ffd86e91f5754393f475a5a558936be5c3791a864c78e4a0aad7e6f039a697ab36de627cd7a4cae2743f5cced83b6f2909c5e96c05c85c13169658ad5799404148be9cade82f750069f711a9b715a8277295ed66f89453901389962590d5551afdf10aea56939b89dff5569c1f34c3c03850ec32e3d483cff3bdb845c803e818b44440ba537edd30f57101cfb74cf087c6f5101ef2a328801d60ba54f5e8d807441e03974548c534c99811e95067dc40eaa385d69c74589e33d31e1bcf57c35c2a31f69750f90edb264d6509bd8383f90c004949d8", 0x11f}], 0x3}}, {{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f00000004c0)="3912c1d03d9f66103940872256d8995b00c720af0cfa51b2b3b1448411fe107e64af467c85a200ebafdbee2c35b8ad1677fe7bb27ca22acbe83c449484972354b3baa1809633e690474a9154f95bd6874f20a0b290c590d44a9f5cd01414544ad719b82a550f2a7215e33e2dfdc1ce61a75637323b8828c5e5ef1f77b3d93114d46ceddb9d976eea7e20bb95e24e1e8b9974397bb8d73856a38618eac0ab333267fc833503b4df7838f5e522192252f4fd72ae45d21b55414a82ec84ff620a1ee2fe4691573a8afc79adaac5f0618cb457b14013f9e048cdec329a9e3343140213a41330b43e3290ef836c8839b303f0639a7561361247db2646977014051dcf3dc1246225f9aae3ca02943571bb39ecfdfa5b9ebc30a0476103c6133c7da6313848373c719a1f43ba5a765b8aa97caf7717fa063166951aa4e72d5616e6b42d6866fb308970430b2ff44c25b7dde2494389d1717c83f83ac7a632da0472bd6b0295b9f1fd1fc43099b1062bef744785158264f636cbf13926e7fcde7ebc1560a20961df3286df51b246ee7fe9474a8d51498bd90230bc89ea8dccb85035edd01aa93ed2f82297c3c3703990cb5201c7b92a04ea7abf9a36a488369161a9bfa42664d84860974fddbabed7eb509350917a3bbd427fe226bd1dd34275dfd3882c0a7d711641babb2e36d9637c0b33a41a3578861d75e7e93c22ee94e9594258dc186ec2d749cad6e03b767555610c200efb5f104f91be7fb2513c97f3f279da2baedf7f91ed97ae33edef2ab348dded9df075b1ca5855866843aff902b6678075cb4a3d988ffd8ed61885400d1bcf6dc38c6be9b6428d4eba30711556510eb41b5c04590f11e393317a4fc988b39ecdbe322344c5ec4ed178e1dd35182a00f3ac345bfeea9936b6a015151332962bd28c5e1dbcdd825d51c78ef6db73170d9cfd47f2ca210ce8c103d37be1c61427bd3cf1bb5bcf9888f6e1631f404ea51f9cd8e0725459f9a531af19e2b533532f0b66fb5e9614d0895d35ccda358ac482a824fe67165bdaedcda5ddd86924c4fe5f22a043f92aed7a105fb54ec323273e660c17b8ae89d1546022320711ae0cab37564fc6b394f39e0b216227fa74b76c2a020d42f167891cbaf960fc0288547f2d31dceff3787135659a65878e5df65ce0004104a665098be576ebaf3733b6ba57e40f40ac74aad7d8b41db0f55513389faa84b1ce0fafed7018bcc5a687118bfab115b7a3163fb22af534406206065acf06066a5fb65f0b928cd25838c0c1a7b06bc42e622f502e515b87426b2a184b593bf35a4d454dc56881bbda1b9350f956e086196447a5052288aa0556e638d292bfd1abad58ef5db98f92694b30c3eda5b25a44688b24eadf579616c034ef688fad705c3dc99aafda0f7bbb591fd20e0ff96e8941188b9676b833aa91ba5ab1cf7acbdf16f14c843dd3cfeedf8e7628051f361ba328496c8a05aa68997257cb505dba270e132c437bc6df39134b0807fea53ecb84714ab0d9d8cda271e15bddac37ae4e0534322d649b74c90499919b771679c7211b4df2c80864809991750f966f52d217f63e80b7142b9205576133469a0a950060cd2fa0c25554b89900ebb6a991954990adeee517e55ff3abe4f3f7c07cb735b80be674d53ccc5bef27421c7bb602c7f22dde056ae0c85086f9850fe6a7dd108fd29c7f99f3d1316da10415b2e4e029762a39369cd8738e0a840690c5e2167099a6c1d59a6cc8827630b699da0d592e01c2db8af46daa48575fc2f4eeca2c3abf26ec776906572e712c6f0c57ec39ab4e004d994a341570a6e117edc13626aeaf794266a0f3103c84ae1300e6928b749cce7a1ba4e7609ceca262324cbc503cde9c897848a015c4d7cdb02cfc0c", 0x541}], 0x1}}], 0x2, 0xc010)
shutdown(r0, 0x1)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x34000811)

6.303178458s ago: executing program 0 (id=1630):
socket$inet6(0xa, 0x11, 0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000000c80)={r3, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0xfffffffffffffffc]}})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000040000010000000000eb4d0700850000006100000095000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x11, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x0, 0x4, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x5, 0x300, 0x0, &(0x7f00000000c0), 0x5000000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000440)="b9ff033168440372b89e14f088a8", 0x0, 0xa, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = dup(r4)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc2c45512, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
write$UHID_INPUT(r6, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38)
socket$inet6_tcp(0xa, 0x1, 0x0)
keyctl$setperm(0x5, 0x0, 0x220c)
add_key$fscrypt_v1(0x0, 0x0, &(0x7f00000000c0)={0xfffffe00, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff)
r8 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f00000003c0)='\x00\xf3\\\xff\xff\x00\xd7\xd0\x0e\x99\xf4\x92(~\x83\xed\x0e\xd7\x00i\xc4\x8c\x97<\xa3]:\xa4\xc3_7\xf8\x89\x87\x8b\x16\xe1\aK\x03f\xd6b\x12\x86\b\xba&J\xf9\xb3\xdc.\xc4|h\x00!\x1e\xf25.\xc7\xe2p2\x95\xaf\xa2~\x01', &(0x7f00000002c0)='\\/\xe9\x838\x9d<\f\x91\a\xd4$\xae$\x91&6n @\xf4M\xba\xf2<\xd6A\xdb\xd7\xbeY@g\xcc\xca\n@\x06\xa3\xfe%\x02\x96\xb7b\xa7\x15R.\xa3`fd\xdc\x8b\x18rBl{\x82\xda\xbeA\x17\n\f\xcd=\'\x11\x1bZ\x8e\xa1\xc3j$v\xefw\x96/\xff\xa2\xfc\xe3\xb8\xc7\x0f\xaaQ\x98F*T\xd5\xcd4g+\xbd\xd1\xe0R\x9d\x18\x19a:\xa2\xdf\xbe\x8b\x89\x81', 0x0)

5.143411738s ago: executing program 2 (id=1631):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_int(r1, 0x84, 0x8, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x1)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)
syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x8800)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_MSRS(r6, 0xc008aec1, &(0x7f0000000f80)=ANY=[@ANYRES16])
r7 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
r8 = openat$audio(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r8, 0xc004500a, &(0x7f00000001c0)=0x9)
ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f0000000080)=0x2)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, 0xffffffffffffffff, 0x0)
write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x119)

4.660511495s ago: executing program 5 (id=1632):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = io_uring_setup(0x2471, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getpid()
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x24}}, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r4 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x1)
pwritev(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4)
sendfile(r3, r3, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r3, 0x4c02, &(0x7f0000001480)={0x0, {}, 0x0, {}, 0x49, 0xa, 0xf, 0x10, "28f5c9ea1f1ae4be4911ab18d2da69bde58cd7af40fd150b70aac11c2816bd5bba76630300000081020000dd91b59c98d54b0000000000000200ca0f86240100", "07a9310978040a8bfe1406584a128d7469166f4f07b84839e7df4af14e1df82d", [0xa, 0x7]})
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r3)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'dummy0\x00'})
msgget$private(0x0, 0x0)
msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYRESOCT=r0], 0x2000, 0x800)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.freeze\x00', 0x275a, 0x0)
lseek(r5, 0xfffffffffffffffc, 0x4)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000080)={0x9, 0x0, {0xfffffffffffffffc, 0x0, 0x8e4, 0x2, 0x7fffffff}, 0xa5f2})

3.949020538s ago: executing program 2 (id=1633):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x4, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000000000008500000029000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000800), r1)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r1)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r5)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00')
getdents(r9, &(0x7f0000000000)=""/182, 0xb6)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
r10 = fsopen(&(0x7f0000000180)='ext4\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x370, 0x0, 0x11, 0x148, 0x1d8, 0x0, 0x2d8, 0x2a8, 0x2a8, 0x2d8, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x190, 0x1d8, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0x3, 0x7}}}, @common=@unspec=@conntrack3={{0xc8}, {{@ipv4=@broadcast, [0xff, 0xff, 0x0, 0xff], @ipv6=@mcast2, [0xffffffff, 0xffffff00, 0x0, 0xffffffff], @ipv6=@dev={0xfe, 0x80, '\x00', 0x27}, [0xffffffff, 0x0, 0x0, 0xff000000], @ipv4=@multicast2, [0x0, 0x0, 0x0, 0xffffff00], 0x6, 0x6, 0x0, 0x4e23, 0x4e24, 0x4e22, 0x4e23, 0x81}, 0x0, 0x480, 0x0, 0x0, 0x0, 0x4e20}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00'}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d0)
setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000080)=0x3, 0x4)
r11 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r11, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="0207072d0200000025bd7004ffdbdf25"], 0x10}}, 0x8010)
write$6lowpan_enable(r9, &(0x7f0000000580)='1', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)={0x34, r6, 0x60b, 0x0, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x4}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x7}]}, 0x34}}, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x44, r4, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x65}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x6}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5, 0x34, 0x7}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x6}]}, 0x44}}, 0x400c041)
r12 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), r5)
sendmsg$NL802154_CMD_SET_SHORT_ADDR(r8, &(0x7f0000000500)={&(0x7f00000002c0), 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x74, r12, 0x404, 0x70bd28, 0x25dfdbff, {}, [@NL802154_ATTR_SHORT_ADDR={0x6}, @NL802154_ATTR_SHORT_ADDR={0x6}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SHORT_ADDR={0x6}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xaaa2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_SHORT_ADDR={0x6}]}, 0x74}, 0x1, 0x0, 0x0, 0xc001}, 0x4000880)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x5c, r2, 0x1, 0x70bd29, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @rand_addr=0x64010100}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010102}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, @NLBL_UNLABEL_A_SECCTX={0x24, 0x7, 'system_u:object_r:var_lock_t:s0\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x60008000}, 0x44)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x39, 0x0, &(0x7f0000000540)="e4e647c9e0b8e9a2f2a61220d816a81d6025af26f645e2966ccb1626888249684fd0707fe534be5923c8aeabb4ba8a97e93d94169958bc95f3", 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.88815909s ago: executing program 5 (id=1634):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, <r0=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280)=0xffffffffffffffff, 0x4)
bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x1e, 0xb0, 0x10001, 0xda7f, 0x200, 0xffffffffffffffff, 0x8001, '\x00', r0, r1, 0x4, 0x0, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
writev(r2, &(0x7f0000000000)=[{&(0x7f0000000640)="f483", 0x2}], 0x1)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$kcm(0xa, 0x3, 0x3a)
socket$igmp6(0xa, 0x3, 0x2)
io_submit(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

2.839301435s ago: executing program 4 (id=1635):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
ioctl$sock_ax25_SIOCADDRT(0xffffffffffffffff, 0x8915, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_clone(0x8044000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
r2 = getegid()
r3 = syz_open_procfs(r0, &(0x7f0000000000)='maps\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000b80)=[{{&(0x7f00000000c0)=@file={0x1, './file0/file0\x00'}, 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000280)="03ad50a55455a137644082d758dee90e2436736f920895034059e0b9ad05fc25a23d3c2f17e3cc0eadb3dfca89ed10378b34217a8fb8f0347059bed5653f41bf2f396fbc51a6eb8f2f78697ac93ff9d2fbf778a72d2d8f7e94e77abc2310e23b62", 0x61}, {&(0x7f0000000300)="a17ebaa616745adcf941b2fa2dcf00fd24e1114ab6ae75edc1d27b0f3beaf36663351a9f0f4125d3aa3220bcb1f1c7e0056f7a7fda280c2be76e4308df7be8c32b10462841fc9d574108f4d1be95a7476e25e3", 0x53}], 0x2, &(0x7f0000000400)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r3, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32, @ANYBLOB="000000001c0000a179a9bef7ec26870002000000", @ANYRES32=r0, @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00'], 0x50, 0x41000}}, {{&(0x7f0000000480)=@abs={0x1, 0x0, 0x4e26}, 0x6e, &(0x7f0000000880)=[{&(0x7f0000000500)="4a092330d87dde3997e8b14355d0d0812c7774ece10723b5bcdfe30062627828007dafe6bc8bbabdda10e9fb0b4b928a332a6015651e867db085558bfe9e6e41f19871cbcf7d472770644a504a8fa6ee5e2f9f67f65b28e48d28575dca978c94ac6aefc5fe979db854a2ee59fe74dfd032c0d5aff05ace0bac2ef3239018ea1e5a5cba0c27410fa5f865d92aabbe13aa98372024a471cc763f85c34e5b3d51e074970a2265", 0xa5}, {&(0x7f00000005c0)="6d0ebcebd96fa2810b2f5c357c219f0ecade9418180170da245d84a70097e4644adc28ad2f71aa372f2a4a9a865a0a5fa7abfbf251709b7f771c0505d1048558d94d4fd6e17de015dc178f00ee8ffdd2f1453ff3eef04a72571f9caa4257f0fd70dd4b691c35f58898ea86860ba203fac803ff142543196cb6d50b070a3b4572c15979c351ab5762e24858141b1ceaea0e1ff5034b83c649420c6a0916feceb1140286a94bf78d1027539c1f1b75d29dc9a7c88bd222e885d86c54d6da65ed317a", 0xc1}, {&(0x7f00000006c0)="3d84449190d10d2d012dae8185624fa239c8fdcce16a4c0ad06be987fbe09e4de1657d2960198cf37be393b59187955193268853a46b33179c4b9ef905bd1aabc9176161c3b0faab75b8ba3b7c14243145b668e334055c2b36794580201494438e06c3435534986e9a67fb197eeaec6ad2031bdd57ebdc3c62665f7ad9268624ff7c5709c280fb80ed942f969e018e4b7339bee90aaed624a835fe23b5611975e780f7c169b0b72832230b988693c1d2a6", 0xb1}, {&(0x7f0000000780)="b108e37bd6be2dab1b8138", 0xb}, {&(0x7f00000007c0)="d9df2dde8aaa9fb1116e602aefdfca46b863e747bf6c6a23122c4e0fe55a15fc6d39d1b031e28bd5aaed4b042877b9c99dd7194b83759cf9af69857aea1e5ba3a414fc4c5935ddfe1aa9115d91cc13b6ad450f40b8c9b8bceb89916e5d5aeecc5331f7417fb12856e8990c516b9dec50a76fc2d2e45b71c30b031adbd8e0e13a14e68244d32973c5302c225d1be54256ac0dccb275f84312710edd6b6e22a525869ba40ab54d850484f1ae1438255c78241da00f40", 0xb5}], 0x5, &(0x7f0000000c40)=[@rights={{0x14, 0x1, 0x1, [r8]}}, @cred={{0x1c, 0x1, 0x2, {r0, 0x0, r2}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [r7, 0xffffffffffffffff, r3, r8, r3, r7, r1, r3]}}, @cred={{0x1c, 0x1, 0x2, {r0, 0x0, r2}}}, @cred={{0x1c, 0x1, 0x2, {r0, 0x0, r2}}}, @rights={{0x14, 0x1, 0x1, [r7]}}, @rights={{0x30, 0x1, 0x1, [r7, r5, r4, r8, r1, r7, r1, r8]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, r7, r4, r5, r1, 0xffffffffffffffff, r7]}}], 0x138, 0x4}}, {{&(0x7f0000000a40)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000b40)=[{&(0x7f0000000ac0)}, {&(0x7f0000000b00)="ad8f60f6aabd8b0e586a87e73cdfd9e07726f294f6702c0da7eb", 0x1a}], 0x2, 0x0, 0x0, 0x8000800}}], 0x3, 0x804)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
recvmmsg(r8, &(0x7f0000005400), 0x0, 0x10100, &(0x7f00000055c0)={0x0, 0x989680})
r9 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSW(r9, 0x5403, &(0x7f0000000040)={0x0, 0x7fff, 0xfffffffc, 0x1, 0xc, "030d3f1b185c88867c71b7af1db9276fffffeb"})
r10 = dup(r9)
ioctl$TCSETAF(r10, 0x5408, &(0x7f0000000080)={0x4000, 0x2, 0x0, 0x80fa, 0x0, "e8540000808000"})
socket(0x10, 0x3, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
socket$kcm(0xa, 0x3, 0x3a)

2.588141604s ago: executing program 2 (id=1636):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r0, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/138, 0x8a}], 0x1}}], 0x1, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r2, r1, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace(0x10, r5)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$ptys(0xc, 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0)
readv(r6, &(0x7f00000002c0)=[{&(0x7f0000001500)=""/4110, 0x100e}], 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0)

1.589575199s ago: executing program 4 (id=1637):
ioperm(0x5, 0x8004, 0x6)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180200000004000000000000000000008500000036000000850000000700000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000100)={r2, r1, 0x25, 0x0, @val=@tracing}, 0x40)
syz_emit_ethernet(0x11dc0, &(0x7f00000025c0)=ANY=[], 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
munlockall()

1.435373751s ago: executing program 5 (id=1638):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r1, 0x0, 0x0)
r2 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000016c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001509000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000800)={0x24, &(0x7f0000000600)={0x40, 0x8, 0x9, {0x9, 0x5, "cff3f83d24e51b"}}, 0x0, 0x0, 0x0}, 0x0)
write$cgroup_freezer_state(r2, &(0x7f0000000540)='THAWED\x00', 0x7)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85512, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]})

1.209511652s ago: executing program 4 (id=1639):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000040)={0x1000000}) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_usb_connect$uac1(0x0, 0xa5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d0101400001020301090293000301c4d61313b8ba845eac3a255d0000020904000000010100000a2401000000020102132406000006000000000000020002000000000924030000000003000924050007000000000924030000030404000624050400fd0904010000010200000904010101010200000905010940000000000725010307000009040200000102000009040201010102000009058209ff0300008007250100001dff"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async, rerun: 64)
r3 = getpid() (rerun: 64)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 64)
r6 = socket$inet_smc(0x2b, 0x1, 0x0) (rerun: 64)
setsockopt$inet_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r7 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a30000000000800410073697700140033006c6f00000000000600000000000000"], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x58, &(0x7f0000000400)}, 0xffffffffffffffec)
sendmsg$nl_route_sched(r7, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)=@deltclass={0x58, 0x29, 0x200, 0x70bd29, 0x25dfdc03, {0x0, 0x0, 0x0, 0x0, {0xa, 0xfff3}, {0xffff, 0x4}, {0x3, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x2}}, @tclass_kind_options=@c_clsact={0xb}, @tclass_kind_options=@c_skbprio={0xc}, @TCA_RATE={0x6, 0x5, {0x22, 0xe}}, @tclass_kind_options=@c_clsact={0xb}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x880) (async)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
connect$inet(r6, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) (async, rerun: 32)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async, rerun: 32)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f00000000c0)='veno\x00', 0x5) (async, rerun: 32)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4) (async, rerun: 32)
ioctl$VIDIOC_SUBDEV_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000000080)={0x0, 0x1, 0x3, '\x00', &(0x7f0000000040)})
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff, 0x4}, 0x10)

690.956405ms ago: executing program 0 (id=1640):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x38, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, @LWTUNNEL_IP_OPT_ERSPAN_INDEX={0x8, 0x2, 0x190}}}}]}, 0x38}}, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r6}, 0x10)
syz_open_dev$I2C(0x0, 0x80, 0x14000)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback, 0x1}, 0x1c)
landlock_restrict_self(0xffffffffffffffff, 0x0)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000700)="6b093db1947bc296cf697e335c7aa0e9afc07b5f0c819e3522eaad2a74224b7a5bed182fec91c96271033eec5d14ede20a6d1c36c3e7a445ccb5b158ffaec30b8b846de0d5b327a6b1d322a80d00b5c08428fb6ef0d6bdfef436fd9a0027a7cce11f65f633449199149e065a48b3f6bb51b5e305aa20ec347027ace732178271cb92f3e4bdda6732a10715efe7a7eae23413207a9cd1c24ea5ad8f333bfedf8e93e880fc51fb9051917d5488a13c22f1a575b1767424074c84444b29becb98de0e479ae50c12711cc5e26973d496458de4969e51dd5aee7ae9ca5da879f96737d626b447cdf675bc4af3e1ffec688c6945d0786b8ff146cab2e441e3438f3ddd28", 0xffffff08}], 0x1}}], 0x1, 0x40081)

0s ago: executing program 2 (id=1641):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000000)=0xffffffff)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r0, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"])
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYRESOCT, @ANYRES8])
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000a80)={0x4000, 0xd, 0x0, "134600cea4dd512d97d4188cbf770637bc747721f37af54dd1dc03030096c337"})
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$ttys(0xc, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0xfe33)

kernel console output (not intermixed with test programs):

8][ T8845] vhci_hcd: connection closed
[  441.810076][   T53] vhci_hcd: stop threads
[  441.820937][   T53] vhci_hcd: release socket
[  441.838997][ T8848] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  441.843912][   T53] vhci_hcd: disconnect device
[  441.845543][ T8848] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  441.867853][ T8848] vhci_hcd vhci_hcd.0: Device attached
[  441.903097][ T8848] FAULT_INJECTION: forcing a failure.
