last executing test programs:

5m10.674273743s ago: executing program 1 (id=696):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
prctl$PR_MCE_KILL(0x21, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000010000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1b, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004, @void, @value}, 0x94)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0xe22}, 0x1c)
socket$netlink(0x10, 0x3, 0x8000000004)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x80c20001000001}]}}}]}, 0x40}}, 0x0)

5m5.155738777s ago: executing program 1 (id=713):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x9, 0x204c01)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000180)={&(0x7f0000000080)=[<r2=>0x0, 0x0, 0x0, 0x0, 0x0], 0x5})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000200)={0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000280)={&(0x7f0000000240)=[0x0], 0x1, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000340)={r2, r3, r4, 0x0, 0x0, 0x1, &(0x7f0000000300)=[0x0]})
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025647a31000000000900010073797a3000000000080005400000001c"], 0xe0}, 0x1, 0x0, 0x0, 0x391b55a76fde6ce1}, 0x4840)

5m4.772743043s ago: executing program 1 (id=717):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000170000000000000000791010000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000740)={0xe, 0x3, {0x7, @struct={0x1, 0xd}, 0x0, 0x7db, 0x7, 0x4, 0x2, 0x9, 0x50, @struct={0x8761, 0x5}, 0x9, 0x49, [0x4, 0x0, 0x6, 0x2, 0x602, 0x8]}, {0x401, @struct={0x7ff, 0x7f}, 0x0, 0x5e, 0x2, 0x1, 0x6, 0x100000000, 0x6c, @struct={0x2, 0x9}, 0x7, 0x3, [0x4165, 0xd, 0x0, 0x6, 0xffffffffffffff19, 0x8]}, {0x1, @struct={0x2, 0x1}, 0x0, 0x8, 0x101, 0x0, 0x9, 0x200000000000007, 0x0, @usage=0x6, 0x0, 0x5, [0x81, 0x5, 0x200000000000000, 0x7, 0xffffffffffffffff, 0x55]}, {0x2, 0x0, 0x5f5}})
socket$isdn(0x22, 0x2, 0x26)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f0000000600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x20, r1, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x40090)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000010c0)=[{{&(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20004804}}], 0x1, 0x0)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f00000000c0)={r4, r4, r4}, 0xffffffffffffffff, 0xfe, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000b40)=@nat={'nat\x00', 0x1b, 0x5, 0x398, 0xb8, 0x258, 0xffffffff, 0x0, 0x258, 0x300, 0x300, 0xffffffff, 0x300, 0x300, 0x5, &(0x7f0000000180), {[{{@ip={@remote, @multicast2, 0xff, 0xffffff, 'veth0_to_bridge\x00', 'nicvf0\x00', {0xff}, {0xff}, 0x4, 0x1, 0x30}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x4, @ipv4=@rand_addr=0x64010101, @ipv4=@multicast1, @icmp_id=0x68, @port=0x4e23}}}, {{@uncond, 0x0, 0xc0, 0xf8, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0x2, 0x2}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @multicast2, @local, @port=0x4e23, @port=0x4e23}}}}, {{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @empty, 0xffffffff, 0x0, 'pim6reg0\x00', 'caif0\x00', {}, {0xff}, 0x2e, 0x1, 0xe}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x14, @private=0xa010100, @local, @port=0x4e24, @gre_key=0x1}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x8, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @port=0x4e24, @gre_key=0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f8)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r6 = socket(0xa, 0x2400000001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000034000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r6, 0x29, 0x2a, &(0x7f0000000480)={0x3, {{0xa, 0x4, 0x0, @mcast1}}}, 0x88)
getsockopt$inet6_buf(r6, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f0000002280)=0x90)
unshare(0x68040200)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)

5m4.197900377s ago: executing program 1 (id=719):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x1000)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, 0x0, &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000400)={[{@nfs_export_off, 0x3a}], [{@euid_lt={'euid<', 0xee01}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@flag='rw'}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}], 0x2f})
r3 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000001900010008000000fbdb000000001400001100055ca40000"], 0x1c}}, 0x8000)
fsetxattr$security_ima(r3, &(0x7f0000000040), &(0x7f0000000280)=ANY=[@ANYBLOB], 0xfe49, 0x0)
execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x400)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x8001, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r5 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_int(r5, 0x0, 0x32, &(0x7f0000000040)=0xb, 0x4)
bind$inet(r5, &(0x7f0000000140)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f00000000c0)='macvlan0\x00', 0x10)
sendmsg$inet(r5, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e24, @remote}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000200)="08001efbb07d0000", 0x8}, {&(0x7f0000000180)="d0849e99c27f", 0x6}], 0x2, 0x0, 0x0, 0x60000000}, 0x20000004)
unshare(0x22020600)
r6 = getpgid(0x0)
r7 = syz_pidfd_open(r6, 0x0)
pidfd_send_signal(r7, 0x1, 0x0, 0x4)

5m1.328781843s ago: executing program 1 (id=726):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x25}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x20, 0x9a2, 0x2000})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet(0x2, 0x4000000805, 0x0)
sendmmsg(r1, &(0x7f0000000e40)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000008400000005"], 0x18}}], 0x2, 0x844)

5m0.986941279s ago: executing program 1 (id=730):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x2}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x4, 0x20, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r1, 0x0, 0x0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
getsockopt$bt_BT_POWER(r2, 0x112, 0x9, 0x0, &(0x7f00000003c0)=0x3f)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r5, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
io_submit(0x0, 0x1, &(0x7f0000000340)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x6, r0, &(0x7f00000005c0)="0d6cf014c1eae8d5163e42f8a2e32f572c816e6256bd299b41701444c9c42b299d17fe21dce4b0a269130d358b5a0e2fd56ae20288778b2f7af105c80b4f096f4514e7c6ce5e764faf31e3f77b42eb2b26e3eccf89548e6286c7af59fbaf4d736a81b627b70f7280ca087e67ab1401ce4aaa61ff44c9a3550fbd8eaaefa2203653e910a42a787a85e2", 0x89, 0xce49}])
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000900)=ANY=[@ANYBLOB="1808000060000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bc0908000000000035090100000000009500000000070000b7020000000000007b9a00fe000000006609000000000000dbaaf0ff50000000bf8620000000000007080000f8ffffffbfa400000000000007040000f0ffffff770000000800000018220000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000010000008500000007000000b700000000000000950000000000b0a7621d50e6f9a36ed20000b6f9a7b40b9aa43b446a94dfcf"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000a40)={0x3c, 0x0, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}, {0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xffffffff, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

4m44.318579068s ago: executing program 32 (id=730):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x2}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x4, 0x20, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r1, 0x0, 0x0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
getsockopt$bt_BT_POWER(r2, 0x112, 0x9, 0x0, &(0x7f00000003c0)=0x3f)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r5, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
io_submit(0x0, 0x1, &(0x7f0000000340)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x6, r0, &(0x7f00000005c0)="0d6cf014c1eae8d5163e42f8a2e32f572c816e6256bd299b41701444c9c42b299d17fe21dce4b0a269130d358b5a0e2fd56ae20288778b2f7af105c80b4f096f4514e7c6ce5e764faf31e3f77b42eb2b26e3eccf89548e6286c7af59fbaf4d736a81b627b70f7280ca087e67ab1401ce4aaa61ff44c9a3550fbd8eaaefa2203653e910a42a787a85e2", 0x89, 0xce49}])
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000900)=ANY=[@ANYBLOB="1808000060000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bc0908000000000035090100000000009500000000070000b7020000000000007b9a00fe000000006609000000000000dbaaf0ff50000000bf8620000000000007080000f8ffffffbfa400000000000007040000f0ffffff770000000800000018220000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000010000008500000007000000b700000000000000950000000000b0a7621d50e6f9a36ed20000b6f9a7b40b9aa43b446a94dfcf"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000a40)={0x3c, 0x0, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}, {0xc, 0x1, 0x0, 0x1, {0x8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xffffffff, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

2m54.933228367s ago: executing program 4 (id=1059):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
r4 = socket(0x1e, 0x1, 0x0)
connect$tipc(r4, &(0x7f0000000000)=@name={0x1e, 0x2, 0x3, {{0x1, 0x1}}}, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x15)
writev(r5, &(0x7f0000000080)=[{&(0x7f0000000180)="580000001400192340834b80040d8c561e067f0202ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000c0c100000000000000003a0", 0x58}], 0x1)
r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r8 = accept4(r7, 0x0, 0x0, 0x80800)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="100000000f1400042dbd7000fbc9df25ed79d95b869fc8d0e9b15014e15f166008786e43735e6ea89ef54cd4ec15cbfe0934ed41d6c6408705223bfd1bd82d37dae3cf0fb081d81a8bc967c7d3089e07f098a1aff155e7fdd522d7682af468fedea0655674408e712accf76a67cb74497739ce13889d6d9e0215d6623415ede1e760d69dfa74c9a555934a1a9ed854f53b6fee6d632c6014012b4a0be776bb4ab7a1"], 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x4004)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01004000000000000203440000000800", @ANYRESDEC=r10, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140002"], 0x4c}}, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(r8, &(0x7f00000005c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="03007ee4cd73968b6bfcf7c708000000", @ANYBLOB="000428bd7000fbdbdf25340000000c009900260300000b0000001d003400bc25e817b6c6ff93aa6ddf447ac43e153869aaa0ba5d3ef10a00000008001f010d00000008001f01080000000600fd00030000001400fe006b57e31b500b462812210e73a80249d50f003400216afec51f101d3ff27d3a00240034007539734874c015a0d8f36e728c7b12536d550a9d90e60f74859e132f777078b008001f0101010000"], 0xa8}, 0x1, 0x0, 0x0, 0x4048010}, 0x800)
sendmsg$WG_CMD_GET_DEVICE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000700)=ANY=[@ANYBLOB="8c010000", @ANYRES16=r6, @ANYBLOB="01032cbd7000fe9bdf2500000000080007000300000070010880e000008024000200c6cd9da8bfd3659425c87fd0563990c3a9a34b37b9f69d00ec3cc3eaa4e784e701c99a98157524000100975c9d81c983c8209ee781254b7f9f8ed925ae9f0923c23c62f53c57cdbf691c24000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cd2c8edef6000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b200004000a004e2300000002fc0000000000000000000000000000000700000024000200dea97e5f06498f46ac16c1181194ecec4126908c0dbabc61a5a412096fa8d2ca08000a00010000008c000080060005000010ef0a00000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c2400011df44da367a88ee6564ff00211456727082f5cebee8b1bf5eb7337341b459b3922060005004f00000008000a000100000008000a0001000000200004000a004e22000100010000000000000000000000070000000000000000d3553b568d20dd0bd90424fff0e9a3599e998395c763cbe696584becd8658dda41ff26c90d0539024e227afcc2647d1c76c780ebf00bb8744116d54474031c9e1199c7745fb82211b9a7d9a00497464193a18cc4180e2022391ea7c3bede3ec88e73dd402d4fc390cd0d9717ba1299d6ca36ae89bf1426cb6b668c2e24e2e3ad4efca3d4709c817693145c2d55cd11e1fe62f8547156bea888df8f374832a45e158f572d3da7dcf02309c9670af2bb2cd5edd2522c7ddf1a617ec39bad6c1ad7a2dc150db004ec0e8031489f5286b0f9099e8e5b2360838d9343afd7a648f8e37c7d491ff60f7b104e231257"], 0x18c}, 0x1, 0x0, 0x0, 0xc0}, 0x20040000)