[  441.903097][ T8848] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  441.961196][ T8853] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  441.968016][ T8853] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  441.972785][ T8848] CPU: 0 UID: 0 PID: 8848 Comm: syz.0.728 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  441.972815][ T8848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  441.972828][ T8848] Call Trace:
[  441.972837][ T8848]  <TASK>
[  441.972847][ T8848]  dump_stack_lvl+0x189/0x250
[  441.972880][ T8848]  ? __lock_acquire+0xaac/0xd20
[  441.972913][ T8848]  ? __pfx_dump_stack_lvl+0x10/0x10
[  441.972942][ T8848]  ? __pfx__printk+0x10/0x10
[  441.972974][ T8848]  ? __might_fault+0xb0/0x130
[  441.973020][ T8848]  should_fail_ex+0x414/0x560
[  441.973048][ T8848]  _copy_from_user+0x2d/0xb0
[  441.973080][ T8848]  ___sys_sendmsg+0x158/0x2a0
[  441.973113][ T8848]  ? __pfx____sys_sendmsg+0x10/0x10
[  441.973182][ T8848]  ? __fget_files+0x2a/0x420
[  441.973200][ T8848]  ? __fget_files+0x3a0/0x420
[  441.973232][ T8848]  __x64_sys_sendmsg+0x19b/0x260
[  441.973265][ T8848]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  441.973318][ T8848]  ? do_syscall_64+0xba/0x210
[  441.973351][ T8848]  do_syscall_64+0xf6/0x210
[  441.973378][ T8848]  ? clear_bhb_loop+0x60/0xb0
[  441.973404][ T8848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.973425][ T8848] RIP: 0033:0x7fcc6c98e969
[  441.973444][ T8848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  441.973464][ T8848] RSP: 002b:00007fcc6d815038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  441.973487][ T8848] RAX: ffffffffffffffda RBX: 00007fcc6cbb5fa0 RCX: 00007fcc6c98e969
[  441.973502][ T8848] RDX: 0000000020001040 RSI: 00002000000005c0 RDI: 0000000000000003
[  441.973516][ T8848] RBP: 00007fcc6d815090 R08: 0000000000000000 R09: 0000000000000000
[  441.973529][ T8848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  441.973542][ T8848] R13: 0000000000000000 R14: 00007fcc6cbb5fa0 R15: 00007ffe4d98bf88
[  441.973575][ T8848]  </TASK>
[  442.004022][ T8849] vhci_hcd: connection closed
[  442.167157][ T8853] vhci_hcd vhci_hcd.0: Device attached
[  442.227044][ T8854] vhci_hcd: connection closed
[  442.227457][   T53] vhci_hcd: stop threads
[  442.285857][ T8858] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  442.302785][   T53] vhci_hcd: release socket
[  442.317561][   T53] vhci_hcd: disconnect device
[  442.363952][ T6860] usb 33-1: new high-speed USB device number 2 using vhci_hcd
[  442.372720][ T8850] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  442.392544][   T53] vhci_hcd: stop threads
[  442.426248][   T53] vhci_hcd: release socket
[  442.446688][   T53] vhci_hcd: disconnect device
[  442.895168][ T5963] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  443.090997][ T5963] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  443.108471][ T5963] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.251173][ T8876] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.734'.
[  443.256976][ T5963] usb 4-1: config 0 descriptor??
[  444.094947][ T5963] ath6kl: Failed to submit usb control message: -71
[  444.133144][ T5963] ath6kl: unable to send the bmi data to the device: -71
[  444.173836][ T5963] ath6kl: Unable to send get target info: -71
[  444.192005][ T5963] ath6kl: Failed to init ath6kl core: -71
[  444.228346][ T5963] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  444.292048][ T5963] usb 4-1: USB disconnect, device number 26
[  444.378711][ T8880] FAULT_INJECTION: forcing a failure.
[  444.378711][ T8880] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  444.434020][ T8880] CPU: 0 UID: 0 PID: 8880 Comm: syz.4.735 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  444.434051][ T8880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  444.434064][ T8880] Call Trace:
[  444.434071][ T8880]  <TASK>
[  444.434081][ T8880]  dump_stack_lvl+0x189/0x250
[  444.434114][ T8880]  ? __pfx_dump_stack_lvl+0x10/0x10
[  444.434142][ T8880]  ? __pfx__printk+0x10/0x10
[  444.434187][ T8880]  should_fail_ex+0x414/0x560
[  444.434213][ T8880]  strncpy_from_user+0x36/0x290
[  444.434237][ T8880]  getname_flags+0xf3/0x540
[  444.434262][ T8880]  user_path_at+0x24/0x60
[  444.434287][ T8880]  do_fchownat+0x105/0x270
[  444.434311][ T8880]  ? __pfx_do_fchownat+0x10/0x10
[  444.434341][ T8880]  __x64_sys_lchown+0x85/0xa0
[  444.434363][ T8880]  do_syscall_64+0xf6/0x210
[  444.434391][ T8880]  ? clear_bhb_loop+0x60/0xb0
[  444.434416][ T8880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.434435][ T8880] RIP: 0033:0x7f4d5698e969
[  444.434465][ T8880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  444.434482][ T8880] RSP: 002b:00007f4d5776c038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e
[  444.434502][ T8880] RAX: ffffffffffffffda RBX: 00007f4d56bb5fa0 RCX: 00007f4d5698e969
[  444.434528][ T8880] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  444.434540][ T8880] RBP: 00007f4d5776c090 R08: 0000000000000000 R09: 0000000000000000
[  444.434552][ T8880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  444.434564][ T8880] R13: 0000000000000000 R14: 00007f4d56bb5fa0 R15: 00007ffc5eb58318
[  444.434604][ T8880]  </TASK>
[  444.600379][    C0] vkms_vblank_simulate: vblank timer overrun
[  445.064106][ T8889] 9pnet_fd: Insufficient options for proto=fd
[  447.527486][ T6860] vhci_hcd: vhci_device speed not set
[  450.029506][ T1335] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.496594][ T1335] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.648622][ T1335] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.760016][ T8929] netlink: 4 bytes leftover after parsing attributes in process `syz.4.753'.
[  451.985180][ T8937] fuse: Unknown parameter '÷d'
[  452.421828][ T8940] 9pnet_fd: Insufficient options for proto=fd
[  452.438572][ T1335] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.209676][ T8955] netlink: 'syz.5.755': attribute type 10 has an invalid length.
[  454.218890][ T8955] netlink: 40 bytes leftover after parsing attributes in process `syz.5.755'.
[  454.791537][ T8961] netlink: 12 bytes leftover after parsing attributes in process `syz.4.758'.
[  455.372186][ T8970] loop6: detected capacity change from 0 to 64
[  456.166784][ T1335] bridge_slave_1: left allmulticast mode
[  456.186765][ T5822] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  456.276509][ T1335] bridge_slave_1: left promiscuous mode
[  456.282505][ T1335] bridge0: port 2(bridge_slave_1) entered disabled state
[  456.332755][ T5822] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  456.341863][ T5822] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  456.351575][ T5822] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  456.359640][ T5822] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  457.103600][ T1335] bridge_slave_0: left allmulticast mode
[  457.141017][ T1335] bridge_slave_0: left promiscuous mode
[  457.165217][ T1335] bridge0: port 1(bridge_slave_0) entered disabled state
[  457.346620][ T8988] fuse: Unknown parameter '÷d'
[  458.403886][ T5822] Bluetooth: hci4: command tx timeout
[  458.875667][ T1335] team0: Port device geneve0 removed
[  459.041874][ T9002] netlink: 4 bytes leftover after parsing attributes in process `syz.5.767'.
[  459.087356][ T9004] 9pnet_fd: Insufficient options for proto=fd
[  459.732211][ T1335] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  459.756032][ T1335] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  459.777594][ T1335] bond0 (unregistering): Released all slaves
[  460.594438][ T5822] Bluetooth: hci4: command tx timeout
[  461.288236][ T9021] netlink: 'syz.5.773': attribute type 10 has an invalid length.
[  461.651602][ T9028] input: syz1 as /devices/virtual/input/input35
[  461.670889][ T9028] netlink: 40 bytes leftover after parsing attributes in process `syz.0.774'.
[  461.758339][ T9029] program syz.0.774 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  462.758235][ T5822] Bluetooth: hci4: command tx timeout
[  464.826091][ T5822] Bluetooth: hci4: command tx timeout
[  465.312217][ T8975] chnl_net:caif_netlink_parms(): no params data found
[  466.550704][ T9044] fuse: Unknown parameter '÷d'
[  466.566783][ T9046] netlink: 16 bytes leftover after parsing attributes in process `syz.4.779'.
[  466.620993][ T9046] netlink: 8 bytes leftover after parsing attributes in process `syz.4.779'.
[  466.754284][ T9051] FAULT_INJECTION: forcing a failure.
[  466.754284][ T9051] name failslab, interval 1, probability 0, space 0, times 0
[  466.884922][ T9056] 9pnet_fd: Insufficient options for proto=fd
[  466.972051][ T9051] CPU: 0 UID: 0 PID: 9051 Comm: syz.0.781 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  466.972083][ T9051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  466.972097][ T9051] Call Trace:
[  466.972105][ T9051]  <TASK>
[  466.972114][ T9051]  dump_stack_lvl+0x189/0x250
[  466.972168][ T9051]  ? __pfx_dump_stack_lvl+0x10/0x10
[  466.972197][ T9051]  ? __pfx__printk+0x10/0x10
[  466.972235][ T9051]  ? __pfx___might_resched+0x10/0x10
[  466.972265][ T9051]  ? fs_reclaim_acquire+0x7d/0x100
[  466.972293][ T9051]  should_fail_ex+0x414/0x560
[  466.972320][ T9051]  should_failslab+0xa8/0x100
[  466.972341][ T9051]  __kmalloc_noprof+0xcb/0x4f0
[  466.972370][ T9051]  ? kfree+0x4d/0x440
[  466.972395][ T9051]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  466.972428][ T9051]  tomoyo_realpath_from_path+0xe3/0x5d0
[  466.972459][ T9051]  ? tomoyo_domain+0xda/0x130
[  466.972506][ T9051]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  466.972529][ T9051]  tomoyo_path_number_perm+0x1e8/0x5a0
[  466.972555][ T9051]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  466.972597][ T9051]  ? __lock_acquire+0xaac/0xd20
[  466.972645][ T9051]  ? __fget_files+0x2a/0x420
[  466.972669][ T9051]  ? __fget_files+0x3a0/0x420
[  466.972686][ T9051]  ? __fget_files+0x2a/0x420
[  466.972709][ T9051]  security_file_ioctl+0xcb/0x2d0
[  466.972736][ T9051]  __se_sys_ioctl+0x47/0x170
[  466.972765][ T9051]  do_syscall_64+0xf6/0x210
[  466.972794][ T9051]  ? clear_bhb_loop+0x60/0xb0
[  466.972819][ T9051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.972839][ T9051] RIP: 0033:0x7fcc6c98e969
[  466.972857][ T9051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.972875][ T9051] RSP: 002b:00007fcc6d7f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  466.972897][ T9051] RAX: ffffffffffffffda RBX: 00007fcc6cbb6080 RCX: 00007fcc6c98e969
[  466.972912][ T9051] RDX: 0000200000000200 RSI: 000000004008af24 RDI: 0000000000000003
[  466.972925][ T9051] RBP: 00007fcc6d7f4090 R08: 0000000000000000 R09: 0000000000000000
[  466.972938][ T9051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  466.972950][ T9051] R13: 0000000000000000 R14: 00007fcc6cbb6080 R15: 00007ffe4d98bf88
[  466.972980][ T9051]  </TASK>
[  467.372296][ T9051] ERROR: Out of memory at tomoyo_realpath_from_path.
[  468.402857][ T9073] input: syz1 as /devices/virtual/input/input36
[  468.418611][ T9073] netlink: 40 bytes leftover after parsing attributes in process `syz.0.785'.
[  469.049384][ T9076] program syz.0.785 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  469.630192][ T8975] bridge0: port 1(bridge_slave_0) entered blocking state
[  469.658202][ T8975] bridge0: port 1(bridge_slave_0) entered disabled state
[  469.695009][ T8975] bridge_slave_0: entered allmulticast mode
[  469.717980][ T8975] bridge_slave_0: entered promiscuous mode
[  469.942691][ T1335] hsr_slave_0: left promiscuous mode
[  470.548278][ T1335] hsr_slave_1: left promiscuous mode
[  470.558429][ T1335] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  470.686817][ T1335] batman_adv: batadv0: Removing interface: batadv_slave_0
[  470.695959][ T5880] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  470.711232][ T1335] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  470.755891][ T1335] batman_adv: batadv0: Removing interface: batadv_slave_1
[  470.990403][ T5880] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  471.008545][ T5880] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.057466][ T1335] veth1_macvtap: left promiscuous mode
[  471.098209][ T1335] veth0_macvtap: left promiscuous mode
[  471.109394][ T5880] usb 6-1: Product: syz
[  471.117658][ T5880] usb 6-1: Manufacturer: syz
[  471.122406][ T5880] usb 6-1: SerialNumber: syz
[  471.161507][ T1335] veth1_vlan: left promiscuous mode
[  471.206736][ T1335] veth0_vlan: left promiscuous mode
[  471.236819][ T5880] usb 6-1: config 0 descriptor??
[  471.809227][ T5880] usb 6-1: Firmware: major: 60, minor: 54, hardware type: ATUSB (1)
[  472.892715][ T5880] usb 6-1: failed to fetch extended address, random address set
[  473.295869][ T1335] team0 (unregistering): Port device team_slave_1 removed
[  473.440304][ T1335] team0 (unregistering): Port device team_slave_0 removed
[  475.660924][ T8975] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.693932][ T8975] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.701187][ T8975] bridge_slave_1: entered allmulticast mode
[  475.744049][ T8975] bridge_slave_1: entered promiscuous mode
[  475.795181][ T9092] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  475.824431][ T9092] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  475.833236][ T9092] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  475.883851][ T9092] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  475.914222][ T9092] geneve3: entered promiscuous mode
[  475.919449][ T9092] geneve3: entered allmulticast mode
[  476.182884][ T5880] usb 6-1: USB disconnect, device number 15
[  476.236532][ T9125] input: syz1 as /devices/virtual/input/input37
[  476.256982][ T9125] netlink: 40 bytes leftover after parsing attributes in process `syz.0.799'.
[  476.347451][ T9126] program syz.0.799 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  476.899972][ T9131] fuse: Unknown parameter '÷d'
[  477.061290][ T8975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  477.148263][ T8975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  477.966702][ T9142] xt_CT: You must specify a L4 protocol and not use inversions on it
[  478.001625][ T8975] team0: Port device team_slave_0 added
[  478.062993][ T1335] IPVS: stop unused estimator thread 0...
[  478.118137][ T8975] team0: Port device team_slave_1 added
[  480.814489][ T6860] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  481.224860][ T8975] batman_adv: batadv0: Adding interface: batadv_slave_0
[  481.231859][ T8975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.336718][ T8975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  481.385737][ T6860] usb 5-1: Using ep0 maxpacket: 32
[  481.488142][ T6860] usb 5-1: device descriptor read/all, error -71
[  481.674408][ T8975] batman_adv: batadv0: Adding interface: batadv_slave_1
[  481.713938][ T8975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.813840][ T8975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  481.833781][ T5877] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  481.907960][ T9173] nbd: must specify a size in bytes for the device
[  481.948069][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  481.948088][   T30] audit: type=1326 audit(1748101242.117:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9172 comm="syz.0.813" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcc6c98e969 code=0x0
[  482.013819][ T5877] usb 6-1: Using ep0 maxpacket: 32
[  482.041175][ T5877] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[  482.065674][ T5877] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  482.099454][ T5877] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  482.105196][ T9177] nbd: must specify a size in bytes for the device
[  482.124083][ T5877] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[  482.143275][   T30] audit: type=1326 audit(1748101242.307:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9176 comm="syz.4.814" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4d5698e969 code=0x0
[  482.153492][ T5877] usb 6-1: config 1 has no interface number 0
[  482.198275][ T9178] FAULT_INJECTION: forcing a failure.
[  482.198275][ T9178] name failslab, interval 1, probability 0, space 0, times 0
[  482.198960][ T8975] hsr_slave_0: entered promiscuous mode
[  482.211300][ T9178] CPU: 1 UID: 0 PID: 9178 Comm: syz.4.814 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  482.211329][ T9178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  482.211344][ T9178] Call Trace:
[  482.211352][ T9178]  <TASK>
[  482.211362][ T9178]  dump_stack_lvl+0x189/0x250
[  482.211401][ T9178]  ? __pfx_dump_stack_lvl+0x10/0x10
[  482.211431][ T9178]  ? __pfx__printk+0x10/0x10
[  482.211470][ T9178]  ? __pfx___might_resched+0x10/0x10
[  482.211502][ T9178]  ? fs_reclaim_acquire+0x7d/0x100
[  482.211532][ T9178]  should_fail_ex+0x414/0x560
[  482.211561][ T9178]  should_failslab+0xa8/0x100
[  482.211583][ T9178]  kmem_cache_alloc_noprof+0x73/0x3c0
[  482.211615][ T9178]  ? create_new_namespaces+0x34/0x700
[  482.211651][ T9178]  create_new_namespaces+0x34/0x700
[  482.211685][ T9178]  ? bpf_lsm_capable+0x9/0x20
[  482.211714][ T9178]  ? security_capable+0x7e/0x2e0
[  482.211752][ T9178]  unshare_nsproxy_namespaces+0x11c/0x170
[  482.211788][ T9178]  ksys_unshare+0x4c8/0x8c0
[  482.211820][ T9178]  ? __pfx_ksys_unshare+0x10/0x10
[  482.211841][ T9178]  ? ksys_write+0x1e1/0x250
[  482.211878][ T9178]  ? rcu_is_watching+0x15/0xb0
[  482.211925][ T9178]  __x64_sys_unshare+0x38/0x50
[  482.211949][ T9178]  do_syscall_64+0xf6/0x210
[  482.211979][ T9178]  ? clear_bhb_loop+0x60/0xb0
[  482.212006][ T9178]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.212026][ T9178] RIP: 0033:0x7f4d5698e969
[  482.212045][ T9178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  482.212064][ T9178] RSP: 002b:00007f4d5774b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  482.212087][ T9178] RAX: ffffffffffffffda RBX: 00007f4d56bb6080 RCX: 00007f4d5698e969
[  482.212137][ T9178] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000080
[  482.212151][ T9178] RBP: 00007f4d5774b090 R08: 0000000000000000 R09: 0000000000000000
[  482.212164][ T9178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  482.212176][ T9178] R13: 0000000000000000 R14: 00007f4d56bb6080 R15: 00007ffc5eb58318
[  482.212210][ T9178]  </TASK>
[  482.433805][ T5877] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  482.442886][ T5877] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.548463][ T5877] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[  482.976514][ T8975] hsr_slave_1: entered promiscuous mode
[  482.983101][ T8975] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  483.003750][ T8975] Cannot create hsr debugfs directory
[  483.159841][ T5877] snd_usb_pod 6-1:1.1: set_interface failed
[  483.166377][ T5877] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[  483.184747][ T5877] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -71
[  483.221508][ T5877] usb 6-1: USB disconnect, device number 16
[  483.764446][ T9194] xt_CT: You must specify a L4 protocol and not use inversions on it
[  484.003906][ T9199] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.820'.
[  484.453046][ T9194] block device autoloading is deprecated and will be removed.
[  484.481198][ T9194] syz.4.819: attempt to access beyond end of device
[  484.481198][ T9194] loop9: rw=4096, sector=2, nr_sectors = 2 limit=0
[  484.554995][ T9194] EXT4-fs (loop9): unable to read superblock
[  484.915094][ T8975] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  484.970486][ T8975] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  485.047338][ T8975] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  485.115799][ T8975] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  485.987948][ T8975] 8021q: adding VLAN 0 to HW filter on device bond0
[  486.053150][ T8975] 8021q: adding VLAN 0 to HW filter on device team0
[  486.106638][ T6020] bridge0: port 1(bridge_slave_0) entered blocking state
[  486.113911][ T6020] bridge0: port 1(bridge_slave_0) entered forwarding state
[  486.193820][ T6021] bridge0: port 2(bridge_slave_1) entered blocking state
[  486.201080][ T6021] bridge0: port 2(bridge_slave_1) entered forwarding state
[  487.119435][   T30] audit: type=1326 audit(1748101247.287:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9229 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3c38e969 code=0x7ffc0000
[  487.184558][ T9230] netlink: 12 bytes leftover after parsing attributes in process `syz.2.829'.
[  487.262348][   T30] audit: type=1326 audit(1748101247.287:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9229 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3c38e969 code=0x7ffc0000
[  487.338114][   T30] audit: type=1326 audit(1748101247.337:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9229 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f6a3c38e969 code=0x7ffc0000
[  487.396615][ T9234] fuse: Unknown parameter '÷d'
[  487.429624][   T30] audit: type=1326 audit(1748101247.337:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9229 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3c38e969 code=0x7ffc0000
[  487.510410][   T30] audit: type=1326 audit(1748101247.337:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9229 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3c38e969 code=0x7ffc0000
[  487.603118][   T30] audit: type=1326 audit(1748101247.337:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9229 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f6a3c38e969 code=0x7ffc0000
[  487.708052][   T30] audit: type=1326 audit(1748101247.337:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9229 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3c38e969 code=0x7ffc0000
[  487.806922][   T30] audit: type=1326 audit(1748101247.347:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9229 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f6a3c38e969 code=0x7ffc0000
[  487.904564][   T30] audit: type=1326 audit(1748101247.347:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9229 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a3c38e969 code=0x7ffc0000
[  488.008819][   T30] audit: type=1326 audit(1748101247.347:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9229 comm="syz.2.829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f6a3c38e969 code=0x7ffc0000
[  489.137101][ T8975] 8021q: adding VLAN 0 to HW filter on device batadv0
[  490.277368][ T9269] binder: 9236:9269 ioctl 40305828 200000000240 returned -22
[  491.059071][ T9276] x_tables: duplicate underflow at hook 1
[  491.767619][ T9278] netlink: 'syz.5.840': attribute type 3 has an invalid length.
[  491.867488][   T24] Process accounting resumed
[  491.883097][ T9268] netlink: 'syz.0.838': attribute type 10 has an invalid length.
[  491.890956][ T9268] netlink: 40 bytes leftover after parsing attributes in process `syz.0.838'.
[  492.953799][ T9293] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  493.253128][ T8975] veth0_vlan: entered promiscuous mode
[  493.407062][ T8975] veth1_vlan: entered promiscuous mode
[  494.606683][ T8975] veth0_macvtap: entered promiscuous mode
[  494.918467][ T8975] veth1_macvtap: entered promiscuous mode
[  496.929564][ T8975] batman_adv: batadv0: Interface activated: batadv_slave_0
[  497.119270][ T8975] batman_adv: batadv0: Interface activated: batadv_slave_1
[  497.684436][ T8975] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  497.721365][ T8975] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  497.751206][ T8975] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  497.781002][ T8975] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  497.950352][ T9327] binder: 9325:9327 ioctl c0306201 200000000140 returned -14
[  498.919100][ T5963] Process accounting resumed
[  499.397314][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.405320][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  500.000869][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  500.173773][ T9335] netlink: 'syz.0.853': attribute type 10 has an invalid length.
[  500.181519][ T9335] netlink: 40 bytes leftover after parsing attributes in process `syz.0.853'.
[  500.213764][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  501.761298][ T9354] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.857'.
[  502.244650][ T9357] Option 'Í'M•O§±' to dns_resolver key: bad/missing value
[  504.775232][ T5878] Process accounting resumed
[  507.576068][ T9410] netlink: 8 bytes leftover after parsing attributes in process `syz.4.873'.
[  509.703892][ T9437] xt_CT: You must specify a L4 protocol and not use inversions on it
[  509.765494][ T9437] syz.5.881: attempt to access beyond end of device
[  509.765494][ T9437] loop11: rw=4096, sector=2, nr_sectors = 2 limit=0
[  509.788304][ T9439] input: syz0 as /devices/virtual/input/input40
[  509.814192][ T9437] EXT4-fs (loop11): unable to read superblock
[  510.822773][ T9452] netlink: 16 bytes leftover after parsing attributes in process `syz.0.884'.
[  511.457065][ T5878] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  512.404185][ T5878] usb 6-1: Using ep0 maxpacket: 16
[  512.442795][ T5878] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  512.502222][ T5878] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  512.511359][ T9467] 9pnet_fd: Insufficient options for proto=fd
[  513.039002][ T9467] netlink: 'syz.2.887': attribute type 10 has an invalid length.
[  513.047311][ T9467] netlink: 40 bytes leftover after parsing attributes in process `syz.2.887'.
[  513.083819][ T5878] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 1794, setting to 1024
[  513.140608][ T5878] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1024
[  513.169502][ T9471] fuse: Unknown parameter '÷d'
[  513.181701][ T5878] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  513.242303][ T5878] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  513.343842][ T5878] usb 6-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  513.491787][ T5878] usb 6-1: New USB device found, idVendor=104f, idProduct=0004, bcdDevice=c6.c3
[  513.543814][ T5878] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.703738][ T5878] usb 6-1: Product: syz
[  513.708047][ T5878] usb 6-1: Manufacturer: syz
[  513.712668][ T5878] usb 6-1: SerialNumber: syz
[  513.769419][ T5878] usb 6-1: config 0 descriptor??
[  513.804250][ T9454] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  514.106292][ T5878] usb 6-1: can't set config #0, error -71
[  514.176327][ T5878] usb 6-1: USB disconnect, device number 17
[  514.435534][ T9489] overlayfs: failed to clone upperpath
[  514.481460][ T9492] netlink: 16 bytes leftover after parsing attributes in process `syz.4.899'.
[  514.497813][ T9493] overlayfs: failed to clone lowerpath
[  514.847808][ T9496] bridge_slave_0: left allmulticast mode
[  514.870037][ T9501] binder: 9500:9501 ioctl c0306201 200000000140 returned -14
[  514.967363][ T9496] bridge_slave_0: left promiscuous mode
[  515.051709][ T9496] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.342460][ T9496] bridge_slave_1: left allmulticast mode
[  515.586170][ T9496] bridge_slave_1: left promiscuous mode
[  515.711771][ T9508] netlink: 'syz.5.900': attribute type 10 has an invalid length.
[  515.719820][ T9508] netlink: 40 bytes leftover after parsing attributes in process `syz.5.900'.
[  515.797685][ T9496] bridge0: port 2(bridge_slave_1) entered disabled state
[  516.586821][ T9496] bond0: (slave bond_slave_0): Releasing backup interface
[  516.714590][ T9496] bond0: (slave bond_slave_1): Releasing backup interface
[  516.917849][ T9519] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  516.926294][ T9496] team0: Port device team_slave_0 removed
[  517.059578][ T9496] team0: Port device team_slave_1 removed
[  517.159154][ T9496] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  517.374030][ T9496] batman_adv: batadv0: Removing interface: batadv_slave_0
[  517.401957][ T9496] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  517.500446][ T9496] batman_adv: batadv0: Removing interface: batadv_slave_1
[  518.551337][ T9533] tipc: Started in network mode
[  518.556557][ T9533] tipc: Node identity ac14140f, cluster identity 4711
[  518.564685][ T9533] tipc: New replicast peer: 255.255.255.255
[  518.573550][ T9533] tipc: Enabled bearer <udp:syz2>, priority 10
[  519.578871][ T5880] tipc: Node number set to 2886997007
[  519.723822][ T5880] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  519.832411][ T9547] netlink: 16 bytes leftover after parsing attributes in process `syz.2.913'.
[  519.893809][ T5880] usb 1-1: Using ep0 maxpacket: 8
[  519.908154][ T5880] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  519.918581][ T5880] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  519.945632][ T5880] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  519.966492][ T5880] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  519.990986][ T5880] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  520.004905][ T5879] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  520.031559][ T5880] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  520.067781][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  520.175967][ T5879] usb 6-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  520.197781][ T5879] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  520.245774][ T5879] usb 6-1: config 0 descriptor??
[  520.270534][ T5879] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  520.306694][ T9541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  520.329660][ T9541] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  520.425551][ T9552] netlink: 12 bytes leftover after parsing attributes in process `syz.0.910'.
[  520.767500][ T5880] usb 1-1: usb_control_msg returned -71
[  520.793596][ T5880] usbtmc 1-1:16.0: can't read capabilities
[  520.867513][ T5880] usb 1-1: USB disconnect, device number 35
[  521.081829][ T9545] netlink: 20 bytes leftover after parsing attributes in process `syz.5.912'.
[  521.110145][ T9545] netlink: 12 bytes leftover after parsing attributes in process `syz.5.912'.
[  521.231587][ T5879] gspca_stv06xx: I2C: Read error writing address: -71
[  521.257069][ T5879] usb 6-1: USB disconnect, device number 18
[  523.718192][ T9578] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  524.491630][ T9596] netlink: 76 bytes leftover after parsing attributes in process `syz.6.926'.
[  524.745173][ T9601] netlink: 16 bytes leftover after parsing attributes in process `syz.5.927'.
[  524.760665][ T9596] gre0: entered allmulticast mode
[  526.068028][ T6860] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  526.263805][ T6860] usb 5-1: Using ep0 maxpacket: 8
[  526.443848][ T6860] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  526.531911][ T6860] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  526.743392][ T6860] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  526.763586][ T6860] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  526.792270][ T6860] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  526.869615][ T6860] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  526.907509][ T6860] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  526.912365][ T9629] overlayfs: failed to clone upperpath
[  527.195579][ T9613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  527.924500][ T9613] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  527.927714][ T9637] tipc: Started in network mode
[  527.939572][ T9637] tipc: Node identity ac14140f, cluster identity 4711
[  527.946628][ T9637] tipc: New replicast peer: 255.255.255.255
[  527.953219][ T9637] tipc: Enabled bearer <udp:syz2>, priority 10
[  528.161947][ T9640] netlink: 12 bytes leftover after parsing attributes in process `syz.4.929'.