2m51.670722832s ago: executing program 4 (id=1072):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
getpid()
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="60000000020605000000000000000000010000000500040000000054942b77a2a0000900020073797a310000000014000780080008400000020205001400810000000502050002000600000011000300686173683a6e65742c6e8a24eac72ad4c2be7bb12481c4f2a63b8113bbe0e6c319f14fe1fd70eb01c7c71e4a4a9d4f5e0964131d50a157e71b2e7623631d5e7702faf1a083caa8c25ffe30a6ca2b778a56571147d056c5caa9d90e053989318cb1b184f46b46db8cc408b6537fdf8acd9173a7fa00"/210], 0x60}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000bc0)={0x1014, 0x15, 0x1, 0x0, 0x0, {0xf}, [@generic="f99949964d2046c1ce3f5cdb28e8bcc18ba42f6ee51e4f77689df31fdd795770168c35737005b79db52df7309e33df462db718a8c5fbec6428e06d513d843a3b6614a121f8e403d41a00037fbd31291368e2580bab3daa5dd5e7d1db27f5f0f1e0878100562aee19749d3c091a6dcf4b26b695605321248505572750c2d328e241d59cd942651919dda86e801b2566527304d5a0f32d076602ba5c8531a675ad9faefd35bfd856576a0206083af642fc49557d6ec572a9972069fb04c1154a9f6e07da01f326476371b558495e48dbef96ad9f46553bf51223b18898ef95462ea8148e1f22544a24b6a37913de6309f4100f51a5834da902b60148daac90134181e2b26d526776a9772fda883fcc97dfb29802248350b8e4359b84269c872d93a420d1a6bcc4fcf614955cbc501ed1acbb172c9c78455b6905bd36aa3419dc1b0a28d81b716f90252a525c9a3050edc1990e6908c7d1a5a2c55db66eb651320f5950b048ff892bbad8ecc54274bb5f53f9679fb7f4e44487783f4e2f28ecd5e959e7a8b8a2b3f57c58466f752502060d2498cf25b647656ead081f1120f69f8e10fe29bf671d02ca257d6b8106f6991ce821c1b916a69c7048b9e404d90d1ac75c6b5904b12c2a71bed6dae70688dd68eab9a42a60fc8b5b81c257b03179775212facafebe5836e6b3a77b305a4e9476d5734006aa78ab5b3b6253bf9d10f0baa69403bdec5fd96d0a6c54c7b9365da4b528dc0d4c4f06d2175e739ee175a5c08afa6958ea4efa91f23bd4b86c0bea28351fe47b802e3d9bf29e22b45bf4cda56b10f6862aa18b05f8c2850a8bc99636c0b2e37ee3e3971373e9c894a8fad4e75ae2a5b6280e9273e12139de567313bdb489bf96664e019357cc0ca3bbcc2c76e02eda10bcab82f9b5706fed62083302a1718f6db48f171d5dc598adfa603d6c22c6b9c70ab91b7f6eb187dc43490a07716909d4fc127bd7b2f7589276f7e879a3692118e305bf100d85c3fe71a858407df1ccac26d6b12fc9e6269cba2f6a1e3e8693e78f79166803f04273d698cceb56e79abe2bc6be39a10f2cadd7d0fb3325d2a900de00d0165e426a8db6e00d39102403c92f95f7fad6067116dc04d6ccab8f2ad03494b2788870a8d1e7bc643b6d2940be94df601d427bd3c34eb23a933cc43f06cfcb53f33f6bb2011864e9ddb4bdb67ad3d4a44107409d329a9e0b1718732035e5598c0f434d7107603fd987805d072807e0f3c80e6648d6668406b7de86307b5a63441529b4885dc28d78e88e0ccb5255171587b6eb1ba3073f243d2b798c00dd44b4416fb960c8fde721d67b8bce8199af5be0dd24203e2e7559645822b1085e27cc53c4773acd4ed64be1e0432016fd278c384f5cb4ebea4792b12726aa6e601b520976395c4c9ec13d8fb60dac492ef4e7c370230163697626dce97fa601dc2e90e4b70c9033a370ede354e78cbfa67b7019cf4246439ad0a869a56a29b4f55907b5d0b0ed789eb96cc08550b98bccbff0343be020d94b5e0e76363828fe16cbc613c4beac2e11e22910067ccae97f7b278e56932b5012081f8f71b87aa2d9ad41aeae5c085769f842c040f5816c84ec2ca36db7ec537c05006481e9b6f1760172e604e31eb4e150ac3bd7c301b0aa98ff37b44c69e3518f32e4f88592f6f4e01d0e4a3cf6a66d9d76e4ef0ef76fe37458272a374d08c3d2cf7cb92142f7902c233d02170377b142330eed18b818575fbb2320d11af5997b4d2b10ba53ddc17f2042a9bf4917f31e493323b7945efe7838b0cf0ee656acdc2e5f5670d5b60349745675f8ff44ad747d9845f253a213570543dc109f072b8bea904d76006fc5668b7d9e9340b8ecf311265b71164f8ba789d09cf74da8a709d7ab4718374905e227f3247d53f7711749655dd0f654c4d5046723f16c84ff0c154fe3b07da9ea4f9185d1c021e23020412fb37481a937d1a717b51f72e45b3fc4ed4f6ac5b5013764b5131689d310e0416e8ec2a74ad1d71fb561d7a66c671ce3e90016cad17cfd8c3fa3664d81483a6de7a1aeff66ca9822254fe86e914479b58e581044ddc970839c759c3fae489c5a4fd9c0494ad783f432a44aed69fbb8f911951d93137b9c75e4d8a92edd821264db38db0da9f5d707d72dc4635157175c75adb0b771a3b2b9a86a2fd7e43eceb3aaeb25f26e665f2a527b95362eba07d8d6baf7fbb2cae0abcabb16deeedd776dcbd36d8cfd97529edbd9537f2bff7fa5394c05e0776bdeb0ff09f844eb6ae4988eb8f362653eeda6981625e1bd6d98f433e503d2d38255b9bb74b3250ff5ecf069366f6f23245a6861c71704bbb3d889e799dc2977033e8778c8a398119ec800493d09f69274f16c9f9534f0d4311f5777a6b6c1be1698ebe3740e06b84e912cea66ca00494ca38ce2d2ceb65f8967cade9f1c50d9130b47d0815740d8898639f584d97cc8c9f514f15361efbcb34801db398fb2c04b4a69f815c2ffcfb9a8f4d1d496ce3eab7ad32930418d7f6cb5f75d61cbd1028912e55113246bd0eecdfc4c83a41f9be6fbdae4e0b8389ab70d4a6ccb2e1c829a899d2c697e0ce871ed15c5ee730f53118503cb9bd60b78692ba27d86274b4e7db794489a236b734949b2c8f0e164deefa38e800ef04ff1c89844efff8daa66afb2431b90166a8e31eb30392638a6e62a889996cb13bb509bdf7d3ddf36de348ab0d807f508d0f1afc5ffe559b02cb51e8c0e2370154b3f1a767447627552fb759ce5901de92b61ec7b84b4489d0a85931aff0fd5e09205c564e00f9ae374ea99de295da2f3b1e77fcb977e5321c588aabb23fcf0f33c9c184d7489604a8e7e002eaa2808dc34009df5b68f9de1da84986affcad0bc2f67eb9d91f4e79f684a3b37b977907ec2d5bad99c990b60319c9aab37353a82b5af4aa35c545cc781e90c69984f8120668137115d232d1578f4058fbb417756e808a06afeaae382868bef876adb75cab38e8acd07da5994d04025848fc10cfd74c28ba5be5f78a8530791a94cf8afe5d48dbf7b422f14f1fc11c5da04bfb1c74524950ac1eb3121eb70c6d55254aca90199c709ab50ab6c347586288bb15a7433d07054fe4beb3a279793cf8c181cb501b524b3052c3bc5db91e81b35fbb6fea699fae0ae69b81b718cdb4dd574c3faf087f1b5ce177e0a079945023ff175a7af65c009b3315b7d98c9c73134eb9f8804db641897b19356dc036f6dcd405df8b1661ff46d5d455e9ff01c844e74d9d6747ef91888f8bfe8e8b4eec71a8c4646de4c3d85b83bb55c3a45a7e27cb88d7a5a3e368399e02dd8904ade205bebb171dc1ac938ed96b2dfd6c33e6f88d1047726a2b0943cd341b1c03205c3b09b1d024a1f43822a68a52b9659520bd6a3e677ce638f88f14204984439036b8e2cb0e8808c9a09e70e5d3074969b62076e3ebeafb612abd0b05f4175fcf5caa1ee2ab8216bc46a873177f6bab12d1b7125d5c5e87d19231cee2d4f19163b224f9a086ba6c94e69a204bae52b8a432c37c612218dd8842b1ad4a25e019b1474e3a1887e4a8c676ef3ad4e5d3f91491d0934f945985e2abfef0ce18733b755d555a501ebc81f51d860fa27e65251a054fdeb2988599de2a3a9b5fb50e4330a1c9323546bdc3ae2da2822db33d382931724bc7ff72e5d18d5030c5d7be5e401cadf6cacc916738caa0dfa2abc579178894963c8e6717a0f80c88b778c646e2e3e3a598d33de113f42892473a9fcfc6abf3a4119e0d704f9df1b36c9d7c731058a4011259b271807ebdd4e09868150a39bbb0f4c1769b79df82c1523d6247a2656a37ec526c650211156b332e6cc65845fa616b9dd46ac39cb44e0c54836df36bddc7d2349887323d78395978157aac0871bff7fdcf965449199b7f6b6f7f06548ebe98e584622e246164bf68dcec87167c8904b8917129512bf9e1a82d3c6bad4cf64a92d1508b2280bda46091fc686e1ed715a02a1edd256059bbf02773a6dd650b4ead022547d910d61d06cdcc081e090561d45f3cdf0b0f1a72ce2cc1884d3089a632e5cee67cb065e89f644ac1636b67ef4b1a47b8b235ca05006c0c6fe46c9a65b794c906e7cde0eea177c80f37db2132f02b2d72ac73a480c5c5eebc3844b8087f72d158ab21bd093031c6e138243cd8b80da5e9ca0cb0b279ad16071ff876c80293133f08a8edff5f99963e9af28a7f6ebc977e55de59865f318d22834fbc31803fd8a2e6434ea0b5ca289ea0d60c2f5f2ac17fb1519882ddbba5a154eb4cce7ff68946f2c9ff7e86a4d92536cb72aa73e0f58ceb2f6758c6b8ac4921356f3486cf5dc7c1c443794d43401e12bfaa42a91ab2f2ccf17382a5f205ae9d57cf6dd01cbef56755bc081eb8cbb66a59c63d577a8a67f9866afc0d208f135658218d568d15b3ce35e3f046c7416368e0802dffc8c86ad56d8e8e6bcad9a826bdcb76abdd0f654ec1e8386a258601afc32f32fb5172e341732d95ecf4b879d86a1077f0b3c94b152ea157ce0def102e841cb78b55545ea8dbe794c78e71e39f2eeef97a1f36609a99af6c77e2c49e9ba624f52f2a340b3b816066c5968c8a12308b5dbd4fc08b96f81584262ef8392637614a3f008f76a499bfdc1d28da7132b1f865e1d0bb302d863230eae2c5ef6d05d00e351b7068c9b41c2cd0ce474e8f6eb7c516d8e30692465295b58d00e24392a0fd18f192fa8c1fd097fcbb36bbebea91deeb205ce06af64aeb9810ae0e204d5fcd3d6661081ef2d517678dcf203528f2abb1b9a8aec95e35c3d8f9a7958fef5cda2ec7a676dfc8178c2d8322eea06f2b12ff5043fafb9311ff10583337b70dd37ba0caaa34d5988dd86fdddc6366bb01cc3510995c0417902463b8fcc682eddbe4c72d92c45a3f917f849f963c50b82a5fad5a4bd11f1ec476f9025fd54f071e3a13c1d7f8a6549ebfd87442a90b361bec89e8211bd91c6001de9da5b46543638b78dac27d0f4b78eb4a04db307dde4fd0cd10692a9851a2f00de41a12a57f9aa07387ba754cee38abedf0e9d5d7d3dde2a1484a7911a7b37bc6670cd23119ee1671ae5748e4ebccb1c742bf9431ffc4212ce194793dcab086621549e791e809e109bc901e42037918a74dc1f2e96d0bcfb3b6ad53c20e615bcc40a2f5eba7d3668ca73683de30b6fc8c7532d8caff13d3a98c9f683b134164cf7d91359e4aa1d43da24310ec6f15b7e125f6d09f766bb3886fb0019a8190ac913b8436cd3ce85936bf8882d26f139d54e2cc431ea47b2271ecd1610a4e3fe836c5f2ff1cd0d62a1875c5113ead9d2041c2ba76931a8dca17233716ca8e9d08e56e85f26c2a79173e0cdb729ef6b24cf687077e2e75cb543f4225e79bb09346e9392509b49a95db36116f12067ff66a7e8fd7b941847904cfb9e8451efc4ab08ea29f858bfcc8fd0cd54375fa720e790242f12f12bc67ab564239ee30fa7fe2d0cf7bd5db934a0331ac583912ed96ddbf3c968c998a5dfbc1b4fccda4844463fb7d2d2f08c97b30eb342f7717ee3b322a138f3254937cea4f7fbdd8ca30c67c899d67866b6bec2cc53c771b780bbb4e1006297d1020299cf48a92be07275abdc88f24171def439919f967df046fa9083a505bc96fbfe89a12ef6e51e10832ec86fc885c326b7e99fa1853b13911ca6d6b59b4a35e47e3c57a5c60b0a4509cbd78850a717466862e84b1580caf48670ce6b1c1fcad7df6ae27d758ef8a3f2b15f5f35d8a6c0a5a9271d21680173d2027e67f6575b1eeea332571e28e20caf6e"]}, 0x1014}, 0x1, 0x0, 0x0, 0xc001}, 0x4000004)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}})
r5 = syz_open_pts(0xffffffffffffffff, 0x200000)
ioctl$FIONREAD(r5, 0x541b, &(0x7f0000000240))
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)

2m50.10956028s ago: executing program 4 (id=1076):
socket$can_bcm(0x1d, 0x2, 0x2)
fsopen(&(0x7f00000007c0)='erofs\x00', 0x1)
socket$inet6(0xa, 0x800000000000002, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000640)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@var={0x10000001, 0x0, 0x0, 0xe, 0x3}]}}, 0x0, 0x2a, 0x0, 0x1, 0x6, 0x0, @void, @value}, 0x28)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180200000000000000000000000000008500000061000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x18000000000002a0, 0xe40, 0x0, &(0x7f00000001c0)="b9ff03076003008cb89e08f586dd", 0x0, 0x402f, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r4 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=<r5=>0x0, &(0x7f00000005c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
io_uring_enter(r4, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2m47.746728737s ago: executing program 4 (id=1083):
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa35f086dd"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000001e0001000000000002000000020000000100000e0000000008000e"], 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x2810)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4)
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
connect$llc(r2, &(0x7f0000000080)={0x1a, 0x20, 0x6, 0x6, 0x6, 0x0, @multicast}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd637f4b22667f2f00db5b686158bbcfe8875a65969ff57b00000000000000000000000000ac1414aa35f086dd"], 0xfdef) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x0) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000001e0001000000000002000000020000000100000e0000000008000e"], 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x2810) (async)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) (async)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) (async)
connect$llc(r2, &(0x7f0000000080)={0x1a, 0x20, 0x6, 0x6, 0x6, 0x0, @multicast}, 0x10) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) (async)

2m46.810250138s ago: executing program 4 (id=1086):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
syz_kvm_setup_cpu$x86(r3, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0)
r4 = io_uring_setup(0x549, &(0x7f0000000040)={0x0, 0xc57e, 0x800, 0x0, 0x30a, 0x0, r3})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r4, 0x13, &(0x7f0000000000)=[0x80000000, 0x4], 0x2)

2m46.348730371s ago: executing program 4 (id=1089):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x4005, &(0x7f0000000640)={0x0, 0x92e1, 0x400, 0x1, 0x40008333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x7ff, 0x100)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f00000000c0)={0x8, 0x0, &(0x7f0000000040)=[<r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r5, 0xc00464c9, &(0x7f0000000100)={r6})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000080)=<r8=>0x0, &(0x7f0000000040)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x1, 0x40, 0x1})
syz_io_uring_submit(r8, r4, &(0x7f0000000200)=@IORING_OP_ASYNC_CANCEL={0xe, 0x10, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x0, {0x0, r7}})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

2m31.164081983s ago: executing program 33 (id=1089):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x4005, &(0x7f0000000640)={0x0, 0x92e1, 0x400, 0x1, 0x40008333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x7ff, 0x100)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f00000000c0)={0x8, 0x0, &(0x7f0000000040)=[<r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r5, 0xc00464c9, &(0x7f0000000100)={r6})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0)
syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000080)=<r8=>0x0, &(0x7f0000000040)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x1, 0x40, 0x1})
syz_io_uring_submit(r8, r4, &(0x7f0000000200)=@IORING_OP_ASYNC_CANCEL={0xe, 0x10, 0x0, 0x0, 0x0, 0x23456, 0x0, 0x0, 0x0, {0x0, r7}})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0)

19.410525592s ago: executing program 3 (id=1406):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28102)
r1 = dup(r0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getpriority(0x2, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r5, 0x0, 0x10, &(0x7f0000000080)="170000000200020000ffbe8c5ee17688a2003c000303000afdff02a257fc5ad90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac", 0x60)
openat$cgroup_devices(r4, 0x0, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="2c1e"])
syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
bind$can_j1939(r1, &(0x7f0000000200)={0x1d, 0x0, 0x1, {0x0, 0xff, 0x4}, 0x1}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x800)
r7 = socket$igmp6(0xa, 0x3, 0x2)
r8 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r7, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
write$tun(r6, &(0x7f0000000100)=ANY=[@ANYRES8=r8], 0xfdef)
syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000020000082505a5a4400000000101090244000101000000090400000302060000052406000005240000000d240f0100000000000000000009058103200000000009058202080000000009050302"], 0x0)

14.177796559s ago: executing program 3 (id=1418):
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000400)='.\x00', 0xa4000021)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000b000000080000002200000000000000", @ANYRES32, @ANYBLOB="00000000000000000000b218264900010000000060d73e1163f6976e2b758681924faa5b68f1da83359467b7b76a558d45e85eb2a8", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="201427fd", @ANYRES16=r3, @ANYBLOB="0d030000000000000000130000000c0009800800020006000000"], 0x20}}, 0x0)
r4 = socket(0x1, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
pwritev2(r5, 0x0, 0x0, 0xfffffffc, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="020300020c00000000000000000000000200080008000000d700000000000000030006003c00000002004e20ac141400000000000000000002000100000000000000090000000080030005000000000002"], 0x60}, 0x1, 0x7}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r1, &(0x7f0000000240), &(0x7f0000000180)=@tcp=r4}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r1, &(0x7f0000000440), &(0x7f0000000380)=@udp=r4, 0x1}, 0x20)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x307, 0x2, 0xfffffffe, <r7=>0x0}, &(0x7f0000000040)=0x10)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000080)={r7, 0xec, "8ce044ce4547c341ce1820e1283301c198f4d2ce053156a20eef4f2e05e38c102b25216cc0931b7a5ed452b612e9e8f5a31ba016d84a4daadb3942de2eeb69bf8b450cb95a1305c4881d743282cba46788a2db39c091658791131d3d05c0120bc8524f600fb751f666fbeebf3be8e23d292245dd430ca16c608379790c219fefd0809abd614832b54cea294fce9957305837db1f587727f70706b92832150db11f827ac25ef70ad88a2722bb2288b86e5de5a044a0a971ab830fb2831b3a8f6939be24560b97df8af26ceea75de935a5b3c999f657a0e1a8dc700e8609eebc017523121912f4566644f41865"}, &(0x7f0000000180)=0xf4)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz1\x00', {0x3ff, 0x6, 0x4, 0xa}, 0x25, [0xd4, 0x2, 0x9, 0x8a4, 0xd24, 0x2, 0x7fffffff, 0x80000001, 0x5, 0x1, 0x101, 0x3c6, 0x7, 0x6, 0xf70, 0x7, 0xe7, 0x7, 0x401, 0xbc5e, 0x0, 0x1, 0x3, 0xffff, 0xe, 0xe, 0x14, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x106, 0xc, 0xfffffff7, 0x4, 0xe79, 0x7, 0x1ff4, 0x1, 0x1, 0x80000000, 0x401, 0x9, 0xbdc7, 0x6, 0x1, 0x9, 0x1, 0x1, 0x6, 0x2, 0x5, 0x9, 0x5, 0x9, 0xffffffff, 0x3a23, 0x1000, 0x883, 0x2, 0x6, 0x7ff, 0xffffffff], [0x80000000, 0xffffffff, 0x4, 0x5, 0x7ffffffd, 0x1, 0x553, 0x6, 0x2, 0xfffffffc, 0x8, 0xc, 0x36, 0xa, 0x6, 0x1, 0x9, 0x98, 0x8, 0xe56d, 0xa4, 0x4, 0x99d, 0x8, 0x0, 0xd, 0x400, 0x0, 0x6e38, 0x8000, 0xa, 0x2, 0x3, 0x7f, 0x5, 0x7, 0x4, 0xd, 0x9, 0xfff, 0x4, 0x5, 0x40, 0x1, 0x8, 0x8, 0x8, 0x0, 0x34f1, 0x1ff, 0x4, 0x1b2c5a17, 0x0, 0x9, 0xc, 0x0, 0xffffffff, 0x1, 0x6, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x6, 0xdb8, 0x9, 0x4, 0x2, 0x6, 0x5, 0x5, 0x3, 0x5, 0xff7ffffd, 0xc8d3, 0x33, 0x9a45, 0x0, 0xee40000, 0x1, 0x1, 0x43, 0x69d, 0x8, 0x10002, 0x2, 0x0, 0x8, 0x2, 0x4, 0x800, 0x2, 0x9, 0x0, 0x0, 0x1, 0xfffffffe, 0x3, 0x0, 0x9, 0x18c0, 0x9, 0x2, 0x7, 0x8000, 0x6, 0xfffffffa, 0x81, 0x8, 0xffffff20, 0x55f2, 0xdf46, 0xfffffffd, 0x7f, 0x9, 0x7ffc, 0x40, 0x3, 0x2, 0xa, 0x6, 0x2, 0xffffff00, 0xda15, 0x7f, 0x3, 0x10], [0x0, 0x897, 0x8, 0x246d, 0x6, 0x101, 0xfffff410, 0xd, 0x7ff, 0x606, 0x4, 0x9, 0x80000001, 0x2, 0xb, 0x2, 0x7, 0x1, 0x7, 0x2, 0x7ff, 0x3ff, 0x0, 0x0, 0x6, 0x100, 0x1, 0xec9b, 0x61c8, 0x6, 0x0, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0xe, 0x4000006, 0x7, 0x1, 0x9, 0x0, 0x4, 0x100009, 0x100, 0x3, 0x3c, 0x1000, 0x5, 0x2, 0x15, 0x7fff, 0x7, 0x81, 0x5, 0x3, 0xfffffffc, 0x4, 0x6, 0xeff]}, 0x45c)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40, 0x1ff)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
read(r0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000002f000000180001801400020073797a5f74756e"], 0x2c}, 0x1, 0x0, 0x0, 0x24000005}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)