[  528.243790][ T5880] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  528.305020][ T9640] bridge_slave_1: left allmulticast mode
[  528.305048][ T9640] bridge_slave_1: left promiscuous mode
[  528.305280][ T9640] bridge0: port 2(bridge_slave_1) entered disabled state
[  528.395000][ T9645] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  528.403877][ T5880] usb 1-1: Using ep0 maxpacket: 16
[  528.414008][ T5880] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  528.414063][ T5880] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  528.420032][ T5880] usb 1-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  528.420063][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  528.420082][ T5880] usb 1-1: Product: syz
[  528.420099][ T5880] usb 1-1: Manufacturer: syz
[  528.420109][ T5880] usb 1-1: SerialNumber: syz
[  528.427002][ T5880] usb 1-1: config 0 descriptor??
[  528.450732][ T5880] appledisplay 1-1:0.0: Could not find int-in endpoint
[  528.454492][ T5880] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  528.489890][ T9640] bridge_slave_0: left allmulticast mode
[  528.489920][ T9640] bridge_slave_0: left promiscuous mode
[  528.490148][ T9640] bridge0: port 1(bridge_slave_0) entered disabled state
[  528.638998][ T5878] usb 1-1: USB disconnect, device number 36
[  529.086390][ T9653] netlink: 76 bytes leftover after parsing attributes in process `syz.6.940'.
[  529.089029][ T5880] tipc: Node number set to 2886997007
[  529.393606][ T9613] tty tty29: ldisc open failed (-12), clearing slot 28
[  529.470218][ T9655] netlink: 16 bytes leftover after parsing attributes in process `syz.0.941'.
[  529.651705][ T6860] usb 5-1: usb_control_msg returned -71
[  529.682216][ T6860] usbtmc 5-1:16.0: can't read capabilities
[  529.749474][ T6860] usb 5-1: USB disconnect, device number 19
[  529.939042][ T9664] loop7: detected capacity change from 0 to 16384
[  531.218919][ T9665] loop7: detected capacity change from 16384 to 16383
[  531.781081][ T9682] input: syz0 as /devices/virtual/input/input43
[  533.113141][ T9697] support for cryptoloop has been removed.  Use dm-crypt instead.
[  533.389856][ T9706] netlink: 16 bytes leftover after parsing attributes in process `syz.6.957'.
[  533.403893][ T6860] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  533.583904][ T6860] usb 1-1: Using ep0 maxpacket: 8
[  533.593113][ T6860] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  533.618236][ T6860] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  533.667638][ T6860] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  533.727937][ T6860] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  533.757063][ T6860] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  533.816444][ T6860] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  533.904626][ T6860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.373818][ T9699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  534.385654][ T9699] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  534.492225][ T9717] netlink: 12 bytes leftover after parsing attributes in process `syz.0.954'.
[  534.561681][ T9719] netlink: 'syz.4.961': attribute type 1 has an invalid length.
[  534.611011][ T9719] netlink: 232 bytes leftover after parsing attributes in process `syz.4.961'.
[  534.745341][ T9726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  534.811772][ T9726] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  535.027502][ T1214] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  535.183888][ T1214] usb 5-1: device descriptor read/64, error -71
[  535.224612][ T6860] usb 1-1: usb_control_msg returned -71
[  535.230496][ T6860] usbtmc 1-1:16.0: can't read capabilities
[  535.286537][ T6860] usb 1-1: USB disconnect, device number 37
[  535.565012][ T1214] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  536.114528][ T1214] usb 5-1: device descriptor read/64, error -71
[  536.226407][ T9740] input: syz0 as /devices/virtual/input/input44
[  536.238402][ T1214] usb usb5-port1: attempt power cycle
[  536.743791][ T5877] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  536.852360][ T1214] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  536.920584][ T1214] usb 5-1: device descriptor read/8, error -71
[  536.934182][ T5877] usb 7-1: Using ep0 maxpacket: 8
[  536.946319][ T5877] usb 7-1: config 0 has an invalid interface number: 52 but max is 0
[  536.962631][ T5877] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  537.003378][ T5877] usb 7-1: config 0 has no interface number 0
[  537.036848][ T5877] usb 7-1: config 0 interface 52 has no altsetting 0
[  537.085316][ T5877] usb 7-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  537.162426][ T5877] usb 7-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[  537.260330][ T9751] input: syz1 as /devices/virtual/input/input45
[  537.298988][ T9751] netlink: 40 bytes leftover after parsing attributes in process `syz.5.969'.
[  537.391576][ T9752] program syz.5.969 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  537.801033][ T1214] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  537.833932][ T5877] usb 7-1: Manufacturer: syz
[  537.869431][ T5877] usb 7-1: config 0 descriptor??
[  538.060483][ T1214] usb 5-1: device descriptor read/8, error -71
[  538.123975][ T5877] usb 7-1: Can not set alternate setting to 1, error: -71
[  538.161820][ T5877] synaptics_usb 7-1:0.52: probe with driver synaptics_usb failed with error -71
[  538.204171][ T1214] usb usb5-port1: unable to enumerate USB device
[  538.216910][ T5877] usb 7-1: USB disconnect, device number 2
[  538.238297][ T9758] openvswitch: netlink: Flow actions attr not present in new flow.
[  540.954803][ T9785] trusted_key: encrypted_key: insufficient parameters specified
[  542.297389][ T9780] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.977'.
[  544.944076][ T9800] fuse: Unknown parameter '÷d'
[  546.144409][ T9821] netlink: 'syz.0.987': attribute type 10 has an invalid length.
[  546.384520][ T9816] netlink: 4 bytes leftover after parsing attributes in process `syz.6.986'.
[  548.176912][ T9839] netlink: 'syz.6.991': attribute type 10 has an invalid length.
[  548.185090][ T9839] netlink: 40 bytes leftover after parsing attributes in process `syz.6.991'.
[  548.668099][ T9839] team0: Port device geneve0 added
[  548.853195][ T5821] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  549.693791][ T5821] usb 5-1: Using ep0 maxpacket: 32
[  549.701135][ T5821] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  549.710038][ T5821] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  549.735013][ T5821] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  549.759092][ T5821] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  549.793856][ T5821] usb 5-1: config 1 has no interface number 0
[  549.820498][ T5821] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  549.850006][ T5821] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  549.944154][ T5821] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  550.137251][ T5821] snd_usb_pod 5-1:1.1: set_interface failed
[  550.168035][ T5821] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  550.207159][ T5821] snd_usb_pod 5-1:1.1: probe with driver snd_usb_pod failed with error -71
[  550.292523][ T5821] usb 5-1: USB disconnect, device number 24
[  550.465552][ T9865] xt_CT: You must specify a L4 protocol and not use inversions on it
[  550.517740][ T9865] syz.6.998: attempt to access beyond end of device
[  550.517740][ T9865] loop13: rw=4096, sector=2, nr_sectors = 2 limit=0
[  550.553891][ T9865] EXT4-fs (loop13): unable to read superblock
[  552.112687][ T9881] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1002'.
[  553.006353][ T9901] FAT-fs (nullb0): bogus number of reserved sectors
[  553.013322][ T9901] FAT-fs (nullb0): Can't find a valid FAT filesystem
[  555.067082][ T5877] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[  555.305990][ T5877] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  555.344206][ T5877] usb 6-1: config 0 has no interface number 0
[  555.357822][ T5877] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  555.391176][ T5877] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  555.447079][ T5877] usb 6-1: config 0 descriptor??
[  555.481491][ T5877] usb 6-1: selecting invalid altsetting 1
[  555.518376][ T5877] dvb_ttusb_budget: ttusb_init_controller: error
[  555.546993][ T5877] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  555.790252][ T5877] DVB: Unable to find symbol cx22700_attach()
[  555.970060][ T5877] DVB: Unable to find symbol tda10046_attach()
[  555.995574][ T5877] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  556.910873][ T5877] usb 6-1: USB disconnect, device number 19
[  557.164099][ T9957] fuse: Unknown parameter '÷d'
[  557.843005][ T9972] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4278124544 (8556249088 ns) > initial count (184 ns). Using initial count to start timer.
[  557.925163][ T9972] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1024'.
[  559.291441][T10003] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  559.423802][ T9997] binder: 9996:9997 ioctl c0306201 200000000140 returned -14
[  562.887857][T10042] xt_CT: You must specify a L4 protocol and not use inversions on it
[  563.530793][T10042] syz.6.1040: attempt to access beyond end of device
[  563.530793][T10042] loop13: rw=4096, sector=2, nr_sectors = 2 limit=0
[  563.587299][T10042] EXT4-fs (loop13): unable to read superblock
[  564.569528][T10071] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1049'.
[  564.637678][T10071] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1049'.
[  564.703403][T10078] IPVS: length: 32 != 24
[  566.084240][T10095] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  566.291557][T10097] Driver unsupported XDP return value 0 on prog  (id 209) dev N/A, expect packet loss!
[  567.540761][T10108] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  567.936288][T10106] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1057'.
[  568.619786][T10129] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1064'.
[  571.945238][T10165] netlink: 16186 bytes leftover after parsing attributes in process `syz.5.1071'.
[  573.350216][T10171] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1074'.
[  573.975710][ T5877] Process accounting resumed
[  574.879133][T10197] binder: 10195:10197 ioctl c0306201 200000000140 returned -14
[  575.248915][T10208] 9pnet_fd: Insufficient options for proto=fd
[  579.233243][T10227] xt_CT: You must specify a L4 protocol and not use inversions on it
[  579.329056][T10227] syz.5.1090: attempt to access beyond end of device
[  579.329056][T10227] loop11: rw=4096, sector=2, nr_sectors = 2 limit=0
[  579.387861][T10227] EXT4-fs (loop11): unable to read superblock
[  580.267135][ T5821] Process accounting resumed
[  580.323789][T10223] Bluetooth: hci4: command 0x0406 tx timeout
[  582.407366][ T5822] Bluetooth: hci4: command 0x0406 tx timeout
[  583.087203][T10272] netlink: 16186 bytes leftover after parsing attributes in process `syz.6.1102'.
[  584.900979][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  584.900995][   T30] audit: type=1326 audit(1748101345.067:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10290 comm="syz.6.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff76798e969 code=0x7ffc0000
[  584.996405][   T30] audit: type=1326 audit(1748101345.097:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10290 comm="syz.6.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff76798e969 code=0x7ffc0000
[  585.046308][T10292] binder: 10288:10292 ioctl c0306201 200000000140 returned -14
[  585.135277][   T30] audit: type=1326 audit(1748101345.117:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10290 comm="syz.6.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7ff76798e969 code=0x7ffc0000
[  585.223800][ T6860] usb 7-1: new low-speed USB device number 3 using dummy_hcd
[  585.246300][   T30] audit: type=1326 audit(1748101345.117:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10290 comm="syz.6.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff76798e969 code=0x7ffc0000
[  585.329458][   T30] audit: type=1326 audit(1748101345.117:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10290 comm="syz.6.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff76798e969 code=0x7ffc0000
[  585.373959][ T6860] usb 7-1: device descriptor read/64, error -71
[  585.683899][ T6860] usb 7-1: new low-speed USB device number 4 using dummy_hcd
[  585.870786][   T30] audit: type=1326 audit(1748101345.117:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10290 comm="syz.6.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff76798d2d0 code=0x7ffc0000
[  585.997472][ T6860] usb 7-1: device descriptor read/64, error -71
[  586.007811][   T30] audit: type=1326 audit(1748101345.117:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10290 comm="syz.6.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff76798e56b code=0x7ffc0000
[  586.030381][T10306] syz.5.1112: attempt to access beyond end of device
[  586.030381][T10306] loop11: rw=4096, sector=2, nr_sectors = 2 limit=0
[  586.031068][T10303] xt_CT: You must specify a L4 protocol and not use inversions on it
[  586.058537][T10306] EXT4-fs (loop11): unable to read superblock
[  586.114314][ T6860] usb usb7-port1: attempt power cycle
[  586.223769][   T30] audit: type=1326 audit(1748101345.117:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10290 comm="syz.6.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff76798e56b code=0x7ffc0000
[  586.375788][   T30] audit: type=1326 audit(1748101345.127:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10290 comm="syz.6.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff76798e56b code=0x7ffc0000
[  586.614012][ T6860] usb 7-1: new low-speed USB device number 5 using dummy_hcd
[  586.800201][ T6860] usb 7-1: device descriptor read/8, error -71
[  586.841458][   T30] audit: type=1326 audit(1748101345.127:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10290 comm="syz.6.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff76798e56b code=0x7ffc0000
[  587.305852][ T6860] usb 7-1: new low-speed USB device number 6 using dummy_hcd
[  587.523588][ T6860] usb 7-1: device descriptor read/8, error -71
[  587.533659][T10320] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  588.178090][ T6860] usb usb7-port1: unable to enumerate USB device
[  589.161919][T10331] netlink: 16186 bytes leftover after parsing attributes in process `syz.6.1118'.
[  589.676750][T10335] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1119'.
[  589.966743][T10339] FAULT_INJECTION: forcing a failure.
[  589.966743][T10339] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  590.036846][T10339] CPU: 1 UID: 0 PID: 10339 Comm: syz.6.1121 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  590.036873][T10339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  590.036884][T10339] Call Trace:
[  590.036892][T10339]  <TASK>
[  590.036900][T10339]  dump_stack_lvl+0x189/0x250
[  590.036928][T10339]  ? __lock_acquire+0xaac/0xd20
[  590.036955][T10339]  ? __pfx_dump_stack_lvl+0x10/0x10
[  590.036978][T10339]  ? __pfx__printk+0x10/0x10
[  590.037005][T10339]  ? __might_fault+0xb0/0x130
[  590.037043][T10339]  should_fail_ex+0x414/0x560
[  590.037066][T10339]  _copy_from_user+0x2d/0xb0
[  590.037088][T10339]  csum_and_copy_from_iter_full+0x1d8/0x1d20
[  590.037128][T10339]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[  590.037165][T10339]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  590.037193][T10339]  ip_generic_getfrag+0x12f/0x2b0
[  590.037221][T10339]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  590.037248][T10339]  ? skb_put+0x11b/0x210
[  590.037274][T10339]  __ip_append_data+0x3b32/0x40f0
[  590.037350][T10339]  ? __lock_acquire+0xaac/0xd20
[  590.037377][T10339]  ? __pfx_raw_getfrag+0x10/0x10
[  590.037417][T10339]  ? ipv4_mtu+0x23/0x5c0
[  590.037443][T10339]  ? __pfx___ip_append_data+0x10/0x10
[  590.037468][T10339]  ? ipv4_mtu+0x23/0x5c0
[  590.037492][T10339]  ? ip_setup_cork+0x579/0x9b0
[  590.037522][T10339]  ip_append_data+0x10e/0x190
[  590.037550][T10339]  ? __pfx_raw_getfrag+0x10/0x10
[  590.037578][T10339]  raw_sendmsg+0x13c1/0x18a0
[  590.037620][T10339]  ? __pfx_raw_sendmsg+0x10/0x10
[  590.037671][T10339]  ? tomoyo_socket_sendmsg_permission+0x216/0x300
[  590.037700][T10339]  ? sock_rps_record_flow+0x19/0x400
[  590.037730][T10339]  ? inet_sendmsg+0x2f4/0x370
[  590.037755][T10339]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  590.037778][T10339]  __sock_sendmsg+0x19c/0x270
[  590.037800][T10339]  ____sys_sendmsg+0x505/0x830
[  590.037833][T10339]  ? __pfx_____sys_sendmsg+0x10/0x10
[  590.037878][T10339]  ? import_iovec+0x74/0xa0
[  590.037906][T10339]  ___sys_sendmsg+0x21f/0x2a0
[  590.037931][T10339]  ? __pfx____sys_sendmsg+0x10/0x10
[  590.037989][T10339]  ? __fget_files+0x2a/0x420
[  590.038004][T10339]  ? __fget_files+0x3a0/0x420
[  590.038030][T10339]  __x64_sys_sendmsg+0x19b/0x260
[  590.038056][T10339]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  590.038095][T10339]  ? do_syscall_64+0xba/0x210
[  590.038120][T10339]  do_syscall_64+0xf6/0x210
[  590.038143][T10339]  ? clear_bhb_loop+0x60/0xb0
[  590.038164][T10339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  590.038181][T10339] RIP: 0033:0x7ff76798e969
[  590.038197][T10339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  590.038212][T10339] RSP: 002b:00007ff7687f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  590.038231][T10339] RAX: ffffffffffffffda RBX: 00007ff767bb5fa0 RCX: 00007ff76798e969
[  590.038243][T10339] RDX: 0000000000000000 RSI: 0000200000001640 RDI: 0000000000000003
[  590.038254][T10339] RBP: 00007ff7687f5090 R08: 0000000000000000 R09: 0000000000000000
[  590.038265][T10339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  590.038276][T10339] R13: 0000000000000000 R14: 00007ff767bb5fa0 R15: 00007ffcf2395648
[  590.038303][T10339]  </TASK>
[  592.535132][T10358] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1127'.
[  592.614038][T10358] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1127'.
[  594.200503][T10368] xt_CT: You must specify a L4 protocol and not use inversions on it
[  594.218492][T10368] syz.6.1130: attempt to access beyond end of device
[  594.218492][T10368] loop13: rw=4096, sector=2, nr_sectors = 2 limit=0
[  594.244015][T10368] EXT4-fs (loop13): unable to read superblock
[  595.401544][T10382] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  595.402750][T10383] loop8: detected capacity change from 0 to 1
[  595.628113][T10378] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.1132'.
[  595.653936][T10388] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1134'.
[  595.975364][T10394] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4278124544 (8556249088 ns) > initial count (184 ns). Using initial count to start timer.
[  596.055151][T10394] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1137'.
[  596.496917][T10401] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1138'.
[  596.604919][T10401] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1138'.
[  599.523054][T10423] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  600.328701][T10442] xt_CT: You must specify a L4 protocol and not use inversions on it
[  601.025531][T10433] syz.6.1147: attempt to access beyond end of device
[  601.025531][T10433] loop13: rw=4096, sector=2, nr_sectors = 2 limit=0
[  601.075074][T10434] netlink: 'syz.5.1146': attribute type 10 has an invalid length.
[  601.084385][T10434] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1146'.
[  601.225364][T10433] EXT4-fs (loop13): unable to read superblock
[  603.661172][T10478] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  604.076273][T10464] netlink: 'syz.0.1155': attribute type 10 has an invalid length.
[  604.084278][T10464] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1155'.
[  605.756925][T10492] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  606.697833][T10512] FAULT_INJECTION: forcing a failure.
[  606.697833][T10512] name failslab, interval 1, probability 0, space 0, times 0
[  606.711428][T10512] CPU: 0 UID: 0 PID: 10512 Comm: syz.6.1167 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  606.711454][T10512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  606.711465][T10512] Call Trace:
[  606.711473][T10512]  <TASK>
[  606.711480][T10512]  dump_stack_lvl+0x189/0x250
[  606.711504][T10512]  ? __pfx_dump_stack_lvl+0x10/0x10
[  606.711522][T10512]  ? __pfx__printk+0x10/0x10
[  606.711546][T10512]  ? __pfx___might_resched+0x10/0x10
[  606.711565][T10512]  ? fs_reclaim_acquire+0x7d/0x100
[  606.711583][T10512]  should_fail_ex+0x414/0x560
[  606.711600][T10512]  should_failslab+0xa8/0x100
[  606.711613][T10512]  kmem_cache_alloc_noprof+0x73/0x3c0
[  606.711632][T10512]  ? getname_flags+0xb8/0x540
[  606.711648][T10512]  getname_flags+0xb8/0x540
[  606.711664][T10512]  __x64_sys_mkdir+0x5d/0x80
[  606.711682][T10512]  do_syscall_64+0xf6/0x210
[  606.711699][T10512]  ? asm_sysvec_call_function_single+0x1a/0x20
[  606.711712][T10512]  ? clear_bhb_loop+0x60/0xb0
[  606.711728][T10512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.711740][T10512] RIP: 0033:0x7ff76798e969
[  606.711753][T10512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  606.711764][T10512] RSP: 002b:00007ff768732038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  606.711778][T10512] RAX: ffffffffffffffda RBX: 00007ff767bb6160 RCX: 00007ff76798e969
[  606.711787][T10512] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000200
[  606.711795][T10512] RBP: 00007ff768732090 R08: 0000000000000000 R09: 0000000000000000
[  606.711803][T10512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  606.711811][T10512] R13: 0000000000000000 R14: 00007ff767bb6160 R15: 00007ffcf2395648
[  606.711831][T10512]  </TASK>
[  609.199729][ T6860] Process accounting resumed
[  611.943995][T10548] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  611.949314][ T5877] IPVS: starting estimator thread 0...
[  612.079543][T10540] can: request_module (can-proto-0) failed.
[  612.193862][T10550] IPVS: using max 37 ests per chain, 88800 per kthread
[  613.205502][T10561] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  613.977635][T10571] trusted_key: encrypted_key: master key parameter '’()õåxeDÌ3»‰<ç�Δ}X»9[2¹Å黌×Ô#×2¡²‰’¢-bŒÝŽ½n%V¤åne˯«ïû#Ø.GPº[' is invalid
[  615.076606][T10558] netlink: 'syz.4.1180': attribute type 10 has an invalid length.
[  615.084499][T10558] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1180'.
[  615.482785][   T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  616.018531][   T24] usb 7-1: Using ep0 maxpacket: 32
[  616.843845][   T24] usb 7-1: config 1 has an invalid interface number: 233 but max is 0
[  616.860616][   T24] usb 7-1: config 1 has no interface number 0
[  617.042286][   T24] usb 7-1: config 1 interface 233 has no altsetting 0
[  617.728224][ T6860] Process accounting resumed
[  617.755157][   T24] usb 7-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=34.ac
[  617.833739][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.841795][   T24] usb 7-1: Product: syz
[  618.074269][   T24] usb 7-1: Manufacturer: syz
[  618.093697][   T24] usb 7-1: SerialNumber: syz
[  618.724802][T10605] tipc: Started in network mode
[  618.729745][T10605] tipc: Node identity ac14140f, cluster identity 4711
[  618.736998][T10605] tipc: New replicast peer: 255.255.255.255
[  618.743764][T10605] tipc: Enabled bearer <udp:syz2>, priority 10
[  618.925698][   T24] usb 7-1: can't set config #1, error -71
[  619.027117][   T24] usb 7-1: USB disconnect, device number 7
[  619.186893][T10613] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  620.136956][ T5821] tipc: Node number set to 2886997007
[  621.112802][ T5879] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  621.343766][ T5879] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  621.392374][ T5879] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  621.446844][ T5879] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  621.513634][ T5879] usb 7-1: config 0 descriptor??
[  622.034517][ T5879] keytouch 0003:0926:3333.0005: fixing up Keytouch IEC report descriptor
[  622.295427][ T5879] input: HID 0926:3333 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0926:3333.0005/input/input54
[  622.845291][T10645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  622.924740][T10645] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  623.091178][ T5879] keytouch 0003:0926:3333.0005: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.6-1/input0
[  623.347033][ T5879] usb 7-1: USB disconnect, device number 8
[  623.423511][T10649] fido_id[10649]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory
[  626.592285][T10685] binder: BINDER_SET_CONTEXT_MGR already set
[  626.681026][T10685] binder: 10681:10685 ioctl 4018620d 200000000040 returned -16
[  626.773660][T10693] binder: BINDER_SET_CONTEXT_MGR already set
[  626.864079][T10693] binder: 10687:10693 ioctl 4018620d 2000000000c0 returned -16
[  627.008486][T10695] binder: BINDER_SET_CONTEXT_MGR already set
[  627.150023][T10695] binder: 10687:10695 ioctl 4018620d 200000000040 returned -16
[  627.379460][T10699] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1215'.
[  628.403518][T10712] xt_nfacct: accounting object `syz1' does not exists
[  628.725862][T10715] zonefs (nullb0) ERROR: Not a zoned block device
[  628.771881][T10717] binder: 10716:10717 ioctl c0306201 200000000140 returned -14
[  630.224816][T10729] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1224'.
[  630.762528][T10737] xt_CT: You must specify a L4 protocol and not use inversions on it
[  630.900492][T10737] syz.4.1226: attempt to access beyond end of device
[  630.900492][T10737] loop9: rw=4096, sector=2, nr_sectors = 2 limit=0
[  630.951591][T10737] EXT4-fs (loop9): unable to read superblock
[  632.168502][T10760] binder: BINDER_SET_CONTEXT_MGR already set
[  632.189508][T10760] binder: 10753:10760 ioctl 4018620d 2000000000c0 returned -16
[  632.209482][T10759] xt_CT: You must specify a L4 protocol and not use inversions on it
[  632.221520][T10760] binder: BINDER_SET_CONTEXT_MGR already set
[  632.735757][T10759] syz.2.1232: attempt to access beyond end of device
[  632.735757][T10759] loop5: rw=4096, sector=2, nr_sectors = 2 limit=0
[  632.750947][T10762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1233'.
[  632.760365][T10760] binder: 10753:10760 ioctl 4018620d 200000000040 returned -16
[  632.770460][T10759] EXT4-fs (loop5): unable to read superblock
[  633.628888][T10772] cgroup: subsys name conflicts with all
[  634.138015][ T5879] Process accounting resumed
[  634.926417][T10785] --map-set only usable from mangle table
[  635.409948][T10787] 9pnet_fd: Insufficient options for proto=fd
[  635.475669][T10793] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1240'.
[  635.577298][T10794] xt_CT: You must specify a L4 protocol and not use inversions on it
[  635.593563][T10794] syz.4.1241: attempt to access beyond end of device
[  635.593563][T10794] loop9: rw=4096, sector=2, nr_sectors = 2 limit=0
[  635.607006][T10794] EXT4-fs (loop9): unable to read superblock
[  636.587643][T10804] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  637.011631][T10816] binder: BINDER_SET_CONTEXT_MGR already set
[  637.054308][T10816] binder: 10811:10816 ioctl 4018620d 200000000040 returned -16
[  637.508074][   T24] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  637.573128][T10833] binder: BINDER_SET_CONTEXT_MGR already set
[  637.596197][T10833] binder: 10831:10833 ioctl 4018620d 2000000000c0 returned -16
[  637.622477][T10833] binder: BINDER_SET_CONTEXT_MGR already set
[  637.651432][T10833] binder: 10831:10833 ioctl 4018620d 200000000040 returned -16
[  637.680322][   T24] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  637.692183][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.762537][   T24] usb 1-1: Product: syz
[  637.795806][   T24] usb 1-1: Manufacturer: syz
[  637.891722][   T24] usb 1-1: SerialNumber: syz
[  638.039548][   T24] usb 1-1: config 0 descriptor??
[  639.068566][T10822] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1247'.
[  639.144456][   T24] hso 1-1:0.0: Failed to find BULK IN ep
[  639.179644][   T24] usb-storage 1-1:0.0: USB Mass Storage device detected
[  639.513748][   T24] usb 1-1: USB disconnect, device number 38
[  639.713143][T10856] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  642.660847][ T1214] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  642.923744][ T1214] usb 1-1: Using ep0 maxpacket: 32
[  642.930883][ T1214] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[  642.942034][ T1214] usb 1-1: config 0 has no interface number 0
[  642.956888][ T1214] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  643.146052][ T1214] usb 1-1: config 0 interface 85 has no altsetting 0
[  643.369817][ T1214] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  643.390590][ T1214] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.421382][ T1214] usb 1-1: Product: syz
[  643.509645][ T1214] usb 1-1: Manufacturer: syz
[  643.519567][ T1214] usb 1-1: SerialNumber: syz
[  643.590620][ T1214] usb 1-1: config 0 descriptor??
[  643.844637][T10894] binder: BINDER_SET_CONTEXT_MGR already set
[  643.861007][T10894] binder: 10888:10894 ioctl 4018620d 2000000000c0 returned -16
[  643.954295][T10894] binder: BINDER_SET_CONTEXT_MGR already set
[  644.007172][T10894] binder: 10888:10894 ioctl 4018620d 200000000040 returned -16
[  644.381408][ T1214] appletouch 1-1:0.85: Geyser mode initialized.
[  644.592547][T10901] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  644.601817][ T1214] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input57
[  644.677004][T10901] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  644.981573][ T5877] usb 1-1: USB disconnect, device number 39
[  646.084406][T10919] tipc: Started in network mode
[  646.089327][T10919] tipc: Node identity ac14140f, cluster identity 4711
[  646.096524][T10919] tipc: New replicast peer: 255.255.255.255
[  646.104426][T10919] tipc: Enabled bearer <udp:syz2>, priority 10
[  647.081503][ T5877] appletouch 1-1:0.85: input: appletouch disconnected
[  647.214346][ T5879] tipc: Node number set to 2886997007
[  647.644006][ T5821] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  647.844581][ T5821] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  647.863537][ T5821] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  647.916130][ T5821] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  647.967503][ T5821] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  648.023752][ T5821] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  648.089254][ T5821] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  648.129694][ T5821] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  648.154275][ T5821] usb 6-1: Product: syz
[  648.158505][ T5821] usb 6-1: Manufacturer: syz
[  648.208902][ T5821] cdc_wdm 6-1:1.0: skipping garbage
[  648.231005][ T5821] cdc_wdm 6-1:1.0: skipping garbage
[  648.285201][ T5821] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  648.291178][ T5821] cdc_wdm 6-1:1.0: Unknown control protocol
[  648.412300][T10927] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  648.473430][T10927] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  648.522477][ T5877] usb 6-1: USB disconnect, device number 20
[  649.483104][T10961] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1284'.
[  649.832217][T10966] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  651.745306][ T1214] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  652.153865][ T1214] usb 6-1: Using ep0 maxpacket: 32
[  652.164312][ T1214] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[  652.172802][ T1214] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  652.320498][ T1214] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  652.493450][ T1214] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[  652.584434][ T1214] usb 6-1: config 1 has no interface number 0
[  652.673573][ T1214] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  653.195943][ T1214] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.395886][ T1214] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[  653.842519][T11000] binder: 10999:11000 ioctl c0306201 200000000140 returned -14
[  653.860614][ T1214] snd_usb_pod 6-1:1.1: set_interface failed
[  653.927368][ T1214] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[  653.946508][ T1214] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -71
[  654.179325][ T1214] usb 6-1: USB disconnect, device number 21
[  655.238885][T11011] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  657.023234][T11027] input: syz0 as /devices/virtual/input/input58
[  659.090946][T11051] xt_hashlimit: overflow, rate too high: 0
[  659.222117][ T5822] Bluetooth: hci4: unexpected event for opcode 0x2011
[  659.517868][T11045] binder: 11041:11045 ioctl c0306201 200000000140 returned -14
[  660.675897][T11066] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  660.831759][T11072] binder: BINDER_SET_CONTEXT_MGR already set
[  660.896476][T11073] 9pnet_fd: Insufficient options for proto=fd
[  661.086163][T11072] binder: 11059:11072 ioctl 4018620d 200000000040 returned -16
[  661.246108][T11076] input: syz0 as /devices/virtual/input/input59
[  663.285524][ T5822] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  663.294272][ T5822] Bluetooth: hci4: Injecting HCI hardware error event
[  663.302816][ T5822] Bluetooth: hci4: hardware error 0x00
[  663.660953][   T10] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  663.685129][T11103] binder: 11102:11103 ioctl c0306201 200000000140 returned -14
[  663.910803][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  663.972012][   T10] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  664.035855][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.079482][   T10] usb 7-1: config 0 descriptor??
[  664.151978][   T10] pwc: Askey VC010 type 2 USB webcam detected.
[  664.464035][ T5878] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  664.545732][T11101] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  664.584177][T11101] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  664.639211][   T10] pwc: recv_control_msg error -32 req 02 val 2b00
[  664.645924][ T5878] usb 5-1: Using ep0 maxpacket: 16
[  664.666112][ T5878] usb 5-1: config index 0 descriptor too short (expected 16456, got 72)
[  664.693904][   T10] pwc: recv_control_msg error -32 req 02 val 2700
[  664.700419][ T5878] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  664.714301][   T10] pwc: recv_control_msg error -32 req 02 val 2c00
[  664.734038][ T5878] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  664.913943][   T10] pwc: recv_control_msg error -32 req 04 val 1000
[  664.947889][   T10] pwc: recv_control_msg error -32 req 04 val 1300
[  665.563493][ T5878] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  665.603844][ T5822] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  665.687932][   T10] pwc: recv_control_msg error -32 req 04 val 1400
[  665.697325][ T5878] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  665.714951][   T10] pwc: recv_control_msg error -32 req 02 val 2000
[  665.723742][ T5878] usb 5-1: config 0 has no interface number 0
[  665.740135][ T5878] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  665.761878][ T5878] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  665.792241][ T5878] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  665.829514][ T5878] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  665.869417][ T5878] usb 5-1: config 0 interface 125 has no altsetting 0
[  665.889555][T11127] binder: BINDER_SET_CONTEXT_MGR already set
[  665.889633][ T5878] usb 5-1: config 0 interface 125 has no altsetting 2
[  665.943033][   T10] pwc: recv_control_msg error -71 req 04 val 1500
[  665.958485][T11129] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  666.392117][T11127] binder: 11123:11127 ioctl 4018620d 2000000000c0 returned -16
[  666.408217][   T10] pwc: recv_control_msg error -71 req 02 val 2500
[  666.438671][ T5878] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  666.453547][   T10] pwc: recv_control_msg error -71 req 02 val 2400
[  666.465265][T11127] binder: BINDER_SET_CONTEXT_MGR already set
[  666.470916][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.480980][   T10] pwc: recv_control_msg error -71 req 02 val 2600
[  666.493315][T11127] binder: 11123:11127 ioctl 4018620d 200000000040 returned -16
[  666.513035][   T10] pwc: recv_control_msg error -71 req 02 val 2900
[  666.522161][ T5878] usb 5-1: Product: syz
[  666.544279][ T5878] usb 5-1: Manufacturer: syz
[  666.557072][   T10] pwc: recv_control_msg error -71 req 02 val 2800
[  666.603862][ T5878] usb 5-1: SerialNumber: syz
[  666.619065][   T10] pwc: recv_control_msg error -71 req 04 val 1100
[  666.839755][ T5878] usb 5-1: config 0 descriptor??