13.413158297s ago: executing program 6 (id=1420):
syz_emit_ethernet(0x3a, &(0x7f00000003c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x9, 0x2c, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@noop, @rr={0x7, 0x3, 0xe2}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x4, 0x2}}}}}}, 0x0) (async)
r0 = socket$netlink(0x10, 0x3, 0x0)
fsopen(&(0x7f0000000000)='coda\x00', 0x0) (async)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) (async)
r1 = socket$netlink(0x10, 0x3, 0x0) (async)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="0f000000040000000800000001"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xe, &(0x7f0000001440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018000000000000000000000000000000950000002304f866"], &(0x7f0000000200)='syzkaller\x00', 0x6, 0xe1, &(0x7f0000000240)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe66, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f) (async)
r3 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x88, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xfff1}, {}, {0x1c, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x58, 0x2, [@TCA_FLOWER_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffff7, 0x9, 0x6, 0x6, 0xb87}, 0x6}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x88}, 0x1, 0x0, 0x0, 0x2000080d}, 0x24000000) (async)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

13.400121185s ago: executing program 3 (id=1421):
socket$inet(0x2, 0x3, 0x2)
syz_open_procfs$pagemap(0x0, &(0x7f0000000100))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000380)={0x1, &(0x7f0000000340)=[{0x3, 0xf, 0x3, 0x6}]})
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x73, 0x9e, 0x61, 0x8, 0xfd9, 0x2c, 0x66b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x7, 0xd4, 0x40, 0x0, [{{0x9, 0x4, 0x65, 0x0, 0x1, 0xbe, 0x86, 0x6d, 0x1, [], [{{0x9, 0x5, 0x1, 0x2, 0x40, 0x1, 0x3, 0x9}}]}}]}}]}}, 0x0)
syz_usb_ep_read(r0, 0x1, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, &(0x7f0000000300)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
syz_usb_control_io$printer(r0, &(0x7f00000008c0)={0x14, 0x0, &(0x7f00000007c0)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_emit_ethernet(0x304, &(0x7f0000000000)={@random="9a70b05e7d2c", @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x2ce, 0x0, 0x0, @private2, @local, {[], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3ead97c4e16229ce4c08a111a0fc64651c21e9174dd72442a9ae2a42d9433c7b54c8dd4b59203f9a2e227e9b043eb430e606cf98f3428ac8511948dd553bc0728c0626fbda71bd2a1d734d605e27bdb0be93b7b91284689e31fccb70c15f2c39da9011c84d36fe4b4b36ff26e45a34685fc638dbdaa068a3d3d4f5d44b74afc0fc7956e5fcc3fe405ac6d292d1d90f257f18fe14a3192d28ed369956aa2f91f9fee773cf7fb5d90705347eeadc1af86de78a498fa1a20e5b3f481a0595769654d969299506d8ffbc172a7fb9453a8a3787e80b167936863f2cc16c1d03481bd40e1abcf87a292559771572136932bf30e48174012a1d4d5f138f93140af2ceb9c821c7966ea7592d762975b5b33ef141b6b91eb388c91b924945c3231d0f299adb5a36e0c95a17872e7ebf0bc0e33baf5c46f9e2087b77bad0794d519ce7bc8674a70f3545d020454ded22f164185df3b4f952b132947b75333993fd73a6bac5836dd5720e559bcb82a4926734c5c3b1287c5fec219a99f71eb398430001f007306e9232c269c2886357f75d935e8de054341ac36f1df1fc77fbc347d90660f4d5658cfeb9e289f70968a7c0b38ae34c4bfa46b47964e223ac34f472e32"}}}}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x2, 0x0)
pipe(&(0x7f0000000040))
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000e80))
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000a00), 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r2, @ANYRES16=r1], 0x0)

12.632661615s ago: executing program 6 (id=1423):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0xffff7fff, 0x4)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="1400000016000b63d25a80648c2594f90224fc60", 0x14}], 0x1}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x2, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
userfaultfd(0x80001)
r2 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0)
r3 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r3, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r2], 0x2b)
sendfile(r4, r2, 0x0, 0x4000000053d2)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000480)={'batadv0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f0000000040)="020009ffffffbabe0040000086dd", 0xe, 0x4000000, &(0x7f0000000000)={0x11, 0x0, r6, 0x1, 0x5e, 0x6, @random="0ad5ceeef02d"}, 0x14)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="240000001a001fffffffff7f0000000080000000", @ANYBLOB='\x00\x00\x00\x00\b'], 0x24}}, 0x0)

12.18697739s ago: executing program 6 (id=1425):
ftruncate(0xffffffffffffffff, 0xc17a)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000140)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(0x0)
symlink(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)='./file0\x00')
unlink(&(0x7f0000000280)='./file0\x00')

10.977801508s ago: executing program 6 (id=1428):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x2b, 0x80801, 0x1)
ioctl$sock_inet_sctp_SIOCINQ(r1, 0x541b, &(0x7f0000000180))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x82000)
ioctl$SNDRV_PCM_IOCTL_RESUME(r2, 0x4147, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000340)={'wpan1\x00'})
r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r4)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000040000e207000700e00000020800020005000000080008"], 0x34}}, 0x0)

10.152735658s ago: executing program 2 (id=1430):
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
ioctl$USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, 0x0)
ioctl$TIOCSSOFTCAR(r4, 0x541a, &(0x7f0000000100)=0x80000000)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, &(0x7f0000000140)="0000000000000001ff6943b800000008", 0x10, 0xfffffffffffffffb)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, 0x0, 0x4011)
dup3(0xffffffffffffffff, r3, 0x80000)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000e40)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0xfffffffd, @local, 0x7}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x7ffffff7}}], 0x1, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'lo\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newaddr={0x48, 0x14, 0x9535393fea6295b5, 0x70bd27, 0x25dfdbff, {0xa, 0x17, 0x0, 0xff, r7}, [@IFA_LOCAL={0x14, 0x2, @loopback}, @IFA_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFA_RT_PRIORITY={0x8, 0x9, 0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x2004c040}, 0x0)

9.378412665s ago: executing program 6 (id=1431):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsmount(0xffffffffffffffff, 0x0, 0x0)
fchdir(r4)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='\b\x00'/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000580)={@fallback=r0, 0xf, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r6, 0xc048aec8, &(0x7f0000001840)={0x1, 0x0, @pic={0x0, 0x9, 0xfd, 0xb4, 0x0, 0x7f, 0x8d, 0x8, 0x8, 0x1d, 0x2, 0x5, 0x1, 0x8, 0x2, 0x3}})

9.183481516s ago: executing program 0 (id=1432):
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x8a, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r3, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
dup3(r1, r4, 0x0)
r5 = dup(r0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

9.145069772s ago: executing program 2 (id=1433):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28102)
r1 = dup(r0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getpriority(0x2, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r5, 0x0, 0x10, &(0x7f0000000080)="170000000200020000ffbe8c5ee17688a2003c000303000afdff02a257fc5ad90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac", 0x60)
openat$cgroup_devices(r4, 0x0, 0x2, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x6, &(0x7f0000000180)="10000000000000000100000001000000", 0x10)
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="2c1e"])
syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
bind$can_j1939(r1, &(0x7f0000000200)={0x1d, 0x0, 0x1, {0x0, 0xff, 0x4}, 0x1}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x800)
r7 = socket$igmp6(0xa, 0x3, 0x2)
r8 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r7, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
write$tun(r6, &(0x7f0000000100)=ANY=[@ANYRES8=r8], 0xfdef)
syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000020000082505a5a4400000000101090244000101000000090400000302060000052406000005240000000d240f0100000000000000000009058103200000000009058202080000000009050302"], 0x0)

7.776581161s ago: executing program 0 (id=1434):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r2, 0x0, 0x0)
sendto$netrom(r2, 0x0, 0x4, 0x0, &(0x7f0000000000)={{0x6, @rose, 0x1}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48)

7.697602807s ago: executing program 3 (id=1435):
openat$urandom(0xffffffffffffff9c, 0x0, 0x1503, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000000000)="10", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0xfffffffe, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
sendmsg$inet6(r0, &(0x7f0000000340)={&(0x7f00000000c0)={0xa, 0x4e23, 0x7, @dev={0xfe, 0x80, '\x00', 0x38}, 0x29}, 0x1c, &(0x7f0000000100)=[{&(0x7f00000002c0)}], 0x1}, 0x20000000)
poll(&(0x7f0000000080)=[{r0, 0x46a8}], 0x1, 0x400)
shutdown(r0, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000796412000000000000000001851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000106608000000001000180000000000001000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000200085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)

6.282247162s ago: executing program 3 (id=1436):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0x69, 0xf7, 0x4a, 0x20, 0x10b8, 0x1bb4, 0x3465, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x5d, 0x0, 0x0, 0x1c, 0x53, 0xc2}}]}}]}}, 0x0)
syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x9, 0x70, 0x5, [{{0x9, 0x4, 0x0, 0x5, 0xeb, 0x7, 0x1, 0x2, 0x7, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x4, 0x9}}}}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0xc, 0x2, 0x1d, 0x40, 0x6}, 0x23, &(0x7f0000000100)={0x5, 0xf, 0x23, 0x3, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xf7, "968d01640d123f3df13e1f92e3e4502e"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0xb, 0x3, 0x7}]}, 0x1, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x420}}]})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000200)={0x1c, &(0x7f0000000080)=ANY=[@ANYBLOB="2017cc"], 0x0, 0x0})
syz_io_uring_setup(0x3380, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000380)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, 0x0)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x172f, 0x37, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x8d, 0x70, 0xd, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x3, 0x1, 0x1, 0xfa, {0x9, 0x21, 0x3, 0x7, 0x1, {0x22, 0x18a}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x40, 0x5c, 0xf8}}}}}]}}]}}, &(0x7f00000005c0)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x310, 0x3, 0x8b, 0x8, 0x8, 0xa}, 0x24, &(0x7f0000000340)={0x5, 0xf, 0x24, 0x2, [@wireless={0xb, 0x10, 0x1, 0xc, 0x140, 0x2, 0xc4, 0x688, 0x5}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "487084cedf05771a05df6c62b18b4968"}]}, 0x6, [{0x51, &(0x7f0000000640)=@string={0x51, 0x3, "329e13fd02590ef1da4fee4ed90a9aee54109644e3eee9021f70f58d85f740404d23309c2371c028a320a364707f27d0b8d7ee3edadb0e862d5ef5fb58d1f71c4346762ecfc7ac6483778c25888d7f"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x449}}, {0x79, &(0x7f0000000400)=@string={0x79, 0x3, "8920f1b4b4a67585232560d014d8096716c603031cf38216eefa70488eed7e49c0f846cdd685f6d542895250f792e55758a8386c7194c54413fa955d794f8887e8a0d784329d91cef6736758718916620c7115907be5b01e48f72a35ffffd537d9d3f70669f8407d6ffa9c17e1283c334b444bf56d3211"}}, {0x65, &(0x7f0000000480)=@string={0x65, 0x3, "a58157dd385ba2572147bc3afcf3c0e9e1724a413142f27e4b7a3bf50a2f32ce86d8ad64ff5f393fdcef89fd6c8d9ac92475f4139399760fc722e87624f39cbd2f070eed0ad1adf0a2a970b4ad35483d10916e74c73d6d543cc3e65425a13183ac298f"}}, {0x45, &(0x7f0000000500)=@string={0x45, 0x3, "9119a181d1e63a3c46349f068929444dd72a4f802743c11ab0694911a728bb2311c45af5572485ed758a15541fee1cb0fff318a757aed9b416883dbaafce430db808cc"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x812}}]})
syz_usb_control_io$hid(r0, 0x0, 0x0)

5.70084643s ago: executing program 5 (id=1437):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x23, &(0x7f0000000840)='@X', 0x2)
unlink(&(0x7f0000000080)='./bus\x00')
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
mlock2(&(0x7f0000d94000/0x2000)=nil, 0x2000, 0x0)
mbind(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x2, &(0x7f0000000040)=0x8dd6, 0x3, 0x0)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000000)=0x7, 0x37, 0x0)
mlock2(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0)
gettid()

5.385554432s ago: executing program 6 (id=1438):
syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/cgroup\x00')
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
unshare(0x4020400)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4)
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, &(0x7f0000001340)=0x4)
add_key$keyring(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@ipv4_delroute={0x40, 0x19, 0x901, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x1}, [@RTA_DST={0x8, 0x1, @dev}, @RTA_GATEWAY={0x8, 0x5, @private=0xa010102}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP_SRC={0x8, 0x3, @multicast2}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x6}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/cgroup\x00')

5.26356409s ago: executing program 2 (id=1439):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="000091000000000000000000000000000000c5", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000600)={0x10004, 0x6, 0xdddd0000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0xfffffffffffffdec)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xa0000)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
accept(r3, 0x0, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f0000000000), 0x695, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r7, 0xffffffff80000900, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x80000000, 0x0, 0x0, 0x6, 0x100000000000000, 0x3ff, 0x4})
r8 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r8, &(0x7f0000000340)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000180)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x1}], 0x1}}], 0x2, 0x44008)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x1f, 0x2, &(0x7f0000000200)=@raw=[@call={0x85, 0x0, 0x0, 0xc2}, @exit], &(0x7f0000000180)='GPL\x00', 0x2, 0xda, &(0x7f0000000240)=""/218, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SIOCSIFHWADDR(r1, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="0000230c1100"})
r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
dup(r9)