[  667.074514][   T10] pwc: recv_control_msg error -71 req 04 val 1200
[  667.539211][   T10] pwc: Registered as video103.
[  667.583921][   T10] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input61
[  667.746232][ T5878] usb 5-1: can't set config #0, error -71
[  668.014225][   T10] usb 7-1: USB disconnect, device number 9
[  668.041206][ T5878] usb 5-1: USB disconnect, device number 25
[  668.285689][T11147] binder: 11146:11147 ioctl c0306201 200000000140 returned -14
[  668.973947][T11150] lo speed is unknown, defaulting to 1000
[  668.980439][T11150] lo speed is unknown, defaulting to 1000
[  668.989083][T11150] lo speed is unknown, defaulting to 1000
[  669.001481][T11150] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  669.020651][T11150] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  669.104899][T11150] lo speed is unknown, defaulting to 1000
[  669.278836][T11150] lo speed is unknown, defaulting to 1000
[  669.287443][T11150] lo speed is unknown, defaulting to 1000
[  669.308185][T11150] lo speed is unknown, defaulting to 1000
[  669.326217][T11150] lo speed is unknown, defaulting to 1000
[  669.407405][T11161] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  670.356388][ T5821] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  670.526264][ T5821] usb 7-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  670.706943][ T5821] usb 7-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x51, changing to 0x1
[  670.756692][ T5821] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  670.811687][ T5821] usb 7-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101
[  670.868111][ T5821] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  670.896623][ T5821] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  671.023846][ T5878] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  671.179240][ T5821] ath6kl: Failed to submit usb control message: -71
[  671.193942][ T5821] ath6kl: unable to send the bmi data to the device: -71
[  671.211361][ T5821] ath6kl: Unable to send get target info: -71
[  671.227293][ T5878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  671.232563][ T5821] ath6kl: Failed to init ath6kl core: -71
[  671.272035][ T5878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  671.298347][ T5821] ath6kl_usb 7-1:4.0: probe with driver ath6kl_usb failed with error -71
[  671.302770][T11178] dns_resolver: Unsupported content type (24)
[  671.344275][ T5878] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  671.347810][ T5821] usb 7-1: USB disconnect, device number 10
[  671.394079][ T5878] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  671.403167][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  671.479097][ T5878] usb 1-1: config 0 descriptor??
[  671.925916][ T5878] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[  671.974773][ T5878] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  672.007957][ T5878] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  672.129448][T11186] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  673.310773][   T10] usb 1-1: USB disconnect, device number 40
[  673.511131][T11201] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  674.042287][T11191] fido_id[11191]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  675.514011][   T10] usb 7-1: new low-speed USB device number 11 using dummy_hcd
[  675.687035][   T10] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  675.703944][   T10] usb 7-1: config 0 has no interface number 0
[  675.720097][   T10] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  676.053669][   T10] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  676.073660][   T10] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  676.093901][   T10] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  676.121825][   T10] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  676.150702][T11227] veth1_to_team: entered promiscuous mode
[  676.164130][   T10] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  676.217878][   T10] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  676.505529][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.541549][   T10] usb 7-1: config 0 descriptor??
[  676.569044][   T30] kauditd_printk_skb: 26 callbacks suppressed
[  676.569061][   T30] audit: type=1326 audit(1748101436.727:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11226 comm="syz.2.1356" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a3c38e969 code=0x0
[  676.611130][T11221] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  676.698435][T11221] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  676.714315][T11237] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  677.243517][   T10] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  677.396134][T11227] veth1_to_team: left promiscuous mode
[  677.596642][T11243] xt_TPROXY: Can be used only with -p tcp or -p udp
[  677.652543][T11249] loop6: detected capacity change from 0 to 63
[  677.727468][T10074] Buffer I/O error on dev loop6, logical block 0, async page read
[  677.894548][T10074] Buffer I/O error on dev loop6, logical block 0, async page read
[  677.919011][   T30] audit: type=1326 audit(1748101438.087:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11246 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6a3c32ab39 code=0x7ffc0000
[  677.964526][T10074] Buffer I/O error on dev loop6, logical block 0, async page read
[  678.001854][T10074] Buffer I/O error on dev loop6, logical block 0, async page read
[  678.023361][   T30] audit: type=1326 audit(1748101438.097:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11246 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6a3c32ab39 code=0x7ffc0000
[  678.066414][T11252] Buffer I/O error on dev loop6, logical block 0, async page read
[  678.135643][T11249] Buffer I/O error on dev loop6, logical block 0, async page read
[  678.148498][   T30] audit: type=1326 audit(1748101438.097:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11246 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6a3c32ab39 code=0x7ffc0000
[  678.221661][T10074] Buffer I/O error on dev loop6, logical block 0, async page read
[  678.361892][   T30] audit: type=1326 audit(1748101438.097:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11246 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6a3c32ab39 code=0x7ffc0000
[  678.515601][T11259] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1363'.
[  678.551853][   T30] audit: type=1326 audit(1748101438.097:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11246 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6a3c32ab39 code=0x7ffc0000
[  678.673763][   T30] audit: type=1326 audit(1748101438.097:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11246 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6a3c32ab39 code=0x7ffc0000
[  678.695248][    C1] vkms_vblank_simulate: vblank timer overrun
[  678.743838][   T30] audit: type=1326 audit(1748101438.097:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11246 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6a3c32ab39 code=0x7ffc0000
[  678.947005][   T30] audit: type=1326 audit(1748101438.097:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11246 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6a3c32ab39 code=0x7ffc0000
[  679.129424][T11268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  679.234681][T11269] FAULT_INJECTION: forcing a failure.
[  679.234681][T11269] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.248567][T11269] CPU: 1 UID: 0 PID: 11269 Comm: syz.5.1364 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  679.248594][T11269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  679.248606][T11269] Call Trace:
[  679.248615][T11269]  <TASK>
[  679.248624][T11269]  dump_stack_lvl+0x189/0x250
[  679.248654][T11269]  ? __lock_acquire+0xaac/0xd20
[  679.248684][T11269]  ? __pfx_dump_stack_lvl+0x10/0x10
[  679.248710][T11269]  ? __pfx__printk+0x10/0x10
[  679.248742][T11269]  ? __might_fault+0xb0/0x130
[  679.248784][T11269]  should_fail_ex+0x414/0x560
[  679.248811][T11269]  _copy_from_iter+0x1db/0x15a0
[  679.248836][T11269]  ? __alloc_frozen_pages_noprof+0x1d6/0x370
[  679.248871][T11269]  ? __pfx__copy_from_iter+0x10/0x10
[  679.248897][T11269]  ? policy_nodemask+0x27c/0x720
[  679.248927][T11269]  ? set_page_refcounted+0x31/0x1e0
[  679.248963][T11269]  ? page_copy_sane+0x4e/0x280
[  679.248990][T11269]  copy_page_from_iter+0x7b/0x100
[  679.249018][T11269]  anon_pipe_write+0x99a/0x1360
[  679.249062][T11269]  ? __pfx_anon_pipe_write+0x10/0x10
[  679.249087][T11269]  ? bpf_lsm_file_permission+0x9/0x20
[  679.249118][T11269]  ? security_file_permission+0x75/0x290
[  679.249151][T11269]  vfs_write+0x54b/0xa90
[  679.249184][T11269]  ? __pfx_anon_pipe_write+0x10/0x10
[  679.249204][T11269]  ? __pfx_vfs_write+0x10/0x10
[  679.249235][T11269]  ? __rcu_read_unlock+0x84/0xe0
[  679.249262][T11269]  ? __fget_files+0x2a/0x420
[  679.249291][T11269]  ksys_write+0x145/0x250
[  679.249317][T11269]  ? rcu_is_watching+0x15/0xb0
[  679.249347][T11269]  ? __pfx_ksys_write+0x10/0x10
[  679.249379][T11269]  ? do_syscall_64+0xba/0x210
[  679.249409][T11269]  do_syscall_64+0xf6/0x210
[  679.249434][T11269]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  679.249454][T11269]  ? clear_bhb_loop+0x60/0xb0
[  679.249478][T11269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.249497][T11269] RIP: 0033:0x7fc6a478e969
[  679.249514][T11269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  679.249532][T11269] RSP: 002b:00007fc6a5629038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  679.249553][T11269] RAX: ffffffffffffffda RBX: 00007fc6a49b6160 RCX: 00007fc6a478e969
[  679.249567][T11269] RDX: 00000000fffffecc RSI: 0000200000000000 RDI: 0000000000000008
[  679.249598][T11269] RBP: 00007fc6a5629090 R08: 0000000000000000 R09: 0000000000000000
[  679.249611][T11269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  679.249623][T11269] R13: 0000000000000000 R14: 00007fc6a49b6160 R15: 00007ffd78ae9df8
[  679.249654][T11269]  </TASK>
[  679.506262][    C1] vkms_vblank_simulate: vblank timer overrun
[  679.580449][T11268] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  679.909940][   T30] audit: type=1326 audit(1748101438.097:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11246 comm="syz.2.1361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6a3c32ab39 code=0x7ffc0000
[  680.646753][ T5880] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  680.834662][ T5880] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  680.887771][ T5880] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  680.926088][ T5880] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  680.972635][ T5880] usb 6-1: config 0 interface 0 has no altsetting 0
[  681.022933][ T5880] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  681.069287][ T5880] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  681.132196][ T5880] usb 6-1: config 0 interface 0 has no altsetting 0
[  681.166059][ T5880] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  681.196484][ T5880] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  681.353699][ T5880] usb 6-1: config 0 interface 0 has no altsetting 0
[  681.364583][ T5880] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  681.373530][ T5880] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  681.464878][ T5880] usb 6-1: config 0 interface 0 has no altsetting 0
[  682.235039][ T1214] usb 7-1: USB disconnect, device number 11
[  682.264963][ T5880] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  682.428193][T11291] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  682.497014][ T5880] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  682.747644][T10616] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  682.769097][ T5880] usb 6-1: config 0 interface 0 has no altsetting 0
[  682.776859][ T1214] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  682.800615][ T5880] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  682.821446][ T5880] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  682.875807][ T5880] usb 6-1: config 0 interface 0 has no altsetting 0
[  682.886514][T11293] IPVS: set_ctl: invalid protocol: 92 10.1.1.0:20004
[  682.899935][ T5880] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  682.909521][T10616] usb 1-1: device descriptor read/64, error -71
[  682.926410][ T5880] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  682.952792][ T5880] usb 6-1: config 0 interface 0 has no altsetting 0
[  682.977744][ T5880] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  683.007934][ T5880] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  683.043452][ T5880] usb 6-1: config 0 interface 0 has no altsetting 0
[  683.144233][ T5880] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  683.164074][ T5880] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  683.172461][ T5880] usb 6-1: Product: syz
[  683.193710][T10616] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  683.201710][ T5880] usb 6-1: Manufacturer: syz
[  683.271855][ T5880] usb 6-1: SerialNumber: syz
[  683.294401][ T5880] usb 6-1: config 0 descriptor??
[  683.329887][ T5880] usb 6-1: can't set config #0, error -71
[  683.368016][ T5880] usb 6-1: USB disconnect, device number 22
[  683.413744][T10616] usb 1-1: device descriptor read/64, error -71
[  683.624108][T10616] usb usb1-port1: attempt power cycle
[  683.915348][T11309] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  683.963831][T10616] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  684.151145][T10616] usb 1-1: device descriptor read/8, error -71
[  684.512429][T11304] syz.6.1377: attempt to access beyond end of device
[  684.512429][T11304] loop13: rw=4096, sector=2, nr_sectors = 2 limit=0
[  684.587545][T11304] EXT4-fs (loop13): unable to read superblock
[  686.121699][T11333] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  687.546880][ T1214] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  687.783747][ T1214] usb 6-1: device descriptor read/64, error -71
[  688.054128][ T1214] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  688.815343][ T1214] usb 6-1: device descriptor read/64, error -71
[  689.184601][ T1214] usb usb6-port1: attempt power cycle
[  690.264596][T11366] smc: net device bond0 applied user defined pnetid SYZ2
[  690.570141][T11379] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  690.975222][T11377] xt_CT: You must specify a L4 protocol and not use inversions on it
[  691.055765][T11380] syz.2.1398: attempt to access beyond end of device
[  691.055765][T11380] loop5: rw=4096, sector=2, nr_sectors = 2 limit=0
[  691.097557][T11380] EXT4-fs (loop5): unable to read superblock
[  692.620442][T11399] input: syz0 as /devices/virtual/input/input63
[  693.509175][T11415] syzkaller0: entered promiscuous mode
[  693.554111][T11415] syzkaller0: entered allmulticast mode
[  694.987840][T11432] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  695.481869][T11434] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  696.171827][T11441] syz.2.1417: attempt to access beyond end of device
[  696.171827][T11441] loop5: rw=4096, sector=2, nr_sectors = 2 limit=0
[  696.234859][T11441] EXT4-fs (loop5): unable to read superblock
[  697.023913][   T24] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  697.163961][   T24] usb 1-1: device descriptor read/64, error -71
[  697.409610][   T24] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  697.563833][   T24] usb 1-1: device descriptor read/64, error -71
[  697.691984][   T24] usb usb1-port1: attempt power cycle
[  697.753898][ T5877] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  697.934219][ T5877] usb 5-1: Using ep0 maxpacket: 8
[  697.967052][ T5877] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  697.983808][ T5877] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  698.023842][ T5877] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  698.043687][ T5877] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  698.065765][ T5877] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  698.093638][   T24] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  698.113995][ T5877] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  698.143950][   T24] usb 1-1: device descriptor read/8, error -71
[  698.153831][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.329114][T11471] FAULT_INJECTION: forcing a failure.
[  698.329114][T11471] name failslab, interval 1, probability 0, space 0, times 0
[  698.341965][T11471] CPU: 1 UID: 0 PID: 11471 Comm: syz.6.1427 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  698.341990][T11471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  698.342001][T11471] Call Trace:
[  698.342009][T11471]  <TASK>
[  698.342016][T11471]  dump_stack_lvl+0x189/0x250
[  698.342048][T11471]  ? __pfx_dump_stack_lvl+0x10/0x10
[  698.342073][T11471]  ? __pfx__printk+0x10/0x10
[  698.342105][T11471]  ? __pfx___might_resched+0x10/0x10
[  698.342132][T11471]  ? fs_reclaim_acquire+0x7d/0x100
[  698.342158][T11471]  should_fail_ex+0x414/0x560
[  698.342181][T11471]  should_failslab+0xa8/0x100
[  698.342219][T11471]  kmem_cache_alloc_noprof+0x73/0x3c0
[  698.342247][T11471]  ? security_inode_alloc+0x39/0x330
[  698.342282][T11471]  security_inode_alloc+0x39/0x330
[  698.342314][T11471]  inode_init_always_gfp+0x9ed/0xdc0
[  698.342352][T11471]  alloc_inode+0x82/0x1b0
[  698.342383][T11471]  path_from_stashed+0x299/0x8f0
[  698.342413][T11471]  ? __pfx_path_from_stashed+0x10/0x10
[  698.342436][T11471]  ? netns_get+0xc7/0x110
[  698.342463][T11471]  proc_ns_get_link+0xef/0x230
[  698.342484][T11471]  ? __pfx_proc_ns_get_link+0x10/0x10
[  698.342504][T11471]  ? touch_atime+0xf1/0x6d0
[  698.342535][T11471]  ? pick_link+0x114/0xe20
[  698.342554][T11471]  ? bpf_lsm_inode_follow_link+0x9/0x20
[  698.342577][T11471]  ? __pfx_proc_ns_get_link+0x10/0x10
[  698.342597][T11471]  pick_link+0x685/0xe20
[  698.342625][T11471]  step_into+0xc5d/0xf30
[  698.342651][T11471]  ? __up_read+0x280/0x680
[  698.342673][T11471]  ? __pfx_step_into+0x10/0x10
[  698.342704][T11471]  path_openat+0x1bc6/0x3830
[  698.342764][T11471]  ? __pfx_path_openat+0x10/0x10
[  698.342800][T11471]  ? irqentry_exit+0x74/0x90
[  698.342831][T11471]  do_filp_open+0x1fa/0x410
[  698.342859][T11471]  ? __pfx_do_filp_open+0x10/0x10
[  698.342881][T11471]  ? preempt_schedule_common+0x83/0xd0
[  698.342927][T11471]  ? _raw_spin_unlock+0x3f/0x50
[  698.342945][T11471]  ? alloc_fd+0x64c/0x6c0
[  698.342987][T11471]  do_sys_openat2+0x121/0x1c0
[  698.343014][T11471]  ? __pfx_do_sys_openat2+0x10/0x10
[  698.343051][T11471]  __x64_sys_openat+0x138/0x170
[  698.343078][T11471]  do_syscall_64+0xf6/0x210
[  698.343102][T11471]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  698.343121][T11471]  ? clear_bhb_loop+0x60/0xb0
[  698.343145][T11471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.343164][T11471] RIP: 0033:0x7ff76798d2d0
[  698.343181][T11471] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  698.343198][T11471] RSP: 002b:00007ff7687d3f60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  698.343218][T11471] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff76798d2d0
[  698.343231][T11471] RDX: 0000000000000000 RSI: 00007ff767a10bc9 RDI: 00000000ffffff9c
[  698.343244][T11471] RBP: 00007ff767a10bc9 R08: 0000000000000000 R09: 0000000000000000
[  698.343255][T11471] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  698.343267][T11471] R13: 0000000000000000 R14: 00007ff767bb6080 R15: 00007ffcf2395648
[  698.343298][T11471]  </TASK>
[  698.703858][   T24] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  698.735545][   T24] usb 1-1: device descriptor read/8, error -71
[  698.844771][   T24] usb usb1-port1: unable to enumerate USB device
[  698.971669][T11457] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  699.100409][T11457] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  699.338562][T11478] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1421'.
[  699.818106][T11480] dummy0: entered promiscuous mode
[  699.832633][T11480] dummy0: left promiscuous mode
[  700.352078][ T5877] usb 5-1: usb_control_msg returned -71
[  700.378030][ T5877] usbtmc 5-1:16.0: can't read capabilities
[  700.419809][ T5877] usb 5-1: USB disconnect, device number 26
[  701.283528][T11499] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  701.371406][T11501] fuse: Unknown parameter 'allo_ther'
[  703.045787][T11527] binder: BINDER_SET_CONTEXT_MGR already set
[  703.067511][T11527] binder: 11524:11527 ioctl 4018620d 2000000000c0 returned -16
[  703.157783][T11532] binder: BINDER_SET_CONTEXT_MGR already set
[  703.187054][T11532] binder: 11528:11532 ioctl 4018620d 2000000000c0 returned -16
[  703.194912][T11527] binder: BINDER_SET_CONTEXT_MGR already set
[  703.234687][T11527] binder: 11524:11527 ioctl 4018620d 200000000040 returned -16
[  703.246033][T11533] binder: BINDER_SET_CONTEXT_MGR already set
[  703.252049][T11533] binder: 11528:11533 ioctl 4018620d 200000000040 returned -16
[  704.365566][T11544] afs: Unknown parameter ''
[  704.460189][T11545] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  704.765858][T11549] FAULT_INJECTION: forcing a failure.
[  704.765858][T11549] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  704.843789][T11549] CPU: 1 UID: 0 PID: 11549 Comm: syz.5.1447 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  704.843811][T11549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  704.843820][T11549] Call Trace:
[  704.843826][T11549]  <TASK>
[  704.843833][T11549]  dump_stack_lvl+0x189/0x250
[  704.843856][T11549]  ? __lock_acquire+0xaac/0xd20
[  704.843878][T11549]  ? __pfx_dump_stack_lvl+0x10/0x10
[  704.843897][T11549]  ? __pfx__printk+0x10/0x10
[  704.843922][T11549]  ? __might_fault+0xb0/0x130
[  704.843953][T11549]  should_fail_ex+0x414/0x560
[  704.843971][T11549]  _copy_from_user+0x2d/0xb0
[  704.843993][T11549]  video_usercopy+0x354/0x14f0
[  704.844018][T11549]  ? smk_tskacc+0x2fc/0x370
[  704.844041][T11549]  ? __pfx___video_do_ioctl+0x10/0x10
[  704.844061][T11549]  ? __pfx_video_usercopy+0x10/0x10
[  704.844080][T11549]  ? smack_file_ioctl+0x2a9/0x340
[  704.844106][T11549]  ? __fget_files+0x3a0/0x420
[  704.844122][T11549]  v4l2_ioctl+0x18d/0x1e0
[  704.844143][T11549]  ? __pfx_v4l2_ioctl+0x10/0x10
[  704.844162][T11549]  __se_sys_ioctl+0xf9/0x170
[  704.844183][T11549]  do_syscall_64+0xf6/0x210
[  704.844203][T11549]  ? clear_bhb_loop+0x60/0xb0
[  704.844221][T11549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  704.844235][T11549] RIP: 0033:0x7fc6a478e969
[  704.844247][T11549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  704.844260][T11549] RSP: 002b:00007fc6a566b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  704.844275][T11549] RAX: ffffffffffffffda RBX: 00007fc6a49b5fa0 RCX: 00007fc6a478e969
[  704.844286][T11549] RDX: 00002000000002c0 RSI: 00000000c0585609 RDI: 0000000000000003
[  704.844295][T11549] RBP: 00007fc6a566b090 R08: 0000000000000000 R09: 0000000000000000
[  704.844304][T11549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  704.844313][T11549] R13: 0000000000000000 R14: 00007fc6a49b5fa0 R15: 00007ffd78ae9df8
[  704.844334][T11549]  </TASK>
[  705.622136][T11554] netlink: 16186 bytes leftover after parsing attributes in process `syz.6.1449'.
[  708.014442][T11592] binder: BINDER_SET_CONTEXT_MGR already set
[  708.020487][T11592] binder: 11588:11592 ioctl 4018620d 2000000000c0 returned -16
[  708.069452][T11594] binder: BINDER_SET_CONTEXT_MGR already set
[  708.105754][T11594] binder: 11588:11594 ioctl 4018620d 200000000040 returned -16
[  713.304548][T11646] binder: BINDER_SET_CONTEXT_MGR already set
[  713.363663][T11646] binder: 11640:11646 ioctl 4018620d 2000000000c0 returned -16
[  713.401690][T11649] binder: BINDER_SET_CONTEXT_MGR already set
[  713.435207][T11627] delete_channel: no stack
[  713.494493][T11651] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  713.914332][T11649] binder: 11640:11649 ioctl 4018620d 200000000040 returned -16
[  714.533673][ T5879] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  714.553140][T11660] input: syz0 as /devices/virtual/input/input64
[  715.566453][ T5879] usb 6-1: Using ep0 maxpacket: 32
[  715.663209][ T5879] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  715.678603][ T5879] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  715.734712][ T5879] usb 6-1: config 0 descriptor??
[  716.130183][ T5879] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  716.311450][ T5879] usb 6-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  716.500305][ T5879] usb 6-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  717.284183][T11680] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  717.913745][T11698] binder: BINDER_SET_CONTEXT_MGR already set
[  717.919900][T11698] binder: 11690:11698 ioctl 4018620d 2000000000c0 returned -16
[  718.075834][T11698] binder: BINDER_SET_CONTEXT_MGR already set
[  718.093893][T11698] binder: 11690:11698 ioctl 4018620d 200000000040 returned -16
[  719.798580][T11720] binder: BINDER_SET_CONTEXT_MGR already set
[  719.826954][T11720] binder: 11715:11720 ioctl 4018620d 2000000000c0 returned -16
[  719.911562][T11722] binder: BINDER_SET_CONTEXT_MGR already set
[  720.017354][T11722] binder: 11715:11722 ioctl 4018620d 200000000040 returned -16
[  720.453274][T11724] netlink: 'syz.0.1492': attribute type 10 has an invalid length.
[  720.461583][T11724] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1492'.
[  720.497897][   T30] kauditd_printk_skb: 785 callbacks suppressed
[  720.497914][   T30] audit: type=1800 audit(1748101480.667:947): pid=11727 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1493" name="SYSV00000000" dev="hugetlbfs" ino=33 res=0 errno=0
[  723.395345][T11755] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  723.910493][   T24] Process accounting resumed
[  727.037646][T11790] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1512'.
[  727.785012][ T5878] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  727.953834][ T5878] usb 5-1: Using ep0 maxpacket: 32
[  727.996336][ T5878] usb 5-1: config 0 has no interfaces?
[  728.059167][ T5878] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  728.105237][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.143900][ T5878] usb 5-1: Product: syz
[  728.162885][ T5878] usb 5-1: Manufacturer: syz
[  728.193530][ T5878] usb 5-1: SerialNumber: syz
[  728.311574][ T5878] usb 5-1: config 0 descriptor??
[  728.474611][ T5878] usb 5-1: can't set config #0, error -71
[  728.521785][ T5878] usb 5-1: USB disconnect, device number 27
[  729.248116][T10616] Process accounting resumed
[  732.944853][T11833] netlink: 'syz.5.1522': attribute type 1 has an invalid length.
[  733.765179][T11842] netlink: 16186 bytes leftover after parsing attributes in process `syz.5.1523'.
[  734.012012][T11849] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  734.585052][T10616] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  734.824250][T10616] usb 1-1: Using ep0 maxpacket: 32
[  734.838067][T10616] usb 1-1: config 0 has an invalid interface number: 239 but max is 0
[  734.847711][T10616] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  734.873059][T10616] usb 1-1: config 0 has no interface number 0
[  734.883443][T10616] usb 1-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  734.915834][T10616] usb 1-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  734.943651][T10616] usb 1-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[  734.973701][T10616] usb 1-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[  735.003687][T10616] usb 1-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[  735.025776][T10616] usb 1-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xD5, changing to 0x85
[  735.069956][T10616] usb 1-1: config 0 interface 239 altsetting 4 endpoint 0x85 has invalid wMaxPacketSize 0
[  735.122498][T10616] usb 1-1: config 0 interface 239 has no altsetting 0
[  735.171655][T10616] usb 1-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  735.876587][T10616] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  736.003967][T10616] usb 1-1: Product: syz
[  736.008196][T10616] usb 1-1: Manufacturer: syz
[  736.012805][T10616] usb 1-1: SerialNumber: syz
[  736.037363][T10616] usb 1-1: config 0 descriptor??
[  736.043727][T11844] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  736.051173][T11844] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  736.362791][T11844] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  737.249731][T11869] binder: 11868:11869 ioctl c0306201 200000000140 returned -14
[  737.403312][T10616] usb 1-1: USB disconnect, device number 49
[  737.859013][T11876] netlink: 'syz.2.1532': attribute type 10 has an invalid length.
[  738.111660][T11876] 8021q: adding VLAN 0 to HW filter on device bond0
[  738.568038][T11876] team0: Port device bond0 added
[  738.665419][T11884] FAULT_INJECTION: forcing a failure.
[  738.665419][T11884] name failslab, interval 1, probability 0, space 0, times 0
[  738.679057][T11884] CPU: 1 UID: 0 PID: 11884 Comm: syz.0.1533 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  738.679081][T11884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  738.679094][T11884] Call Trace:
[  738.679101][T11884]  <TASK>
[  738.679109][T11884]  dump_stack_lvl+0x189/0x250
[  738.679142][T11884]  ? __pfx_dump_stack_lvl+0x10/0x10
[  738.679168][T11884]  ? __pfx__printk+0x10/0x10
[  738.679199][T11884]  ? __pfx___might_resched+0x10/0x10
[  738.679227][T11884]  ? fs_reclaim_acquire+0x7d/0x100
[  738.679252][T11884]  should_fail_ex+0x414/0x560
[  738.679296][T11884]  should_failslab+0xa8/0x100
[  738.679316][T11884]  __kmalloc_noprof+0xcb/0x4f0
[  738.679345][T11884]  ? tomoyo_encode+0x28b/0x550
[  738.679376][T11884]  tomoyo_encode+0x28b/0x550
[  738.679408][T11884]  tomoyo_realpath_from_path+0x58d/0x5d0
[  738.679447][T11884]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  738.679470][T11884]  tomoyo_path_number_perm+0x1e8/0x5a0
[  738.679496][T11884]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  738.679522][T11884]  ? sb_end_write+0xe9/0x1c0
[  738.679544][T11884]  ? vfs_write+0x8d8/0xa90
[  738.679608][T11884]  ? ksys_write+0x1e1/0x250
[  738.679641][T11884]  ? rcu_is_watching+0x15/0xb0
[  738.679676][T11884]  security_file_ioctl+0xcb/0x2d0
[  738.679702][T11884]  __se_sys_ioctl+0x47/0x170
[  738.679732][T11884]  do_syscall_64+0xf6/0x210
[  738.679759][T11884]  ? clear_bhb_loop+0x60/0xb0
[  738.679784][T11884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  738.679818][T11884] RIP: 0033:0x7fcc6c98e969
[  738.679834][T11884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  738.679850][T11884] RSP: 002b:00007fcc6d7d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  738.679870][T11884] RAX: ffffffffffffffda RBX: 00007fcc6cbb6160 RCX: 00007fcc6c98e969
[  738.679883][T11884] RDX: 0000200000000180 RSI: 00000000c01064c2 RDI: 0000000000000006
[  738.679896][T11884] RBP: 00007fcc6d7d3090 R08: 0000000000000000 R09: 0000000000000000
[  738.679907][T11884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  738.679918][T11884] R13: 0000000000000000 R14: 00007fcc6cbb6160 R15: 00007ffe4d98bf88
[  738.679947][T11884]  </TASK>
[  738.679991][T11884] ERROR: Out of memory at tomoyo_realpath_from_path.
[  739.441885][T11888] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1535'.
[  740.423765][ T1214] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  740.715907][ T1214] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  740.748358][ T1214] usb 5-1: New USB device found, idVendor=1bc7, idProduct=9010, bcdDevice=36.53
[  740.787513][ T1214] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  740.941112][ T1214] usb 5-1: config 0 descriptor??
[  741.111802][ T1214] option 5-1:0.0: GSM modem (1-port) converter detected
[  741.546749][T11909] openvswitch: netlink: Duplicate or invalid key (type 0).
[  741.554854][T11909] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  742.300179][T11917] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  742.840983][   T79] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  743.990544][T10616] usb 5-1: USB disconnect, device number 28
[  744.012981][T10616] option 5-1:0.0: device disconnected
[  744.032557][T11925] binder: BINDER_SET_CONTEXT_MGR already set
[  744.057614][   T79] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  744.060194][T11925] binder: 11922:11925 ioctl 4018620d 2000000000c0 returned -16
[  744.125715][T10223] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  744.139371][T10223] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  744.147306][T10223] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  744.155193][T10223] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  744.162762][T10223] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  744.180164][T11925] binder: BINDER_SET_CONTEXT_MGR already set
[  744.336391][T11925] binder: 11922:11925 ioctl 4018620d 200000000040 returned -16
[  744.859036][   T79] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  745.075554][   T79] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  745.837141][T11927] lo speed is unknown, defaulting to 1000
[  746.244599][ T5822] Bluetooth: hci4: command tx timeout
[  747.560447][T11964] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  748.364838][ T5822] Bluetooth: hci4: command tx timeout
[  748.412819][T11976] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1559'.
[  748.636995][T11985] trusted_key: encrypted_key: insufficient parameters specified
[  750.118906][   T79] team0: Port device geneve0 removed
[  750.353842][T12003] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4278124544 (8556249088 ns) > initial count (184 ns). Using initial count to start timer.
[  750.413086][T12004] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1565'.
[  750.425723][ T5822] Bluetooth: hci4: command tx timeout
[  750.513355][   T79] bond0 (unregistering): Released all slaves
[  751.234085][ T5877] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  751.553826][ T5877] usb 1-1: Using ep0 maxpacket: 8
[  751.669058][ T5877] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  751.679687][T11927] chnl_net:caif_netlink_parms(): no params data found
[  751.702330][ T5877] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  751.731393][ T5877] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  751.769091][ T5877] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  751.838176][ T5877] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  751.904349][ T5877] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  751.943969][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  752.069207][T12027] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  752.484594][ T5822] Bluetooth: hci4: command tx timeout
[  752.509692][T12010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  752.564341][T12010] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  752.758599][T12036] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1566'.
[  752.931702][   T79] tipc: Disabling bearer <udp:syz2>
[  752.947756][   T79] tipc: Left network mode
[  752.952667][T11927] bridge0: port 1(bridge_slave_0) entered blocking state
[  752.980817][T11927] bridge0: port 1(bridge_slave_0) entered disabled state
[  753.023728][T11927] bridge_slave_0: entered allmulticast mode
[  753.044597][ T5877] usb 1-1: usb_control_msg returned -71
[  753.050242][ T5877] usbtmc 1-1:16.0: can't read capabilities
[  753.203509][T11927] bridge_slave_0: entered promiscuous mode
[  753.863746][ T5877] usb 1-1: USB disconnect, device number 50
[  754.044884][T11927] bridge0: port 2(bridge_slave_1) entered blocking state
[  754.082526][T11927] bridge0: port 2(bridge_slave_1) entered disabled state
[  754.123012][T11927] bridge_slave_1: entered allmulticast mode
[  754.153308][T11927] bridge_slave_1: entered promiscuous mode
[  754.182946][T12045] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  756.416950][   T30] audit: type=1800 audit(1748101516.447:948): pid=12067 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.2.1576" name="/newroot/338/bus" dev="tmpfs" ino=1789 res=0 errno=0
[  757.392894][T12068] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  757.528717][T11927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  757.587933][T11927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  757.594685][T12077] mmap: syz.5.1578 (12077) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  757.824831][T12084] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  758.594437][T12090] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1581'.
[  759.320121][   T79] hsr_slave_0: left promiscuous mode
[  759.343961][   T79] hsr_slave_1: left promiscuous mode
[  759.409347][   T79] veth1_macvtap: left promiscuous mode
[  759.433760][   T79] veth0_macvtap: left promiscuous mode
[  759.449776][   T79] veth1_vlan: left promiscuous mode
[  759.472446][   T79] veth0_vlan: left promiscuous mode
[  764.081265][T11927] team0: Port device team_slave_0 added
[  764.101293][T11927] team0: Port device team_slave_1 added
[  764.119295][T12099] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  764.230440][T10616] lo speed is unknown, defaulting to 1000
[  764.248357][T10616] infiniband syz0: ib_query_port failed (-19)
[  764.314004][ T5880] usb 5-1: new full-speed USB device number 29 using dummy_hcd
[  764.487178][T11927] batman_adv: batadv0: Adding interface: batadv_slave_0
[  764.522115][T11927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  764.589433][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  764.900999][ T5880] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  764.923501][T11927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  764.972602][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  765.126254][ T5880] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  765.138014][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  765.168575][ T5880] usb 5-1: Product: syz
[  765.172778][ T5880] usb 5-1: Manufacturer: syz
[  765.210753][ T5880] usb 5-1: SerialNumber: syz
[  765.219866][T11927] batman_adv: batadv0: Adding interface: batadv_slave_1
[  765.249691][ T5880] usb 5-1: config 0 descriptor??