5.116793916s ago: executing program 0 (id=1440):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x401)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001c40))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000)
ioctl$BTRFS_IOC_DEV_REPLACE(r0, 0x4008af13, &(0x7f00000007c0)={0x0, 0x3a4, @status={[0x400, 0x1, 0x2, 0xfff, 0xa1, 0x400]}, [0x2, 0x100, 0x8, 0x0, 0x1, 0x1, 0x7ff, 0x3, 0x3, 0x8, 0x10001, 0x9, 0x7, 0x2, 0x4, 0x40, 0x7, 0x5, 0x401, 0x59c, 0x5, 0xb3, 0x7, 0xfffffffffffffffb, 0x1, 0x3, 0x8, 0x4, 0x8, 0x4129, 0xfffffffffffffffe, 0x7, 0x5, 0x6, 0x2, 0xffffffff, 0x7fffffffffffffff, 0x4, 0x5b0, 0x101, 0xff, 0x1242, 0x3, 0xffffffffffffff5c, 0x0, 0xb8a, 0x20000000000009, 0xd18, 0x5, 0x4, 0x800, 0x4, 0x7f, 0x8, 0x5, 0x3, 0x3ff, 0x6, 0x4, 0x7fff, 0x6, 0xe, 0x1, 0x4]})

4.701817832s ago: executing program 5 (id=1441):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/softlockup_count', 0xa00, 0x0)
write$tun(r0, &(0x7f0000000080)=ANY=[@ANYRESOCT], 0x6a)

4.468117006s ago: executing program 2 (id=1442):
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0xd384, 0x3)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x9, 0x0, &(0x7f0000000080)={0x80, 0xf, 0x0, 0x0, 0x7995}, 0x8, 0x0, 0x0, 0x48000000, 0x0, 0x40000000, 0x0})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), r1)
sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000001040)=ANY=[@ANYBLOB="608a0903205e5ef17e21b740f64490", @ANYRESOCT=0x0, @ANYRESDEC=r0], 0x198}}, 0x8d)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r3=>0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket(0x10, 0x80002, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001140)={{r2}, &(0x7f00000010c0), &(0x7f0000001000)='%pK    \x00'}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x10000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={0x0, 0x0, 0x63, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
r8 = accept(r7, 0x0, 0x0)
sendmmsg$alg(r8, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001180)="63dbbad4af323f372fe798d6c557f1ee366a3c439b8de28e67e6126089d72ad6cf59585b157da930d50a667e9e3902acea8a1a2eb88e816a16c51f6395dd29864560441cf491a1bb52dc3cfa5cb9", 0x4e}, {0x0}, {&(0x7f0000001400)="82a59dbab3da8c0c33bb03fc74fa79436b520ceb557152bf924b6991a6253390fb752fe30d8bcf16745565baa1b930985be12e27043af464b317e65e3e8c437ae1c8f17361072b9a38e4f81f1f15b986e0cf40e8ee212dd0968366fecac182aba0ff129d0884a3d1a693b0af2f2a34bdefc358bfda8ef2c6315462e0f0bf66c12b20fefb7be7af1de92223c8635947fe84091964c55c98d73e8eb4d2d9ee0cf9914312b3b9570b0192936be9f986566071dd0744533ae450b0512c45ebeae7278597d44350c9b128dc266976387cde36e5d64e2e3e1b7d803f8191aa36222f3a267cb46fad2286f0c7432836cd40", 0xee}, {&(0x7f0000001200)="80ace19ebe18eae6c0e7db6a7df61b793651dce6b9cf5e96031b3914d4f149d04c5b8a9689bdd01c88fa06ba778411b3a7a4d5d0550203d106c1672e56136c09733352964c56f0403d09c7c7cb640f5080498afd", 0x54}, {&(0x7f0000001080)="6ab0d29107a27d21fd6967b7c3fd7c4e64", 0x11}], 0x5, &(0x7f0000001580)=ANY=[@ANYBLOB="980000000000000017010000020000007e0000003542f0a30445fa8b5874b227c590ba76b11e75b47bdc5c3fb0ed618d47c7d8749912be7eb66877fa7659de3769a24b73c2e28c5bf82a2e59788547ba688408c7cbb489161da38e29e98e6f60255989999c275e060e9850f7effd2e9dbb14c29567afb0a396e27dc67430affe4717e5c603a911fd000000000000180000000000000017010000030000000000000000000000180000000000000017010000030000000100000000000000b0000100000000001701000002000000990000002c2007d20c4b60e1cd219ef203f1b0e660c58afcca9469f63a52f3521d530125c65c51fe40f6b1ba35195d4a44fe7d825a09bf801bb46829e2cab6ed8a06000000000000be038a97703b51c8e50090b0117375fd9dafee387978bd23b33fcb2129c8b461a72aabdfb824685cd6930b1c05fcbbaaa863f0de83879fc5509b7422ca1dc49281ec21240eb7c0a2f9348717b78062cb4bc684bdca000000d65ed668d081fdac354d0000000000000000"], 0x178, 0x20000000}], 0x1, 0x24040050)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000063060000bca30000000000002403000020fef6ff720af0fff8ffffff71a4f0ff000000001f030000000000002e100200000000002604fdffffff000014010000630000001d130000000000007a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000093bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98dde20358d1148272abd23da767f8c549ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb46ffffffffffffff7f1569b33d21dae356e5c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d22891202d0f5ad94b081fcd507acc9b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb9439901fb39f1d78aa60ead1883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10880fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1b9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa2000000000000000906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000fbff00ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554b15dca5f77a08a83431a87881fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f783e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bcb0addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43737a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab7493c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a44434600e64a6a274000000000088b3e63a000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e727bf10d6335332f45b8e87383930f1a4724434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc946acfb3d1a56e9ec13ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdce1f7ffffffffffffcf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b338a59c0c0247bc9412e19204caaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af11210200000000000000484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea170ab651a039d7102923e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b187ab8e0d179e6ad0dc758975e9cf77f703e742b77521149d8fdeae4b92d5edc232ca356fb86784b865adda7c921dc475276837b2619922de4d96850172602fac7d165e32419a622bdef7c91385c87c30b8a144d9b01784a8060670455f76b207517f66cf32fa0772975e0963b7373dba424beadf60d5bd08ea73e2b5620a5754455006934679b10e596821e2bd380d472c9096ca4c55d6106d0b88e38f6c54abc952c81617a06f93465241070fea3d9fc786e2625572ff2068ff84361b3883cc2c8b9a0a2f70119db13b47c924c73216bb12d1e68a03a08aa682ede113691db07b50f5e6fde6252f1520c"], &(0x7f00000001c0)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffef3, 0x10, &(0x7f00000000c0), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)=ANY=[@ANYRESOCT, @ANYRES16=r9, @ANYRES16, @ANYRESHEX=r5, @ANYRES64=r5, @ANYRES32=r3], 0x48)

4.421167815s ago: executing program 0 (id=1443):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x80800, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
ioctl$USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, 0x0)
ioctl$TIOCSSOFTCAR(r5, 0x541a, &(0x7f0000000100)=0x80000000)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, &(0x7f0000000140)="0000000000000001ff6943b800000008", 0x10, 0xfffffffffffffffb)
sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, 0x0, 0x4011)
dup3(0xffffffffffffffff, r4, 0x80000)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000e40)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0xfffffffd, @local, 0x7}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x7ffffff7}}], 0x1, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000200)={'lo\x00', <r8=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newaddr={0x48, 0x14, 0x9535393fea6295b5, 0x70bd27, 0x25dfdbff, {0xa, 0x17, 0x0, 0xff, r8}, [@IFA_LOCAL={0x14, 0x2, @loopback}, @IFA_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFA_RT_PRIORITY={0x8, 0x9, 0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x2004c040}, 0x0)

4.272533038s ago: executing program 5 (id=1444):
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x8a, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r3, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
dup3(r1, r4, 0x0)
r5 = dup(r0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

3.357193854s ago: executing program 0 (id=1445):
ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, &(0x7f0000000000)={{0x2, 0x4e23, @private=0xa010102}, {0x1, @remote}, 0x10, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'wlan0\x00'})
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000500)={0xa, 0xffff, 0x0, @mcast1, 0x9}, 0x18)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000bc0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8a", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_BIND_MAP(0x23, &(0x7f00000002c0)={r5, r6}, 0xc)
r7 = socket$nl_route(0x10, 0x3, 0x0)
tkill(0x0, 0x1)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000004800010025bd7000ffdbdf250a00"], 0x40}, 0x1, 0x0, 0x0, 0x20040010}, 0x0)
r8 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r8, 0x1, 0x0, &(0x7f0000000180)=0x5, 0x4)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
write$binfmt_elf64(r9, &(0x7f0000000380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00feffffff000000000000000040000000050000000000000000000000000000000000380001"], 0x78)
close(r9)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
shutdown(r8, 0x0)

2.983577325s ago: executing program 2 (id=1446):
openat$urandom(0xffffffffffffff9c, 0x0, 0x1503, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000000000)="10", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0xfffffffe, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
sendmsg$inet6(r0, &(0x7f0000000340)={&(0x7f00000000c0)={0xa, 0x4e23, 0x7, @dev={0xfe, 0x80, '\x00', 0x38}, 0x29}, 0x1c, &(0x7f0000000100)=[{&(0x7f00000002c0)='$', 0x1}], 0x1}, 0x20000000)
poll(0x0, 0x0, 0x400)
shutdown(r0, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000796412000000000000000001851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000106608000000001000180000000000001000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000200085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)

1.837267572s ago: executing program 0 (id=1447):
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$F2FS_IOC_RESIZE_FS(0xffffffffffffffff, 0x4008f510, &(0x7f00000008c0)=0x8000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x7c8})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000040000850000008200000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000080))
socket$inet_udp(0x2, 0x2, 0x0)
syz_io_uring_setup(0x10e, &(0x7f00000005c0)={0x0, 0x6d89, 0x10000, 0x40000, 0x115}, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x7)
syz_io_uring_setup(0x42e6, &(0x7f00000002c0)={0x0, 0x5eda, 0x10100, 0x2, 0x2d6}, &(0x7f0000000040), &(0x7f0000000140))
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)

1.736787768s ago: executing program 3 (id=1448):
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsmount(0xffffffffffffffff, 0x0, 0x0)
fchdir(r4)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='\b\x00'/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000580)={@fallback=r0, 0xf, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r6, 0xc048aec8, &(0x7f0000001840)={0x1, 0x0, @pic={0x0, 0x9, 0xfd, 0xb4, 0x0, 0x7f, 0x8d, 0x8, 0x8, 0x1d, 0x2, 0x5, 0x1, 0x8, 0x2, 0x3}})

1.456407968s ago: executing program 5 (id=1449):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket(0x1d, 0x2, 0x6)
write$bt_hci(r6, 0x0, 0x0)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r6, 0x6a, 0x2, 0x20000000, 0x7fc)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x20, r1, 0x1, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x44140}, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

578.347363ms ago: executing program 5 (id=1450):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
unshare(0x24060400)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd000000000000000800034000"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, 0x1, 0x4, 0x801, 0x0, 0x0, {0x7}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x2000004)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001ac0)={r1, 0x10000, {0x0, 0x0, 0x0, 0x26ad, 0xffffffffffff8000, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174ff10000000000000010e200"}})
writev(r2, &(0x7f0000000300)=[{&(0x7f00000000c0)='\b\r4V', 0x7e00}], 0x1)
writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000340)="cbf0", 0x2}], 0x1)
getsockopt$sock_buf(r0, 0x1, 0x48, &(0x7f0000000080)=""/217, &(0x7f0000003080)=0x9c)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={&(0x7f0000000200)="abcc7b66c286c109ec8dd0a244cf5e04b9b2e206b38c840852d7ff7d197fdc9397360b71bf15b47c861b1f87326536771a7bbe59fcbdd77bc9e19a1227d8fda4cd04f3d481c7c4cec993d45f911713796d0c4df0d0878b82d7c54d8cd7", &(0x7f0000000280)=""/69, &(0x7f0000000300)="80377be4e204822316905f5b7b73876ac7194a72e114de4e8b11255277a20e08746a9f6e2f34b2cbbb63eabf61d650c581df716c05fc0b48008eeb9f8e0af9165540039c32a2ebf01085375f80cb65b959a284aecbfa7374622e891ac5", &(0x7f0000000380)="afe787ebc5ad9f2ccc7c25308aa96aa526d6db0b940b719282f1b33f483e96fc33b35a97ac7294521e51d1973aec58db6c260d823c84910ea1b0f9f13def3b3991d0d89bef4c14b102f67657b9265803e4dcbd3825ffee3aa8f0707a03f1a88117925270463d26ff1c77eb8d7738bab80fb11d34a7619487fc07464cb3e5f53d49a387fa258d6c7dc8a982740a5d7ba6450d154f65b3441148709b4783ca47f25ac8bd2038c01141cc9b460b107982526b484d919466d0b7bc192acaea3bbb1d164cde65a86acc928e24a54a62bd1d4669bcb4869f9a7741a7cccb0bb2b5497adb10ac638e615e", 0x7fd2, 0xffffffffffffffff, 0x4}, 0x38)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x4c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24000011}, 0x800)