[  765.256442][T11927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  765.289358][T12118] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  765.324549][T12118] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  765.325529][T11927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  765.353934][ T5880] usb 5-1: ucan: probing device on interface #0
[  765.759688][ T5878] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  765.887952][ T5880] usb 5-1: ucan: device protocol version 65539 is not supported
[  765.983004][ T5880] usb 5-1: ucan: probe failed; try to update the device firmware
[  766.242972][ T5878] usb 1-1: Using ep0 maxpacket: 8
[  766.284745][ T5878] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  766.293003][ T5878] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  766.319439][ T5878] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  766.363794][ T5878] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  766.403743][ T5878] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  766.407797][T12146] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  766.433718][ T5878] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  766.442825][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.782411][T12152] binder: BINDER_SET_CONTEXT_MGR already set
[  766.802250][T12152] binder: 12150:12152 ioctl 4018620d 2000000000c0 returned -16
[  766.818128][T12140] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  766.855077][T12140] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  766.898147][T11927] hsr_slave_0: entered promiscuous mode
[  766.924215][T12152] binder: BINDER_SET_CONTEXT_MGR already set
[  767.544690][T12152] binder: 12150:12152 ioctl 4018620d 200000000040 returned -16
[  767.565716][T11927] hsr_slave_1: entered promiscuous mode
[  767.635533][T11927] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  767.643158][T11927] Cannot create hsr debugfs directory
[  767.660706][T12160] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1595'.
[  767.739087][   T10] usb 5-1: USB disconnect, device number 29
[  768.667629][ T5878] usb 1-1: usb_control_msg returned -71
[  769.013794][ T5878] usbtmc 1-1:16.0: can't read capabilities
[  769.029668][ T5878] usb 1-1: USB disconnect, device number 51
[  771.006313][T12190] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4278124544 (8556249088 ns) > initial count (184 ns). Using initial count to start timer.
[  771.133532][T12190] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1605'.
[  771.489655][T12196] syz.2.1606: attempt to access beyond end of device
[  771.489655][T12196] loop5: rw=4096, sector=2, nr_sectors = 2 limit=0
[  771.610955][T12196] EXT4-fs (loop5): unable to read superblock
[  771.774097][T12201] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  772.323451][T12204] Bluetooth: MGMT ver 1.23
[  772.357423][   T30] audit: type=1326 audit(1748101532.527:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12203 comm="syz.5.1608" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc6a478e969 code=0x0
[  773.166306][T11927] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  773.218512][T11927] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  773.316322][T12215] binder: BINDER_SET_CONTEXT_MGR already set
[  773.327489][T12215] binder: 12213:12215 ioctl 4018620d 2000000000c0 returned -16
[  773.345595][T11927] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  773.382055][T11927] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  773.409593][T12215] binder: BINDER_SET_CONTEXT_MGR already set
[  773.634897][T12215] binder: 12213:12215 ioctl 4018620d 200000000040 returned -16
[  776.307443][T11927] 8021q: adding VLAN 0 to HW filter on device bond0
[  776.913710][T11927] 8021q: adding VLAN 0 to HW filter on device team0
[  776.997184][ T6088] bridge0: port 1(bridge_slave_0) entered blocking state
[  777.004337][ T6088] bridge0: port 1(bridge_slave_0) entered forwarding state
[  777.267046][T11069] bridge0: port 2(bridge_slave_1) entered blocking state
[  777.274277][T11069] bridge0: port 2(bridge_slave_1) entered forwarding state
[  777.510978][T12244] binder: BINDER_SET_CONTEXT_MGR already set
[  777.546933][T12244] binder: 12242:12244 ioctl 4018620d 2000000000c0 returned -16
[  777.631234][T12244] binder: BINDER_SET_CONTEXT_MGR already set
[  777.670536][T12244] binder: 12242:12244 ioctl 4018620d 200000000040 returned -16
[  777.929895][ T5879] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  777.968770][ T5879] dvb_usb_az6027 6-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  778.011510][ T5879] usb 6-1: USB disconnect, device number 26
[  778.049884][T12259] syz.2.1621: attempt to access beyond end of device
[  778.049884][T12259] loop5: rw=4096, sector=2, nr_sectors = 2 limit=0
[  778.106452][T12259] EXT4-fs (loop5): unable to read superblock
[  779.195401][T11927] 8021q: adding VLAN 0 to HW filter on device batadv0
[  781.559126][T12299] netlink: 16186 bytes leftover after parsing attributes in process `syz.5.1628'.
[  781.863043][T12306] loop6: detected capacity change from 0 to 524287999
[  782.529871][T12306] Dev loop6: unable to read RDB block 8
[  782.539924][T12306]  loop6: unable to read partition table
[  782.548182][T12306] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  784.171775][T11927] veth0_vlan: entered promiscuous mode
[  784.452118][T12319] syz.2.1633: attempt to access beyond end of device
[  784.452118][T12319] loop5: rw=4096, sector=2, nr_sectors = 2 limit=0
[  784.465382][T12319] EXT4-fs (loop5): unable to read superblock
[  784.639959][T11927] veth1_vlan: entered promiscuous mode
[  785.050736][T11927] veth0_macvtap: entered promiscuous mode
[  786.247424][T11927] veth1_macvtap: entered promiscuous mode
[  786.438077][T11927] batman_adv: batadv0: Interface activated: batadv_slave_0
[  786.481129][T11927] batman_adv: batadv0: Interface activated: batadv_slave_1
[  786.525494][T11927] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  786.548632][T11927] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  786.572723][T11927] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  786.596057][T11927] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  786.643984][ T5877] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  786.805745][ T5877] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  786.830816][ T5877] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  786.860453][ T5877] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  786.874755][  T149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  786.882595][  T149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  786.943788][T10616] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  787.023679][ T5877] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  787.032786][ T5877] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  787.083727][ T5877] usb 6-1: config 0 descriptor??
[  787.110966][ T5877] hub 6-1:0.0: USB hub found
[  787.160621][ T6088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  787.218123][T10616] usb 5-1: Using ep0 maxpacket: 16
[  787.226541][T12347] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  787.374138][ T5877] hub 6-1:0.0: config failed, can't read hub descriptor (err -90)
[  787.672977][ T6088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  787.694815][ T5877] usb 6-1: USB disconnect, device number 27
[  787.721346][T10616] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  787.758766][T10616] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  787.817200][T10616] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  787.859145][T10616] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.885814][T10616] usb 5-1: Product: syz
[  787.899037][T10616] usb 5-1: Manufacturer: syz
[  787.901336][    C0] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] SMP KASAN PTI
[  787.910796][T10616] usb 5-1: SerialNumber: syz
[  787.916219][    C0] KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
[  787.916243][    C0] CPU: 0 UID: 0 PID: 12342 Comm: kworker/0:0 Not tainted 6.15.0-rc7-syzkaller-00142-g4856ebd99715 #0 PREEMPT(full) 
[  787.916269][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  787.916284][    C0] Workqueue: mld mld_dad_work
[  787.916312][    C0] RIP: 0010:nexthop_is_blackhole+0x23/0x2c0
[  787.916336][    C0] Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 48 89 fb 49 bf 00 00 00 00 00 fc ff df e8 58 a9 b8 f7 4c 8d 73 66 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 18 02 00 00 41 80 3e 00 74 41 48 83 eb
[  787.916354][    C0] RSP: 0018:ffffc90000007218 EFLAGS: 00010202
[  787.916372][    C0] RAX: 000000000000000e RBX: 000000000000000a RCX: ffff88802f219e00
[  787.916386][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 000000000000000a
[  787.916398][    C0] RBP: ffffc90000007398 R08: ffffc900000074c0 R09: ffffc900000074d0
[  787.916414][    C0] R10: ffffc90000007320 R11: fffff52000000e66 R12: 1ffffffff339d2d4
[  787.916430][    C0] R13: ffffffff99ce96f0 R14: 0000000000000070 R15: dffffc0000000000
[  787.916445][    C0] FS:  0000000000000000(0000) GS:ffff8881260f6000(0000) knlGS:0000000000000000
[  787.916463][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  787.916478][    C0] CR2: 00007f9684265760 CR3: 000000007f97e000 CR4: 00000000003526f0
[  787.916497][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  788.059066][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  788.067136][    C0] Call Trace:
[  788.070412][    C0]  <IRQ>
[  788.073258][    C0]  __find_rr_leaf+0x428/0x6d0
[  788.077956][    C0]  ? __pfx___find_rr_leaf+0x10/0x10
[  788.083169][    C0]  fib6_table_lookup+0x53f/0xa80
[  788.088110][    C0]  ? rb_event_length+0x148/0x400
[  788.093066][    C0]  ? __pfx_fib6_table_lookup+0x10/0x10
[  788.098538][    C0]  ? ip6_pol_route+0x162/0x1180
[  788.103395][    C0]  ip6_pol_route+0x222/0x1180
[  788.108091][    C0]  ? __pfx_ip6_pol_route+0x10/0x10
[  788.113391][    C0]  ? ring_buffer_lock_reserve+0xc3f/0x1010
[  788.119225][    C0]  ? rb_commit+0x781/0x7e0
[  788.123659][    C0]  fib6_rule_lookup+0x52f/0x6f0
[  788.128515][    C0]  ? __pfx_ip6_pol_route_input+0x10/0x10
[  788.134192][    C0]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  788.139593][    C0]  ? ipvlan_addr_lookup+0x300/0x550
[  788.144820][    C0]  ? __pfx_ipvlan_addr_lookup+0x10/0x10
[  788.150391][    C0]  ? ipvlan_get_L3_hdr+0x1ed/0xc10
[  788.155523][    C0]  ip6_route_input+0x6ce/0xa50
[  788.160297][    C0]  ? __pfx_ip6_route_input+0x10/0x10
[  788.165597][    C0]  ? __pfx_ipvlan_l3_rcv+0x10/0x10
[  788.170719][    C0]  ? __lock_acquire+0xaac/0xd20
[  788.175585][    C0]  ? ip6_rcv_finish_core+0x222/0x420
[  788.180891][    C0]  ? __pfx_ipvlan_l3_rcv+0x10/0x10
[  788.186008][    C0]  ip6_rcv_finish+0x141/0x2d0
[  788.190689][    C0]  NF_HOOK+0x30c/0x3a0
[  788.194759][    C0]  ? skb_orphan+0x4c/0xd0
[  788.199105][    C0]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  788.204312][    C0]  ? NF_HOOK+0x9a/0x3a0
[  788.208473][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  788.213068][    C0]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  788.218273][    C0]  __netif_receive_skb+0xd3/0x380
[  788.223299][    C0]  ? process_backlog+0x2d5/0x14f0
[  788.228341][    C0]  process_backlog+0x60e/0x14f0
[  788.233201][    C0]  ? rcu_is_watching+0x15/0xb0
[  788.237980][    C0]  ? __pfx_process_backlog+0x10/0x10
[  788.243270][    C0]  __napi_poll+0xc4/0x480
[  788.247602][    C0]  ? net_rx_action+0x447/0xdf0
[  788.252372][    C0]  net_rx_action+0x6ea/0xdf0
[  788.256971][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  788.262124][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  788.267333][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[  788.272642][    C0]  handle_softirqs+0x283/0x870
[  788.277418][    C0]  ? do_softirq+0xec/0x180
[  788.281843][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  788.287192][    C0]  ? __dev_queue_xmit+0x27e/0x3a70
[  788.292327][    C0]  do_softirq+0xec/0x180
[  788.296583][    C0]  </IRQ>
[  788.299507][    C0]  <TASK>
[  788.302434][    C0]  ? __pfx_do_softirq+0x10/0x10
[  788.307293][    C0]  ? lockdep_softirqs_on+0x13b/0x1c0
[  788.312585][    C0]  __local_bh_enable_ip+0x17d/0x1c0
[  788.317791][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  788.323616][    C0]  ? __dev_queue_xmit+0x27e/0x3a70
[  788.328756][    C0]  ? __dev_queue_xmit+0x27e/0x3a70
[  788.333870][    C0]  ? __dev_queue_xmit+0x27e/0x3a70
[  788.338987][    C0]  __dev_queue_xmit+0x1cd7/0x3a70
[  788.344028][    C0]  ? __dev_queue_xmit+0x27e/0x3a70
[  788.349152][    C0]  ? __pfx_fib_rules_lookup+0x10/0x10
[  788.354528][    C0]  ? __pfx___dev_queue_xmit+0x10/0x10
[  788.359905][    C0]  ? l3mdev_update_flow+0x4d1/0x640
[  788.365108][    C0]  ? __lock_acquire+0xaac/0xd20
[  788.369963][    C0]  ? __lock_acquire+0xaac/0xd20
[  788.374825][    C0]  ? ip6_finish_output+0x234/0x7d0
[  788.379930][    C0]  ? ip6_finish_output2+0xf99/0x16a0
[  788.385214][    C0]  ip6_finish_output2+0x11bc/0x16a0
[  788.390407][    C0]  ? ip6_finish_output2+0x701/0x16a0
[  788.395691][    C0]  ? __pfx_ip6_finish_output2+0x10/0x10
[  788.401236][    C0]  ? ip6_mtu+0x7d/0x3f0
[  788.405396][    C0]  ? ip6_mtu+0x7d/0x3f0
[  788.409550][    C0]  ip6_finish_output+0x234/0x7d0
[  788.414493][    C0]  NF_HOOK+0x9e/0x380
[  788.418480][    C0]  ? NF_HOOK+0x101/0x380
[  788.422723][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  788.427316][    C0]  ? __pfx_dst_output+0x10/0x10
[  788.432171][    C0]  ? icmp6_dst_alloc+0x3a5/0x420
[  788.437116][    C0]  ? icmp6_dst_alloc+0x3a5/0x420
[  788.442060][    C0]  mld_sendpack+0x800/0xd80
[  788.446567][    C0]  ? __asan_memcpy+0x40/0x70
[  788.451170][    C0]  ? mld_sendpack+0x1de/0xd80
[  788.455851][    C0]  ? __pfx_mld_sendpack+0x10/0x10
[  788.460885][    C0]  ? mld_send_initial_cr+0x2f7/0x4c0
[  788.466204][    C0]  ? process_scheduled_works+0x9ec/0x17a0
[  788.471939][    C0]  mld_dad_work+0x45/0x520
[  788.476362][    C0]  ? process_scheduled_works+0x9ec/0x17a0
[  788.482089][    C0]  process_scheduled_works+0xade/0x17a0
[  788.487657][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  788.493650][    C0]  worker_thread+0x8a0/0xda0
[  788.498250][    C0]  kthread+0x711/0x8a0
[  788.502325][    C0]  ? __pfx_worker_thread+0x10/0x10
[  788.507439][    C0]  ? __pfx_kthread+0x10/0x10
[  788.512033][    C0]  ? __pfx_kthread+0x10/0x10
[  788.516628][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  788.521825][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  788.527026][    C0]  ? __pfx_kthread+0x10/0x10
[  788.531614][    C0]  ret_from_fork+0x4b/0x80
[  788.536027][    C0]  ? __pfx_kthread+0x10/0x10
[  788.540616][    C0]  ret_from_fork_asm+0x1a/0x30
[  788.545424][    C0]  </TASK>
[  788.548476][    C0] Modules linked in:
[  788.552510][    C0] ---[ end trace 0000000000000000 ]---
[  788.558046][    C0] RIP: 0010:nexthop_is_blackhole+0x23/0x2c0
[  788.564042][    C0] Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 48 89 fb 49 bf 00 00 00 00 00 fc ff df e8 58 a9 b8 f7 4c 8d 73 66 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 18 02 00 00 41 80 3e 00 74 41 48 83 eb
[  788.583688][    C0] RSP: 0018:ffffc90000007218 EFLAGS: 00010202
[  788.589757][    C0] RAX: 000000000000000e RBX: 000000000000000a RCX: ffff88802f219e00
[  788.597738][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 000000000000000a
[  788.605719][    C0] RBP: ffffc90000007398 R08: ffffc900000074c0 R09: ffffc900000074d0
[  788.613707][    C0] R10: ffffc90000007320 R11: fffff52000000e66 R12: 1ffffffff339d2d4
[  788.621676][    C0] R13: ffffffff99ce96f0 R14: 0000000000000070 R15: dffffc0000000000
[  788.629656][    C0] FS:  0000000000000000(0000) GS:ffff8881260f6000(0000) knlGS:0000000000000000
[  788.638596][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  788.645186][    C0] CR2: 00007f9684265760 CR3: 000000007f97e000 CR4: 00000000003526f0
[  788.653153][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  788.661132][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  788.669122][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[  788.676663][    C0] Kernel Offset: disabled
[  788.680982][    C0] Rebooting in 86400 seconds..