229.828447ms ago: executing program 2 (id=1451):
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) (async)
syz_usb_connect(0x0, 0x46, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000f3c7c820da059a0095620102030109023400010000000009049200030f6276000900000000000000790705e37e1b82e609050902944ca22900090501"], 0x0)
r0 = socket$kcm(0x11, 0x3, 0x0) (async)
r1 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x10100000000001f, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0x88000102, 0x3}) (async)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
r2 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x9) (async)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) (async)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg(r4, &(0x7f0000005280)=[{{0x0, 0x0, &(0x7f0000005240)=[{&(0x7f00000057c0)="03d158", 0x3}], 0x1}}], 0x1, 0x0)
ftruncate(r2, 0xffff) (async)
fcntl$addseals(r2, 0x409, 0x7) (async)
r5 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000100)={r2, 0x0, 0x0, 0x1000})
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000040))
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000100)=@hci={0x1f, 0x1, 0x3}, 0x80, &(0x7f0000000040)=[{&(0x7f00000006c0)="27050200340f14000600002fb96dbcf706060000170000005f45f491bdd54ec5ff1144ee162fd4deb8bf7256da82f600102c21880b00000000010040570000000600000000000000805db18fc0260ee65302fba79b6ede33d5653fc260616254bfd2094fcd732947077c67052b95dc84c79a46940cb8e29750471fde0e2190613b3537", 0x83}, {&(0x7f0000001340)="1c393502dda1a67d93b1ceccbe972c4fef9c33ecf2d824f3a33513f45f472bbdc8e3a2275f2587f0da0b3ae419bed996116448f90d113ce98aa985f379d729430858f5cb9a668a1800bf2354b33cdff83033de518580a3080d7f4cc2406e071138439e1566dd17983ee153ab672f362d3292e24a9952f18ec3d8b37bb3391096c1d4442a754899299321c03cbcfb98a26994b2a072c2b9d9c70d619545e5f61b050e40166d2ff57dcc008f24fd5339e7bc21e25863f80d2487c30b6bf781608a31d68e9319ab1712d8f5bdde849c040417c864cbfd3923dcb9fc6bdc2ea53334184b03efcb631dc68f0a7b6e13eea4b80d4237120e32932ca4e2b50bad0a35496d36a191d91f03b477b9587bc0ba489932e34f819fa1524ebad53a3d94b46c6aeff4f42fa067729fbb2862c09d337a75e0c8429d4bfe0dee2e1e23e8c22787178600ecca135623731e4701f35bd4e7c936a8ee274120e7662328a5aba1161b05889b045696721c79bff0547efe051f3c5de77fdd3c77afd41a1a7747a982b7efb013c9d6bac7d3ad1f9b7c3a5a1448b35696f03bca1c875e346edc55b7a271c3e5f3c0df72c8e4d7cccfa2e9b598f0ae06efbc1a5d5bd91aed6b32deccf7755cef50fab72633c802533b9d94f17f9be978f2514c47671575ee528fbdddc6194328e605e4d10e293756d20eb8a545f2bfe48df5d1d98a270458392a0a57647dcb8ee005e78877a072d12d0429b9b9957a695c3289b4a59469691115e6ba204181708b9d1ae47418ed594b8128f20c100f5485a84e60d73ab818da73fab78caf42afd1f89cdb29dfdd6676c55ea00d35321bc4878170c62b056b4e03ae556ac804026cabcbc8e79e7a18f2f56442cd650aa2bc88f62ebb65bfafd3e5b4c62ac2e720ff0fdf03c46889df55ff91058319c953f90cd6e7f7b15d56a58ff6128357510c4c618aa25434881d58c39092969ba1f7c444465f16d1f2561991e357bda928f2a50422f774f318fb41169a0d0324a8efd19b940a17c28cda06b750cd02155dbdbd1dc695e190a997ae8f4bb8766983d8db8678a78ae8f044b868549e9c60f7ce25a36300ce07f304e75d285e914b3aec703969df969b2736dd99fcab1944c751f8ef4c34cbb86d5f27ef9982be245949d5579b540750d1eac428b0cd2541295b577573b27e9ecac3934987e85b44bc85e6e307cf6f5683bf1c817369d556a368bc5560a1737aa2bec3cac4689e04fbe851ed4b6c1a355950522f8918af3855fe97ec285da15a20e8119483e7419fa2b0639d5add10b396a8033ec2b98d9a9fca3fc4202d0a6bcfa55798eacafa4c8efafb73a2ab89bb58b0c20364a6ad9c233dfb1bdbb87b8f91e3ab9790e876f906107183419aa7480e327388c01dc5f2d5bcb8a7565cddc4e1275741116416b66bf3adf9e7e31c3fc518740446ed2a394e7699baf9408c62b4c0e7a11dec8f4a67e78a3f00bedae9f55f36c52a1fd4ee3a8be7285f9ca898ee63d3718a7c4603bcb9a24537b34a41a6c0eee4cc609b014d3f4fb928aa7e3fa7a4f97dcef5c0e526b650284ffeda82f603ed9ea1eb6627d29d8bcd6c7e6fe128b1c4463b2cfe50c0ff9a46090635dde4b4d4a984e5a91f7486856cd2bf85088fa4d27b219628be8cdba7004d00985a73fb5b0b4b0f96844e73a8ff7884bdee1a0d6e62decfeebfb56351c135e6580fd61ea806ee5592fe4ffba5c73b8a4a04d44aa52645320cb73fe0c5f14a971d3b3f64c85f5ebaab5e1a061f5186050230286331048e43368e45cfc88e8f4d0d3b1b86b64d5394bc68c2b754389b3c18a45c1edb0496dd88cb3113bbdf1a0f127eb8cd52caf8da95b83d0decad3775b2f2e43776d0d32d447cdd0b267b32775e3473f51a233f8c91a4c07ad669da1844f3d9554f399d43ca1eda29c5c761b3936f845f0c4d1c6a56b8b34b5ab3291e06cd86de6116fc3236a11343d6f4ad02199717054ac1f15471c5a2b8efe67bd4bea33c0ca36e2c4209026849de21c1da1057f353cc824947d75119e4501b98cb9e621d0644e3f4a75353093557afcee7da41ad368fe1cbb426922772b9b262a861fbce9ae86d6e8c5a8de6a1e8f03456c0a354277a2f3ff46a62b6d6cdee4febf23e2350f94b47a05a4d0e7da37a2e97b899d92ca1f3bd1cded5588593e8bb99b9dce0731fa1174de14b63be2bf7e424f870551f213fab437aac092c2e9798959fa3616465e2b36fd49cc9af902d47debec02558c036ed991f1a3895b37cd70f3c405cca362c885542fd976e73be4cf7580a0c4d5a9527c77c189573e3be07ed15472f6b012939abb5be9f3e8a5b720307fb2dbca48b35d121702cfb6b3690559b08fbeb77d53d37582d7f44fe269ac51665632bf070cfc7445741b70306cb3f19b7fbecd19a78092dfd086a0da019734d95660ba4e5ce5bcf25f09403c32e3ec902f3717cca0eca05e791c2b8c2b8988645afa2446d5218abce136c0dbbafb95e4f4727a29cc567b3f73d5dbc1aeee746653a7f5c445add24a9c1b67d1bfeec85d2a6478e80c3acdb9439aa46c8cf14a98ffa89790ef7a94b3146088566812e28ccbafb466772b7fbb98dcf1e792eb6d0de0829c3c49c5ecdeea3e80017324a0fe724565c4e7a242764e9012442cae44b57c7121889c044be05b5eca70efb649bb528e751f072af93ae2c5053fdce196cce158136f904cf64f2cb8becc2d024f5ec32a38d78b87a4dfe7c53769dadef890efd160eb662cedb18a756aed83edfb9efbbb3648eb399e61f80077e64b95eae9d17083aed05cfc2e148621e36be1f41d373c721a11804fce269c688b0c647d6e1083e336d1f7f90a7a080a83397773cc351531070af5c1a1418f28dce95c01052a314a9ebe39cb9cddb8e7855e58c4a636b7f6250ecad312ede18664c03d92e330935295a35ea3e0306f25ca971300f782ae2f6e79a513732d22ef9b9bc41d17df3352a855cdd19b18f5abd6e6420f4f42f01750a64f6acdb6b46622fafebe3e913c64a1a6a59f980e97deae0dc83c12ccae6b430d7a28f21c3e0e38b32f3d5f1d44927fc34ed5c9ddb5be8eb936dbdcd327b63ea69d86c2da15cb834a18ee51a44f2da7b11d79486942fd04eade92fe5d93342970ca4cc73861b15facf97e9c53c15488c5630b17b9364c58652cfa6de0918327498ba8d6120d3be9139c51a6e9017525772397529ddd4fd1905614fd1cc7f1370a577ad10ec9ea742f9aedc9fee42c3df38f4b35ccb1cf8590eaf770b3f74af21f5119ac238e82e92c83321b06f106530abbbd321c3e1dc948accdc21a586ff37253ad1d0c5bfb51541f876be1b6e4f490046204b9edfe9a9721b9019a495d1efed10d4570f4c75ac56aa862f738b46cfe8899f6d92e862611b35be8931a2460dc646ed332b3046baf48613bbb543f4abda22d3d62a484665ba5bbf8fec1bb199b430a6e96cfad417a1644cc5f7f640004836c60f15a174eb7eb1750a71a141549f393c7d88b8729a33f841f7f8f2bd03dccaaa825f2e29105f6b4c11ac8e06bb3be9dfdecce66294a0be9dbc5f40123644fcac59ed0c968eb62fb14d111e900ad1c038f17d5471ab088f704de7db35753f818f55669a76e621b29d975253d177791e1434644a81b2b8bc4c8e147961b4f1b7f3e225571fecb10906957791b27d35a89e3ce84c91a2dc60aee460d8f41eb7b5e171516ef34d8c7dbbc8122cdeffa51b5a393d2cae7f69826d342d4d81b58ca7ddb0e688a15b39a00ef1aed5db337d1ab87e86f835663a4968c8bf5afd7cf80549f42588d9b8ea04ff3d9eac2b8ffd1155a504230103a68bd8b3c416a10d76cee236442a68393896587bc66c01a5f7f411325578d023d7619a89d0bcbbacae99b925fb72994e1ef4240cddad2294a56bec6d6243b95b04345c215bd48a3aa89786ba39b4d2f5015d8bd038c32a7b0eb02a4eb5a640371d9b4af540eb99a1e26547cc214da21e9538754a802972411a0bf416707b95457d0b77daac9bdf27a82b9aa7992ad1d3815f9a56a746eefa6f7e1913b6e3e859b2cc7797adcae825b7aad17c11e66597042c327a6473489a9664c5ce0ff8b1ecfb691daa0bd50c17f4597826553686bc2ee08eaca8dd6f77c626691699141a698e5b517e02130587ee503c7b5f638cbf32166b0d4ebe9222b6c9d50fb3db9d1ab060c31aabeef52cd51e5cf485eecc741e37a47c4996068f1d4b25f182b9d7bee4bec5cb070d3cea2f9762a41bb8d9ec5896ebcb2b17ca82f29bcce456412d8e8ee01b82bd168dfd942ef6feb8fbeaded531afda50d259fcb7794216b6a9a873b6c3c4493c0c6d3e6a4f81f3b40dcc745a4e2383c678c472b1d5bf3ff02992bfe893a5bc96824039da1ee3cf8593e7d616d62f6e3c3e2c4e0cc58d5445998cf5b1c91c2468b2571b118709668efbbe72911f1bfa96b97c32f71cd7071f4c729e88631a89b53dd4bae6ef9c4ed082916e267479195599e9871b26b92c6885ded29f990070fddc4d8535088ddc70d6e83f797b6fa2260a92602eb90800000001cb7394f0c90fb5913b2f8d8d24c8f1056920e1facbe643dd49d8983b277da7282a986c28d5468aed9a4730579a2039a397ee9a0a487f346d35f78b6bd2cacb4b9237fbfb0b7a2314105ff3b074a0e340b904e715e99c501e1435c15eaa262893c2883c90f26d2ff91792d46e4d867b62570e0c1e4739b8ac4fff8f778960de1ae40d4c85c51e1c47040bb2caeaf0c71dbb67c30715b8c14d6921831d7678522eeed29444df421ee206ca3be20d1b5fd2d2baf832f097fef590290eea77f8f3ed00b39841421b61f1c0d01def54bec0348be2216a8dad60838f3ad3595a744edeb6202dbcbd9c73a126a79cbefa43c7db0493103c2aa8fecb5cde1773ad0cdd03f5b0cfb0270642a96a9e14d116e9140501df48cdbf725611b398eb2b9e93f8da49e601099e0b2e880a95525b5f3f2edd74ae9d664a1f2e932493b61634ab53a1e2f3bf56add0a7f09c16853814b03a4212b9a0119420948da26bb171b288a66a2f0a4063754c2910512aa1cead69b94b498b5d4c44ce0a4aaa7855ee1a3b7ca738756a00a435062ccb86a40cc01f666d372f323e087ef5db2bc2d17ed1f72db14c52ca6723ce92ada6ff0c4f498d42d4218a9f799a216facb7377a1532e0755b894bfc0ee99a4072ac54ee5727846631574f348bf650e7d54b0ef3a1b5cc8233e660a2615bb7401f6c23e08ff0ddb488b9d504fc42508449b8fdd70afb387016e8c9206482c334f37d26fa3bdb6063f8147db9363e22c4b43b89ba0f68d06646fc1eb74fec0be4f59a17b274e0db67b2c039", 0xec4}, {&(0x7f0000000300)="1f7da2f0c99ffb815b58c74d6f7c71bd8ba3b13dcd0b7303551c34c4e8c81b970f5efe39825400e5fdca4dcf71bee004f8076bc034909e4e7783bfe3b2f4b0021bece403dcd4246080aed97e3d62b45358a65243ee54211a374fb0cb80e8fd2711c9129aa71845005f136cc3add133d8e2232a7347864fc1afdf984833d0736e64d6833bd6006df2a7ea93e740c7cb88fbac42fd6d1a063f534535dfb275adb500f3bbb16e5ccca5fceaaa2c06cc903082e743", 0xb3}], 0x3}, 0x9cdc2384016b48f8)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r6, 0x0, 0x30, &(0x7f0000000300)=""/236, &(0x7f0000000040)=0xec)
syz_usb_connect(0x6, 0x9a2, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r6], 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000980)={[{0x2d, 'memory'}, {0x2d, 'perf_event'}, {0x2d, 'cpuset'}]}, 0x1c) (async)
r7 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000021000/0x4000)=nil, 0x4000, 0x1000002, 0x11012, r7, 0x7738f000) (async)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000600)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x30, 0x1d34, 0x4, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0xa0, 0x3, [{{0x9, 0x4, 0x0, 0x7, 0x2, 0x3, 0x1, 0x3, 0x5, {0x9, 0x21, 0x7, 0x1, 0x1, {0x22, 0x488}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x13, 0x8, 0x7}}}}}]}}]}}, &(0x7f0000000900)={0xa, &(0x7f0000000640)={0xa, 0x6, 0x200, 0x4b, 0x0, 0x9, 0x40, 0xb2}, 0x8, &(0x7f0000000680)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x3, [{0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x1c00}}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x3c0a}}, {0xda, &(0x7f0000000800)=@string={0xda, 0x3, "00a45f9097634c7c0f9d2fba9c42715caf3dca24037f5552499676a07998ef9460baecf6c08980246285b8a0328965fb59041b2562f19208102e4c616352848937b5d6593e0b5ca7c89da639862f6ce14184b1182184b4627749a9ba6a46bd13cb12355a3f82064d9cee3b6654570250e385190aa0dc33c635f24097cc7c5a067e335de1ada81953fb5ef65a4aa9f902804b102518eb029cee1d72e9f78d715e1e1666b86fdf94ab1f7c1cc788dc69f9fcfd6344be8dbda29eae29c85c68ae63cbea73b0c972057e238d73cc54db9b5b06b81e44257098ae"}}]})
ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f0000000180)=@urb_type_interrupt={0x1, {0x4, 0x1}, 0x7fffffff, 0x41, &(0x7f00000001c0)="51bc9a6c961074a1633f40bd41fefbf5d3f6d8e09afc2c402dcc8034217ed6cdb44a82652d65fbc605aa10670e0fcc29161422dfc6975ca85f5ee652f5ee421557ecf5b17d3e99d23776947ab33521b10573189bb7f67791e9d090efc077a1f3eda89fb37510668e30a828eb62089045bf996e2a0ef84a2c0c2bb7cf344dd76c3419700285f9c3c70d7a0517690dbfa9b84f80126fc328eaff842e8a5518d143166a681fc51089a77563179cb46cdede1aa89185ad5f6bf76a78e2c8de7deb0411ca2994a1", 0xc5, 0xe75d, 0x4, 0x0, 0xc, 0x0, &(0x7f0000000400)="402fa8dc6dd59d7fefd806d502d0d8cb964564a9c85c8ebc8d1d8d24ae10d8ff0459f42aafa9ba710f476bb61d97b90fc69450330057cef97405ab9958957d21b7a3369cdac876806c801dba997727008fb8d7fe521cea6aaef2a21f0a47d85816f0a2a8af65b564dac23dc03aba25a5178580211fb84fd606e87f16e7e0d77509c74d3e45513e98d92288c8407729fb80edc6abc2f02dbc3d3d3bc8a9098f95a58dfcf40c43b6731f72bb2e2e97dea30e23bde0ed3f2fc6d3273f104e0ac0bb278e53387a429b408d71fd34dff7acabbbec736eb1377540a789014b3d44225519d6a825fc1b9ff9714ec9a52303fb3036a249d033"})
r8 = syz_open_dev$I2C(&(0x7f0000000100), 0x1, 0x402) (async)
r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_SNDMTU(r9, 0x112, 0xc, 0x0, &(0x7f0000000000)) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000002240)={0x2020, 0x0, 0x0, <r10=>0x0}, 0x2020)
mount$9p_fd(0x0, &(0x7f00000002c0)='.\x00', &(0x7f0000000500), 0x80400c, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r8}, 0x2c, {[{@dfltuid={'dfltuid', 0x3d, 0xee01}}, {@access_client}, {@cache_mmap}, {@debug={'debug', 0x3d, 0x8}}, {@noextend}], [{@uid_eq={'uid', 0x3d, r10}}]}})
read(r8, 0x0, 0x0)

0s ago: executing program 5 (id=1452):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4)

kernel console output (not intermixed with test programs):

3a0/0x420
[  387.700324][ T8602]  __x64_sys_sendmsg+0x19b/0x260
[  387.700346][ T8602]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  387.700373][ T8602]  ? __pfx_ksys_write+0x10/0x10
[  387.700389][ T8602]  ? rcu_is_watching+0x15/0xb0
[  387.700415][ T8602]  ? do_syscall_64+0xbe/0x3b0
[  387.700443][ T8602]  do_syscall_64+0xfa/0x3b0
[  387.700465][ T8602]  ? lockdep_hardirqs_on+0x9c/0x150
[  387.700487][ T8602]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.700502][ T8602]  ? clear_bhb_loop+0x60/0xb0
[  387.700521][ T8602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.700536][ T8602] RIP: 0033:0x7f2a7bf8e929
[  387.700550][ T8602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  387.700564][ T8602] RSP: 002b:00007f2a7cd47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  387.700580][ T8602] RAX: ffffffffffffffda RBX: 00007f2a7c1b5fa0 RCX: 00007f2a7bf8e929
[  387.700592][ T8602] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[  387.700602][ T8602] RBP: 00007f2a7cd47090 R08: 0000000000000000 R09: 0000000000000000
[  387.700611][ T8602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  387.700620][ T8602] R13: 0000000000000000 R14: 00007f2a7c1b5fa0 R15: 00007fff37e09968
[  387.700644][ T8602]  </TASK>
[  388.287863][ T8607] __nla_validate_parse: 46 callbacks suppressed
[  388.287887][ T8607] netlink: 16 bytes leftover after parsing attributes in process `syz.1.713'.
[  388.937656][ T8621] x_tables: duplicate underflow at hook 1
[  389.033343][ T8620] delete_channel: no stack
[  389.582275][   T43] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  389.804499][   T43] usb 1-1: Using ep0 maxpacket: 8
[  389.824532][   T43] usb 1-1: config 0 has an invalid interface number: 5 but max is 0
[  389.832740][   T43] usb 1-1: config 0 has no interface number 0
[  389.861399][   T43] usb 1-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  389.903651][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.922579][   T43] usb 1-1: Product: syz
[  389.937476][   T43] usb 1-1: Manufacturer: syz
[  389.942171][   T43] usb 1-1: SerialNumber: syz
[  390.015641][   T43] usb 1-1: config 0 descriptor??
[  390.465609][   T43] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  390.475252][   T43] gspca_sunplus: reg_w_riv err -71
[  390.480573][   T43] sunplus 1-1:0.5: probe with driver sunplus failed with error -71
[  390.490799][   T43] usb 1-1: USB disconnect, device number 15
[  390.585578][ T8647] sctp: [Deprecated]: syz.3.723 (pid 8647) Use of struct sctp_assoc_value in delayed_ack socket option.
[  390.585578][ T8647] Use struct sctp_sack_info instead
[  391.655831][ T8651] overlay: Bad value for 'nfs_export'
[  394.118596][ T8679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.733'.
[  394.120361][ T8679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.733'.
[  394.122049][ T8679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.733'.
[  394.123766][ T8679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.733'.
[  394.125284][ T8679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.733'.
[  394.127941][ T8679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.733'.
[  394.128857][ T8679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.733'.
[  394.129716][ T8679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.733'.
[  394.131072][ T8679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.733'.
[  394.131583][ T8679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.733'.
[  409.714844][ T5843] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  409.951522][ T5843] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  409.990930][ T5843] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  410.028201][ T5843] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  410.051842][ T5843] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.077820][ T5843] usb 4-1: config 0 descriptor??
[  410.518582][ T5843] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[  410.537954][ T5843] cp2112 0003:10C4:EA90.0003: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0
[  411.325074][ T5843] cp2112 0003:10C4:EA90.0003: Part Number: 0x82 Device Version: 0xFE
[  411.415703][ T5144] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  411.428401][ T5144] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  411.436919][ T5144] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  411.451133][ T5144] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  411.453662][ T8784] netlink: set zone limit has 8 unknown bytes
[  411.474572][ T5144] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  411.499462][ T8784] FAULT_INJECTION: forcing a failure.
[  411.499462][ T8784] name failslab, interval 1, probability 0, space 0, times 0
[  411.513573][ T8784] CPU: 1 UID: 0 PID: 8784 Comm: syz.2.763 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  411.513605][ T8784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  411.513619][ T8784] Call Trace:
[  411.513628][ T8784]  <TASK>
[  411.513638][ T8784]  dump_stack_lvl+0x189/0x250
[  411.513676][ T8784]  ? __pfx____ratelimit+0x10/0x10
[  411.513708][ T8784]  ? __pfx_dump_stack_lvl+0x10/0x10
[  411.513739][ T8784]  ? __pfx__printk+0x10/0x10
[  411.513767][ T8784]  ? __pfx___might_resched+0x10/0x10
[  411.513799][ T8784]  ? fs_reclaim_acquire+0x7d/0x100
[  411.513835][ T8784]  should_fail_ex+0x414/0x560
[  411.513878][ T8784]  should_failslab+0xa8/0x100
[  411.513909][ T8784]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  411.513936][ T8784]  ? __alloc_skb+0x112/0x2d0
[  411.513964][ T8784]  __alloc_skb+0x112/0x2d0
[  411.513991][ T8784]  netlink_ack+0x146/0xa50
[  411.514013][ T8784]  ? __pfx_genl_rcv_msg+0x10/0x10
[  411.514041][ T8784]  ? ref_tracker_free+0x63a/0x7d0
[  411.514073][ T8784]  ? __pfx_ref_tracker_free+0x10/0x10
[  411.514114][ T8784]  netlink_rcv_skb+0x28c/0x470
[  411.514140][ T8784]  ? __pfx_genl_rcv_msg+0x10/0x10
[  411.514173][ T8784]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  411.514217][ T8784]  ? down_read+0x1ad/0x2e0
[  411.514241][ T8784]  genl_rcv+0x28/0x40
[  411.514269][ T8784]  netlink_unicast+0x758/0x8d0
[  411.514303][ T8784]  netlink_sendmsg+0x805/0xb30
[  411.514342][ T8784]  ? __pfx_netlink_sendmsg+0x10/0x10
[  411.514377][ T8784]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  411.514403][ T8784]  ? __pfx_netlink_sendmsg+0x10/0x10
[  411.514430][ T8784]  __sock_sendmsg+0x21c/0x270
[  411.514466][ T8784]  ____sys_sendmsg+0x505/0x830
[  411.514499][ T8784]  ? __pfx_____sys_sendmsg+0x10/0x10
[  411.514538][ T8784]  ? import_iovec+0x74/0xa0
[  411.514563][ T8784]  ___sys_sendmsg+0x21f/0x2a0
[  411.514593][ T8784]  ? __pfx____sys_sendmsg+0x10/0x10
[  411.514662][ T8784]  ? __fget_files+0x2a/0x420
[  411.514691][ T8784]  ? __fget_files+0x3a0/0x420
[  411.514731][ T8784]  __x64_sys_sendmsg+0x19b/0x260
[  411.514760][ T8784]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  411.514796][ T8784]  ? __pfx_ksys_write+0x10/0x10
[  411.514818][ T8784]  ? rcu_is_watching+0x15/0xb0
[  411.514859][ T8784]  ? do_syscall_64+0xbe/0x3b0
[  411.514894][ T8784]  do_syscall_64+0xfa/0x3b0
[  411.514925][ T8784]  ? lockdep_hardirqs_on+0x9c/0x150
[  411.514955][ T8784]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.514976][ T8784]  ? clear_bhb_loop+0x60/0xb0
[  411.515001][ T8784]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.515021][ T8784] RIP: 0033:0x7f3945f8e929
[  411.515039][ T8784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  411.515058][ T8784] RSP: 002b:00007f3946e87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  411.515082][ T8784] RAX: ffffffffffffffda RBX: 00007f39461b5fa0 RCX: 00007f3945f8e929
[  411.515097][ T8784] RDX: 0000000000004010 RSI: 00002000000002c0 RDI: 0000000000000003
[  411.515111][ T8784] RBP: 00007f3946e87090 R08: 0000000000000000 R09: 0000000000000000
[  411.515124][ T8784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  411.515136][ T8784] R13: 0000000000000000 R14: 00007f39461b5fa0 R15: 00007fffd2b27c48
[  411.515168][ T8784]  </TASK>
[  412.004700][ T8791] tmpfs: Unknown parameter 'usrquota_block'
[  412.180962][ T8770] cp2112 0003:10C4:EA90.0003: Error starting transaction: -38
[  412.204838][ T5915] IPVS: starting estimator thread 0...
[  412.279291][ T5843] cp2112 0003:10C4:EA90.0003: error reading lock byte: -71
[  412.317934][ T5843] usb 4-1: USB disconnect, device number 18
[  412.344811][ T8792] IPVS: using max 33 ests per chain, 79200 per kthread
[  412.679482][ T6435] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  412.694155][ T6435] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  412.718652][ T8781] chnl_net:caif_netlink_parms(): no params data found
[  412.818370][ T6435] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  412.843935][ T6435] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  412.951164][ T6435] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  412.970695][ T6435] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.036995][ T8781] bridge0: port 1(bridge_slave_0) entered blocking state
[  413.053315][ T8781] bridge0: port 1(bridge_slave_0) entered disabled state
[  413.063594][ T8781] bridge_slave_0: entered allmulticast mode
[  413.089927][ T8781] bridge_slave_0: entered promiscuous mode
[  413.495517][ T6435] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  413.595950][ T6435] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.698424][ T5144] Bluetooth: hci5: command tx timeout
[  414.179694][ T8781] bridge0: port 2(bridge_slave_1) entered blocking state
[  414.247017][ T8781] bridge0: port 2(bridge_slave_1) entered disabled state
[  414.257488][ T8781] bridge_slave_1: entered allmulticast mode
[  414.284110][ T8781] bridge_slave_1: entered promiscuous mode
[  414.466865][ T8818] tmpfs: Bad value for 'mpol'
[  414.757486][ T8781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  414.967030][ T8781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  415.776892][ T5844] Bluetooth: hci5: command tx timeout
[  416.528893][ T8781] team0: Port device team_slave_0 added
[  416.565738][ T8833] __nla_validate_parse: 42 callbacks suppressed
[  416.565759][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'.
[  416.583478][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'.
[  416.594482][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'.
[  416.603342][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'.
[  416.614613][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'.
[  416.624891][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'.
[  416.634977][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'.
[  416.644742][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'.
[  416.655519][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'.
[  416.665813][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.772'.
[  416.816566][ T8781] team0: Port device team_slave_1 added
[  417.054845][ T5915] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  417.210377][ T8781] batman_adv: batadv0: Adding interface: batadv_slave_0
[  417.218996][ T8781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  417.257941][ T8781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  417.289563][ T5915] usb 3-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.00
[  417.478269][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.521415][ T8781] batman_adv: batadv0: Adding interface: batadv_slave_1
[  417.530877][ T5915] usb 3-1: config 0 descriptor??
[  417.546774][ T8781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  417.585291][ T8781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  417.608585][ T6435] bridge_slave_1: left allmulticast mode
[  417.625801][ T6435] bridge_slave_1: left promiscuous mode
[  417.633428][ T6435] bridge0: port 2(bridge_slave_1) entered disabled state
[  417.670621][ T6435] bridge_slave_0: left allmulticast mode
[  417.687019][ T6435] bridge_slave_0: left promiscuous mode
[  417.703152][ T6435] bridge0: port 1(bridge_slave_0) entered disabled state
[  417.815053][ T5844] Bluetooth: hci5: command tx timeout
[  418.314442][  T976] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  418.478641][  T976] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  418.527300][  T976] usb 1-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  418.539367][  T976] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.564313][  T976] usb 1-1: config 0 descriptor??
[  418.907215][ T6435] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  418.946485][ T6435] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  418.968058][ T6435] bond0 (unregistering): Released all slaves
[  419.153235][ T8865] tmpfs: Unknown parameter 'usrquota_block'
[  419.362395][  T976] petalynx 0003:18B1:0037.0004: unknown main item tag 0x5
[  419.390479][  T976] petalynx 0003:18B1:0037.0004: unknown global tag 0xd
[  419.398679][  T976] petalynx 0003:18B1:0037.0004: item 0 2 1 13 parsing failed
[  419.411682][  T976] petalynx 0003:18B1:0037.0004: parse failed
[  419.430132][  T976] petalynx 0003:18B1:0037.0004: probe with driver petalynx failed with error -22
[  419.480770][  T976] usb 1-1: USB disconnect, device number 16
[  419.643043][ T8843] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  419.649790][ T8843] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  419.671291][ T8843] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  419.677438][ T8843] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  419.687824][ T8843] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  419.693851][ T8843] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  419.713016][ T8843] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  419.719168][ T8843] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  419.894603][ T5844] Bluetooth: hci5: command tx timeout
[  420.019645][ T8781] hsr_slave_0: entered promiscuous mode
[  420.585847][ T8781] hsr_slave_1: entered promiscuous mode
[  420.592584][ T8781] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  420.725401][ T8781] Cannot create hsr debugfs directory
[  420.895528][ T8875] tmpfs: Bad value for 'mpol'
[  421.828088][ T8879] __nla_validate_parse: 97 callbacks suppressed
[  421.828111][ T8879] netlink: 4 bytes leftover after parsing attributes in process `syz.4.786'.
[  421.843553][ T8879] netlink: 4 bytes leftover after parsing attributes in process `syz.4.786'.
[  421.852874][ T8879] netlink: 4 bytes leftover after parsing attributes in process `syz.4.786'.
[  421.862436][ T8879] netlink: 4 bytes leftover after parsing attributes in process `syz.4.786'.
[  421.871611][ T8879] netlink: 4 bytes leftover after parsing attributes in process `syz.4.786'.
[  421.880650][ T8879] netlink: 4 bytes leftover after parsing attributes in process `syz.4.786'.
[  421.889947][ T8879] netlink: 4 bytes leftover after parsing attributes in process `syz.4.786'.
[  421.898944][ T8879] netlink: 4 bytes leftover after parsing attributes in process `syz.4.786'.
[  421.909633][ T8879] netlink: 4 bytes leftover after parsing attributes in process `syz.4.786'.
[  421.918772][ T8879] netlink: 4 bytes leftover after parsing attributes in process `syz.4.786'.
[  422.621951][ T5915] usb 3-1: string descriptor 0 read error: -32
[  422.637327][ T5915] go7007 3-1:0.0: probe with driver go7007 failed with error -12
[  423.200381][ T8843] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  423.206578][ T8843] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  423.265667][   T24] usb 3-1: USB disconnect, device number 8
[  423.697625][ T6435] hsr_slave_0: left promiscuous mode
[  423.718553][ T6435] hsr_slave_1: left promiscuous mode
[  423.736806][ T6435] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  423.755722][ T6435] batman_adv: batadv0: Removing interface: batadv_slave_0
[  424.335947][ T6435] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  424.371060][ T6435] batman_adv: batadv0: Removing interface: batadv_slave_1
[  424.465234][ T6435] veth1_macvtap: left promiscuous mode
[  424.471445][ T6435] veth0_macvtap: left promiscuous mode
[  424.508964][ T6435] veth1_vlan: left promiscuous mode
[  424.538801][ T6435] veth0_vlan: left promiscuous mode
[  425.646628][ T8906] ecryptfs: Unknown parameter '³('
[  426.452103][   T24] kernel write not supported for file /snd/seq (pid: 24 comm: kworker/1:0)
[  427.795737][ T8935] __nla_validate_parse: 96 callbacks suppressed
[  427.795762][ T8935] netlink: 4 bytes leftover after parsing attributes in process `syz.4.799'.
[  427.888319][ T8937] netlink: 28 bytes leftover after parsing attributes in process `syz.4.799'.
[  428.006361][ T8941] FAULT_INJECTION: forcing a failure.
[  428.006361][ T8941] name failslab, interval 1, probability 0, space 0, times 0
[  428.039470][ T8941] CPU: 0 UID: 0 PID: 8941 Comm: syz.3.800 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  428.039505][ T8941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  428.039525][ T8941] Call Trace:
[  428.039538][ T8941]  <TASK>
[  428.039548][ T8941]  dump_stack_lvl+0x189/0x250
[  428.039586][ T8941]  ? lockdep_hardirqs_on+0x9c/0x150
[  428.039621][ T8941]  ? __pfx_dump_stack_lvl+0x10/0x10
[  428.039673][ T8941]  should_fail_ex+0x414/0x560
[  428.039706][ T8941]  should_failslab+0xa8/0x100
[  428.039737][ T8941]  kmem_cache_alloc_noprof+0x73/0x3c0
[  428.039763][ T8941]  ? skb_clone+0x212/0x3a0
[  428.039796][ T8941]  skb_clone+0x212/0x3a0
[  428.039851][ T8941]  __netlink_deliver_tap+0x404/0x850
[  428.039891][ T8941]  ? netlink_deliver_tap+0x2e/0x1b0
[  428.039918][ T8941]  netlink_deliver_tap+0x19c/0x1b0
[  428.039946][ T8941]  netlink_unicast+0x72f/0x8d0
[  428.039981][ T8941]  netlink_sendmsg+0x805/0xb30
[  428.040019][ T8941]  ? __pfx_netlink_sendmsg+0x10/0x10
[  428.040055][ T8941]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  428.040082][ T8941]  ? __pfx_netlink_sendmsg+0x10/0x10
[  428.040108][ T8941]  __sock_sendmsg+0x21c/0x270
[  428.040146][ T8941]  ____sys_sendmsg+0x505/0x830
[  428.040180][ T8941]  ? __pfx_____sys_sendmsg+0x10/0x10
[  428.040218][ T8941]  ? import_iovec+0x74/0xa0
[  428.040244][ T8941]  ___sys_sendmsg+0x21f/0x2a0
[  428.040274][ T8941]  ? __pfx____sys_sendmsg+0x10/0x10
[  428.040341][ T8941]  ? __fget_files+0x2a/0x420
[  428.040374][ T8941]  ? __fget_files+0x3a0/0x420
[  428.040415][ T8941]  __x64_sys_sendmsg+0x19b/0x260
[  428.040446][ T8941]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  428.040485][ T8941]  ? __pfx_ksys_write+0x10/0x10
[  428.040509][ T8941]  ? rcu_is_watching+0x15/0xb0
[  428.040548][ T8941]  ? do_syscall_64+0xbe/0x3b0
[  428.040586][ T8941]  do_syscall_64+0xfa/0x3b0
[  428.040619][ T8941]  ? lockdep_hardirqs_on+0x9c/0x150
[  428.040651][ T8941]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.040673][ T8941]  ? clear_bhb_loop+0x60/0xb0
[  428.040701][ T8941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.040724][ T8941] RIP: 0033:0x7f9edf98e929
[  428.040744][ T8941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  428.040764][ T8941] RSP: 002b:00007f9ee0837038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  428.040789][ T8941] RAX: ffffffffffffffda RBX: 00007f9edfbb5fa0 RCX: 00007f9edf98e929
[  428.040806][ T8941] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  428.040820][ T8941] RBP: 00007f9ee0837090 R08: 0000000000000000 R09: 0000000000000000
[  428.040836][ T8941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  428.040861][ T8941] R13: 0000000000000000 R14: 00007f9edfbb5fa0 R15: 00007ffc2fe10a78
[  428.040896][ T8941]  </TASK>
[  428.317685][    C0] vkms_vblank_simulate: vblank timer overrun
[  428.718179][ T6435] team0 (unregistering): Port device team_slave_1 removed
[  428.770356][ T6435] team0 (unregistering): Port device team_slave_0 removed
[  429.544123][ T8953] ksmbd: Unknown IPC event: 4, ignore.
[  429.557555][ T8951] netlink: 'syz.0.801': attribute type 322 has an invalid length.
[  430.838898][ T8781] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  431.629531][ T8781] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  431.789678][ T8781] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  431.798957][ T8970] 9pnet_fd: Insufficient options for proto=fd
[  431.823638][ T8977] FAULT_INJECTION: forcing a failure.
[  431.823638][ T8977] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  431.842423][ T8781] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  431.878581][ T8977] CPU: 0 UID: 0 PID: 8977 Comm: syz.0.811 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  431.878615][ T8977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  431.878629][ T8977] Call Trace:
[  431.878638][ T8977]  <TASK>
[  431.878648][ T8977]  dump_stack_lvl+0x189/0x250
[  431.878686][ T8977]  ? __pfx____ratelimit+0x10/0x10
[  431.878719][ T8977]  ? __pfx_dump_stack_lvl+0x10/0x10
[  431.878759][ T8977]  ? __pfx__printk+0x10/0x10
[  431.878795][ T8977]  should_fail_ex+0x414/0x560
[  431.878828][ T8977]  _copy_to_user+0x31/0xb0
[  431.878853][ T8977]  simple_read_from_buffer+0xe1/0x170
[  431.878887][ T8977]  proc_fail_nth_read+0x1df/0x250
[  431.878922][ T8977]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  431.878957][ T8977]  ? rw_verify_area+0x258/0x650
[  431.878980][ T8977]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  431.879013][ T8977]  vfs_read+0x200/0x980
[  431.879043][ T8977]  ? __pfx___mutex_lock+0x10/0x10
[  431.879078][ T8977]  ? __pfx_vfs_read+0x10/0x10
[  431.879104][ T8977]  ? __fget_files+0x2a/0x420
[  431.879139][ T8977]  ? __fget_files+0x3a0/0x420
[  431.879166][ T8977]  ? __fget_files+0x2a/0x420
[  431.879205][ T8977]  ksys_read+0x145/0x250
[  431.879233][ T8977]  ? __pfx_ksys_read+0x10/0x10
[  431.879255][ T8977]  ? rcu_is_watching+0x15/0xb0
[  431.879294][ T8977]  ? do_syscall_64+0xbe/0x3b0
[  431.879331][ T8977]  do_syscall_64+0xfa/0x3b0
[  431.879363][ T8977]  ? lockdep_hardirqs_on+0x9c/0x150
[  431.879394][ T8977]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.879416][ T8977]  ? clear_bhb_loop+0x60/0xb0
[  431.879442][ T8977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.879464][ T8977] RIP: 0033:0x7f2a7bf8d33c
[  431.879483][ T8977] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  431.879502][ T8977] RSP: 002b:00007f2a7cd47030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  431.879525][ T8977] RAX: ffffffffffffffda RBX: 00007f2a7c1b5fa0 RCX: 00007f2a7bf8d33c
[  431.879541][ T8977] RDX: 000000000000000f RSI: 00007f2a7cd470a0 RDI: 0000000000000004
[  431.879555][ T8977] RBP: 00007f2a7cd47090 R08: 0000000000000000 R09: 0000000000000000
[  431.879568][ T8977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  431.879581][ T8977] R13: 0000000000000000 R14: 00007f2a7c1b5fa0 R15: 00007fff37e09968
[  431.879620][ T8977]  </TASK>
[  432.936643][ T8996] xt_CT: You must specify a L4 protocol and not use inversions on it
[  433.422360][ T9004] netlink: 2 bytes leftover after parsing attributes in process `syz.0.813'.
[  433.451759][ T6435] IPVS: stop unused estimator thread 0...
[  434.162489][ T8781] 8021q: adding VLAN 0 to HW filter on device bond0
[  434.204503][   T24] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  434.251152][ T8781] 8021q: adding VLAN 0 to HW filter on device team0
[  434.472671][ T6985] bridge0: port 1(bridge_slave_0) entered blocking state
[  434.480109][ T6985] bridge0: port 1(bridge_slave_0) entered forwarding state
[  435.208367][   T24] usb 4-1: device descriptor read/64, error -71
[  435.322180][ T6985] bridge0: port 2(bridge_slave_1) entered blocking state
[  435.329474][ T6985] bridge0: port 2(bridge_slave_1) entered forwarding state
[  435.475857][   T24] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  435.636607][   T24] usb 4-1: device descriptor read/64, error -71
[  435.778304][   T24] usb usb4-port1: attempt power cycle
[  437.234500][   T24] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  437.708638][   T24] usb 4-1: device descriptor read/8, error -71
[  438.088694][ T9046] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  438.405473][    T9] kernel write not supported for file /snd/seq (pid: 9 comm: kworker/0:0)
[  439.096238][    T9] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  439.533743][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  439.569336][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  439.600897][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  439.639488][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  439.692216][    T9] usb 3-1: SerialNumber: syz
[  439.723692][ T8781] 8021q: adding VLAN 0 to HW filter on device batadv0
[  439.920760][    T9] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  439.960622][    T9] usb-storage 3-1:1.0: USB Mass Storage device detected
[  440.932529][    T9] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  441.034803][    T9] scsi host1: usb-storage 3-1:1.0
[  441.486735][    T9] usb 3-1: USB disconnect, device number 9
[  442.918546][ T9107] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  444.484119][ T8781] veth0_vlan: entered promiscuous mode
[  444.705588][ T8781] veth1_vlan: entered promiscuous mode
[  445.427252][ T8781] veth0_macvtap: entered promiscuous mode
[  445.458793][ T8781] veth1_macvtap: entered promiscuous mode
[  445.588747][ T8781] batman_adv: batadv0: Interface activated: batadv_slave_0
[  445.620051][ T8781] batman_adv: batadv0: Interface activated: batadv_slave_1
[  445.675585][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  445.682170][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  445.802695][ T8781] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  445.823734][ T8781] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  445.840191][ T8781] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  445.849596][ T8781] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  446.591960][ T9145] tmpfs: Unknown parameter 'usrquota_block'
[  446.905828][ T6433] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  446.947689][ T6433] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  447.296382][    T9] kernel write not supported for file /snd/seq (pid: 9 comm: kworker/0:0)
[  448.004796][ T6429] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  448.012943][ T9159] tipc: Started in network mode
[  448.030905][ T6429] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  448.041986][ T9159] tipc: Node identity 26bd46a58841, cluster identity 4711
[  448.056162][ T9159] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  448.132916][ T9159] syzkaller0: entered promiscuous mode
[  448.165295][ T9159] syzkaller0: entered allmulticast mode
[  448.194988][ T5904] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[  448.218302][ T9159] tipc: Resetting bearer <eth:syzkaller0>
[  448.290638][ T9157] tipc: Resetting bearer <eth:syzkaller0>
[  448.409381][ T9157] tipc: Disabling bearer <eth:syzkaller0>
[  448.427968][ T5904] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  448.450023][ T5904] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  448.499564][ T5904] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  448.526596][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  448.565943][ T5904] usb 4-1: SerialNumber: syz
[  448.624789][ T5904] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  448.669746][ T5904] usb-storage 4-1:1.0: USB Mass Storage device detected
[  448.902021][ T5904] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  448.941523][ T5904] scsi host1: usb-storage 4-1:1.0
[  449.971323][ T5904] usb 4-1: USB disconnect, device number 23
[  453.134852][ T9197] fuse: Bad value for 'fd'
[  454.670994][ T9222] xt_hashlimit: max too large, truncated to 1048576
[  454.775952][ T9222] xt_limit: Overflow, try lower: 0/0
[  454.778338][ T9230] netlink: 36 bytes leftover after parsing attributes in process `syz.2.861'.
[  456.168116][ T9255] tmpfs: Bad value for 'mpol'
[  456.642690][ T9254] netlink: 28 bytes leftover after parsing attributes in process `syz.2.866'.
[  458.166205][ T9268] netlink: 4 bytes leftover after parsing attributes in process `syz.5.869'.
[  460.855489][ T9299] netlink: 36 bytes leftover after parsing attributes in process `syz.3.874'.
[  461.176086][ T9288] sctp: failed to load transform for md5: -2
[  461.259485][ T9310] tmpfs: Bad value for 'mpol'
[  463.310878][ T9343] netlink: 16 bytes leftover after parsing attributes in process `syz.5.889'.
[  463.378992][ T9343] netlink: 16 bytes leftover after parsing attributes in process `syz.5.889'.
[  463.600998][ T5904] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  463.958111][ T5904] usb 3-1: config 0 has no interfaces?
[  463.976425][ T5904] usb 3-1: New USB device found, idVendor=145f, idProduct=013a, bcdDevice= 5.86
[  464.010941][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.806817][ T5904] usb 3-1: Product: syz
[  464.834446][ T5904] usb 3-1: Manufacturer: syz
[  464.839130][ T5904] usb 3-1: SerialNumber: syz
[  464.886264][ T5904] usb 3-1: config 0 descriptor??
[  465.088046][ T9356] netlink: 36 bytes leftover after parsing attributes in process `syz.4.892'.
[  465.314025][ T5843] usb 3-1: USB disconnect, device number 10
[  465.327328][ T9361] tmpfs: Bad value for 'mpol'
[  466.168626][ T9392] netlink: 12 bytes leftover after parsing attributes in process `syz.3.900'.
[  466.244572][ T9381] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.253965][ T9381] bridge0: port 1(bridge_slave_0) entered disabled state
[  467.853117][ T9381] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  467.904809][ T9381] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  468.184711][ T9409] netlink: 36 bytes leftover after parsing attributes in process `syz.2.904'.
[  468.701593][ T9381] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  468.731976][ T9381] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  468.748173][ T9381] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  468.757709][ T9381] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  471.370905][ T9441] tipc: Started in network mode
[  471.399503][ T9441] tipc: Node identity beb064b14542, cluster identity 4711
[  471.421163][ T9441] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  471.508669][ T9441] syzkaller0: entered promiscuous mode
[  472.364629][ T9441] syzkaller0: entered allmulticast mode
[  472.407032][ T9453] tipc: Resetting bearer <eth:syzkaller0>
[  472.504751][ T9440] tipc: Resetting bearer <eth:syzkaller0>
[  472.645747][   T43] tipc: Node number set to 4226966705
[  472.662855][ T9440] tipc: Disabling bearer <eth:syzkaller0>
[  473.240255][ T9462] netlink: 36 bytes leftover after parsing attributes in process `syz.0.915'.
[  474.214740][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'.
[  474.223660][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'.
[  474.232678][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'.
[  474.241717][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'.
[  474.250784][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'.
[  474.259739][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'.
[  474.268870][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'.
[  474.284625][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'.
[  474.294787][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.916'.
[  475.048038][ T9474] FAULT_INJECTION: forcing a failure.
[  475.048038][ T9474] name failslab, interval 1, probability 0, space 0, times 0
[  475.674585][ T9474] CPU: 1 UID: 0 PID: 9474 Comm: syz.2.919 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  475.674619][ T9474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  475.674633][ T9474] Call Trace:
[  475.674642][ T9474]  <TASK>
[  475.674653][ T9474]  dump_stack_lvl+0x189/0x250
[  475.674692][ T9474]  ? __pfx____ratelimit+0x10/0x10
[  475.674726][ T9474]  ? __pfx_dump_stack_lvl+0x10/0x10
[  475.674759][ T9474]  ? __pfx__printk+0x10/0x10
[  475.674788][ T9474]  ? __pfx___might_resched+0x10/0x10
[  475.674820][ T9474]  ? fs_reclaim_acquire+0x7d/0x100
[  475.674855][ T9474]  should_fail_ex+0x414/0x560
[  475.674883][ T9474]  should_failslab+0xa8/0x100
[  475.674910][ T9474]  __kmalloc_cache_noprof+0x70/0x3d0
[  475.674932][ T9474]  ? genl_start+0x1c9/0x6c0
[  475.674963][ T9474]  genl_start+0x1c9/0x6c0
[  475.674987][ T9474]  ? netlink_lookup+0x30/0x200
[  475.675014][ T9474]  __netlink_dump_start+0x469/0x7e0
[  475.675044][ T9474]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  475.675075][ T9474]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  475.675101][ T9474]  ? genl_get_cmd+0x67f/0x910
[  475.675128][ T9474]  ? __pfx___mutex_lock+0x10/0x10
[  475.675169][ T9474]  ? __pfx_genl_start+0x10/0x10
[  475.675192][ T9474]  ? __pfx_genl_dumpit+0x10/0x10
[  475.675216][ T9474]  ? __pfx_genl_done+0x10/0x10
[  475.675257][ T9474]  genl_rcv_msg+0x5da/0x790
[  475.675290][ T9474]  ? __pfx_genl_rcv_msg+0x10/0x10
[  475.675314][ T9474]  ? ref_tracker_free+0x63a/0x7d0
[  475.675338][ T9474]  ? __pfx_smcr_nl_get_device+0x10/0x10
[  475.675363][ T9474]  ? __pfx_ref_tracker_free+0x10/0x10
[  475.675399][ T9474]  netlink_rcv_skb+0x205/0x470
[  475.675424][ T9474]  ? __pfx_genl_rcv_msg+0x10/0x10
[  475.675454][ T9474]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  475.675495][ T9474]  ? down_read+0x1ad/0x2e0
[  475.675518][ T9474]  genl_rcv+0x28/0x40
[  475.675545][ T9474]  netlink_unicast+0x758/0x8d0
[  475.675577][ T9474]  netlink_sendmsg+0x805/0xb30
[  475.675612][ T9474]  ? __pfx_netlink_sendmsg+0x10/0x10
[  475.675647][ T9474]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  475.675670][ T9474]  ? __pfx_netlink_sendmsg+0x10/0x10
[  475.675695][ T9474]  __sock_sendmsg+0x21c/0x270
[  475.675731][ T9474]  ____sys_sendmsg+0x505/0x830
[  475.675765][ T9474]  ? __pfx_____sys_sendmsg+0x10/0x10
[  475.675802][ T9474]  ? import_iovec+0x74/0xa0
[  475.675827][ T9474]  ___sys_sendmsg+0x21f/0x2a0
[  475.675856][ T9474]  ? __pfx____sys_sendmsg+0x10/0x10
[  475.675926][ T9474]  ? __fget_files+0x2a/0x420
[  475.675953][ T9474]  ? __fget_files+0x3a0/0x420
[  475.675994][ T9474]  __x64_sys_sendmsg+0x19b/0x260
[  475.676024][ T9474]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  475.676063][ T9474]  ? __pfx_ksys_write+0x10/0x10
[  475.676085][ T9474]  ? rcu_is_watching+0x15/0xb0
[  475.676122][ T9474]  ? do_syscall_64+0xbe/0x3b0
[  475.676164][ T9474]  do_syscall_64+0xfa/0x3b0
[  475.676191][ T9474]  ? lockdep_hardirqs_on+0x9c/0x150
[  475.676217][ T9474]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.676235][ T9474]  ? clear_bhb_loop+0x60/0xb0
[  475.676262][ T9474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.676280][ T9474] RIP: 0033:0x7f3945f8e929
[  475.676298][ T9474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  475.676316][ T9474] RSP: 002b:00007f3946e87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  475.676336][ T9474] RAX: ffffffffffffffda RBX: 00007f39461b5fa0 RCX: 00007f3945f8e929
[  475.676350][ T9474] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  475.676362][ T9474] RBP: 00007f3946e87090 R08: 0000000000000000 R09: 0000000000000000
[  475.676373][ T9474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  475.676384][ T9474] R13: 0000000000000000 R14: 00007f39461b5fa0 R15: 00007fffd2b27c48
[  475.676418][ T9474]  </TASK>
[  476.052297][    C1] vkms_vblank_simulate: vblank timer overrun
[  476.289829][ T9490] bridge2: port 1(ip6gretap1) entered blocking state
[  476.297178][ T9490] bridge2: port 1(ip6gretap1) entered disabled state
[  476.304156][ T9490] ip6gretap1: entered allmulticast mode
[  476.312670][ T9490] ip6gretap1: entered promiscuous mode
[  476.540748][ T9490] veth3: entered promiscuous mode
[  476.553720][ T9490] bridge2: port 2(veth3) entered blocking state
[  476.585463][ T9490] bridge2: port 2(veth3) entered disabled state
[  476.603097][ T9490] veth3: entered allmulticast mode
[  476.771991][ T5960] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  477.408082][ T5960] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  477.454455][ T5960] usb 3-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  477.482661][ T5960] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.518373][ T5960] usb 3-1: config 0 descriptor??
[  477.552477][ T9516] sg_write: process 619 (syz.0.930) changed security contexts after opening file descriptor, this is not allowed.
[  477.643753][ T9516] tipc: Invalid UDP bearer configuration
[  477.643844][ T9516] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  477.847347][ T9523] fuse: Unknown parameter 'fd-0x0000000000000005'
[  478.108473][ T5960] petalynx 0003:18B1:0037.0005: unknown main item tag 0x5
[  478.128532][ T5960] petalynx 0003:18B1:0037.0005: unknown global tag 0xd
[  478.135778][ T5960] petalynx 0003:18B1:0037.0005: item 0 2 1 13 parsing failed
[  478.143995][ T5960] petalynx 0003:18B1:0037.0005: parse failed
[  478.154121][ T5960] petalynx 0003:18B1:0037.0005: probe with driver petalynx failed with error -22
[  478.895650][ T5960] usb 3-1: USB disconnect, device number 11
[  479.214635][   T43] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  479.406746][   T43] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  479.479184][   T43] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  479.555019][   T43] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  479.598080][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  479.759741][ T9551] bio_check_eod: 3 callbacks suppressed
[  479.759765][ T9551] syz.4.941: attempt to access beyond end of device
[  479.759765][ T9551] loop9: rw=0, sector=0, nr_sectors = 1 limit=0
[  479.778547][ T9551] FAT-fs (loop9): unable to read boot sector
[  479.803000][ T9538] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  479.834812][   T43] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  479.894068][ T9559] __nla_validate_parse: 102 callbacks suppressed
[  479.894090][ T9559] netlink: 256 bytes leftover after parsing attributes in process `syz.2.944'.
[  480.057533][ T9561] netlink: 36 bytes leftover after parsing attributes in process `syz.3.943'.
[  480.605130][ T5960] usb 1-1: USB disconnect, device number 17
[  480.786513][ T6302] udevd[6302]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  480.971844][ T9578] Invalid logical block size (3328)
[  481.201722][ T9588] FAULT_INJECTION: forcing a failure.
[  481.201722][ T9588] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  481.314650][ T9588] CPU: 0 UID: 0 PID: 9588 Comm: syz.5.951 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  481.314681][ T9588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  481.314694][ T9588] Call Trace:
[  481.314702][ T9588]  <TASK>
[  481.314712][ T9588]  dump_stack_lvl+0x189/0x250
[  481.314749][ T9588]  ? __pfx____ratelimit+0x10/0x10
[  481.314781][ T9588]  ? __pfx_dump_stack_lvl+0x10/0x10
[  481.314813][ T9588]  ? __pfx__printk+0x10/0x10
[  481.314834][ T9588]  ? __might_fault+0xb0/0x130
[  481.314871][ T9588]  should_fail_ex+0x414/0x560
[  481.314905][ T9588]  _copy_from_user+0x2d/0xb0
[  481.314928][ T9588]  ___sys_sendmsg+0x158/0x2a0
[  481.314959][ T9588]  ? __pfx____sys_sendmsg+0x10/0x10
[  481.315025][ T9588]  ? __fget_files+0x2a/0x420
[  481.315053][ T9588]  ? __fget_files+0x3a0/0x420
[  481.315093][ T9588]  __sys_sendmmsg+0x227/0x430
[  481.315127][ T9588]  ? __pfx___sys_sendmmsg+0x10/0x10
[  481.315152][ T9588]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  481.315215][ T9588]  ? ksys_write+0x22a/0x250
[  481.315244][ T9588]  ? __pfx_ksys_write+0x10/0x10
[  481.315265][ T9588]  ? rcu_is_watching+0x15/0xb0
[  481.315303][ T9588]  __x64_sys_sendmmsg+0xa0/0xc0
[  481.315333][ T9588]  do_syscall_64+0xfa/0x3b0
[  481.315365][ T9588]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.315396][ T9588]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.315418][ T9588]  ? clear_bhb_loop+0x60/0xb0
[  481.315445][ T9588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.315466][ T9588] RIP: 0033:0x7f4b6b38e929
[  481.315486][ T9588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  481.315505][ T9588] RSP: 002b:00007f4b6c2da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  481.315528][ T9588] RAX: ffffffffffffffda RBX: 00007f4b6b5b5fa0 RCX: 00007f4b6b38e929
[  481.315545][ T9588] RDX: 3284b164842c97f7 RSI: 0000200000000c40 RDI: 0000000000000004
[  481.315560][ T9588] RBP: 00007f4b6c2da090 R08: 0000000000000000 R09: 0000000000000000
[  481.315573][ T9588] R10: 0000000000008014 R11: 0000000000000246 R12: 0000000000000001
[  481.315587][ T9588] R13: 0000000000000000 R14: 00007f4b6b5b5fa0 R15: 00007ffd85fb6e88
[  481.315628][ T9588]  </TASK>
[  481.970781][ T9606] netlink: 256 bytes leftover after parsing attributes in process `syz.3.955'.
[  482.595291][ T9612] netlink: 20 bytes leftover after parsing attributes in process `syz.0.956'.
[  483.243319][ T9615] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  484.257379][   T30] audit: type=1326 audit(1749950693.499:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9631 comm="syz.0.962" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a7bf8e929 code=0x0
[  484.278378][    C1] vkms_vblank_simulate: vblank timer overrun
[  489.143962][ T5960] kernel write not supported for file /snd/seq (pid: 5960 comm: kworker/0:7)
[  489.794667][ T9672] netlink: 256 bytes leftover after parsing attributes in process `syz.5.969'.
[  489.834849][ T5960] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  490.044814][ T5960] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  490.051685][ T9677] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  490.089953][ T5960] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  490.115902][ T9677] syzkaller0: entered promiscuous mode
[  490.131141][ T5960] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  490.137357][ T9677] syzkaller0: entered allmulticast mode
[  490.155518][ T5960] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  490.179100][ T5960] usb 4-1: SerialNumber: syz
[  490.405458][ T5960] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  490.422672][ T9677] tipc: Resetting bearer <eth:syzkaller0>
[  490.443233][ T5960] usb-storage 4-1:1.0: USB Mass Storage device detected
[  490.497381][ T9675] tipc: Resetting bearer <eth:syzkaller0>
[  490.497779][ T5960] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  490.541118][ T5960] scsi host1: usb-storage 4-1:1.0
[  490.541478][ T9675] tipc: Disabling bearer <eth:syzkaller0>
[  491.013835][   T24] usb 4-1: USB disconnect, device number 24
[  491.143108][ T9701] FAULT_INJECTION: forcing a failure.
[  491.143108][ T9701] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  491.224544][ T9701] CPU: 1 UID: 0 PID: 9701 Comm: syz.0.974 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  491.224601][ T9701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  491.224614][ T9701] Call Trace:
[  491.224623][ T9701]  <TASK>
[  491.224633][ T9701]  dump_stack_lvl+0x189/0x250
[  491.224671][ T9701]  ? __pfx____ratelimit+0x10/0x10
[  491.224702][ T9701]  ? __pfx_dump_stack_lvl+0x10/0x10
[  491.224734][ T9701]  ? __pfx__printk+0x10/0x10
[  491.224756][ T9701]  ? __might_fault+0xb0/0x130
[  491.224794][ T9701]  should_fail_ex+0x414/0x560
[  491.224827][ T9701]  _copy_from_user+0x2d/0xb0
[  491.224849][ T9701]  ___sys_sendmsg+0x158/0x2a0
[  491.224880][ T9701]  ? __pfx____sys_sendmsg+0x10/0x10
[  491.224946][ T9701]  ? __fget_files+0x2a/0x420
[  491.224974][ T9701]  ? __fget_files+0x3a0/0x420
[  491.225015][ T9701]  __sys_sendmmsg+0x227/0x430
[  491.225049][ T9701]  ? __pfx___sys_sendmmsg+0x10/0x10
[  491.225073][ T9701]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  491.225136][ T9701]  ? ksys_write+0x22a/0x250
[  491.225164][ T9701]  ? __pfx_ksys_write+0x10/0x10
[  491.225186][ T9701]  ? rcu_is_watching+0x15/0xb0
[  491.225225][ T9701]  __x64_sys_sendmmsg+0xa0/0xc0
[  491.225255][ T9701]  do_syscall_64+0xfa/0x3b0
[  491.225287][ T9701]  ? lockdep_hardirqs_on+0x9c/0x150
[  491.225318][ T9701]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.225340][ T9701]  ? clear_bhb_loop+0x60/0xb0
[  491.225366][ T9701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.225388][ T9701] RIP: 0033:0x7f2a7bf8e929
[  491.225407][ T9701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  491.225426][ T9701] RSP: 002b:00007f2a7cd47038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  491.225449][ T9701] RAX: ffffffffffffffda RBX: 00007f2a7c1b5fa0 RCX: 00007f2a7bf8e929
[  491.225465][ T9701] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000004
[  491.225479][ T9701] RBP: 00007f2a7cd47090 R08: 0000000000000000 R09: 0000000000000000
[  491.225492][ T9701] R10: 0000000000040800 R11: 0000000000000246 R12: 0000000000000001
[  491.225506][ T9701] R13: 0000000000000000 R14: 00007f2a7c1b5fa0 R15: 00007fff37e09968
[  491.225539][ T9701]  </TASK>
[  491.294798][ T5960] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  491.296260][    C1] vkms_vblank_simulate: vblank timer overrun
[  491.465163][    C1] vkms_vblank_simulate: vblank timer overrun
[  491.744420][ T5960] usb 6-1: device descriptor read/64, error -71
[  491.883123][ T9712] netlink: 'syz.2.976': attribute type 1 has an invalid length.
[  491.986082][ T5960] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  491.991862][ T9712] 8021q: adding VLAN 0 to HW filter on device bond1
[  492.020735][ T9719] No control pipe specified
[  492.052157][ T9716] 8021q: adding VLAN 0 to HW filter on device bond1
[  492.062332][ T9716] bond1: (slave ipip0): The slave device specified does not support setting the MAC address
[  492.084996][ T9716] bond1: (slave ipip0): Error -95 calling set_mac_address
[  492.134926][ T5960] usb 6-1: device descriptor read/64, error -71
[  492.215072][ T9724] ksmbd: Unknown IPC event: 4, ignore.
[  492.246994][ T5960] usb usb6-port1: attempt power cycle
[  493.594939][ T5960] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  493.631450][ T5960] usb 6-1: device descriptor read/8, error -71
[  493.774909][ T5904] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  493.895461][ T5960] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  493.926722][ T5904] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  493.964835][ T5904] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  494.008447][ T5960] usb 6-1: device descriptor read/8, error -71
[  494.031870][ T5904] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  494.079494][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.149232][ T9743] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  494.171212][ T5960] usb usb6-port1: unable to enumerate USB device
[  494.212562][ T5904] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  494.461820][ T9761] No control pipe specified
[  497.061035][ T5904] usb 4-1: USB disconnect, device number 25
[  497.186670][ T9782] 9pnet_fd: Insufficient options for proto=fd
[  497.924480][ T5915] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  497.969284][ T9799] 9pnet_fd: Insufficient options for proto=fd
[  498.053783][ T9803] No control pipe specified
[  498.134459][ T5915] usb 6-1: device descriptor read/64, error -71
[  498.385060][ T5915] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  498.534522][ T5915] usb 6-1: device descriptor read/64, error -71
[  499.283606][ T5915] usb usb6-port1: attempt power cycle
[  500.514715][ T5915] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  500.606276][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'.
[  500.617268][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'.
[  500.626372][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'.
[  500.635798][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'.
[  500.642963][ T5915] usb 6-1: device descriptor read/8, error -71
[  500.644893][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'.
[  500.644956][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'.
[  500.645008][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'.
[  500.645059][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'.
[  500.645108][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'.
[  500.645158][ T9831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'.
[  501.074958][ T9843] binder: 9841:9843 ioctl c0306201 2000000003c0 returned -14
[  505.593440][ T9890] No control pipe specified
[  506.204913][ T9907] netlink: 'syz.0.1026': attribute type 1 has an invalid length.
[  507.156741][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  507.163413][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  508.716627][ T9907] 8021q: adding VLAN 0 to HW filter on device bond1
[  509.245901][ T9939] netlink: 'syz.3.1032': attribute type 21 has an invalid length.
[  509.292421][ T9939] netlink: 'syz.3.1032': attribute type 6 has an invalid length.
[  509.378156][ T9939] __nla_validate_parse: 43 callbacks suppressed
[  509.378211][ T9939] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1032'.
[  509.439036][ T9943] ksmbd: Unknown IPC event: 4, ignore.
[  512.293795][ T9973] random: crng reseeded on system resumption
[  513.068377][ T9984] No control pipe specified
[  513.338287][   T24] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  513.697069][ T9994] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1048'.
[  514.302329][ T9986] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1046'.
[  514.697218][   T24] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  514.732736][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.793827][   T24] usb 6-1: config 0 descriptor??
[  514.855328][   T24] cp210x 6-1:0.0: cp210x converter detected
[  515.070939][   T24] usb 6-1: cp210x converter now attached to ttyUSB0
[  517.281340][   T24] usb 6-1: USB disconnect, device number 10
[  517.355747][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  517.384843][   T24] cp210x 6-1:0.0: device disconnected
[  517.458912][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1054'.
[  517.468328][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1054'.
[  517.477700][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1054'.
[  517.486965][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1054'.
[  517.496307][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1054'.
[  517.505588][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1054'.
[  517.515037][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1054'.
[  517.524207][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1054'.
[  517.535901][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1054'.
[  517.545308][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1054'.
[  518.415178][T10035] fuse: Bad value for 'fd'
[  518.491050][T10040] FAULT_INJECTION: forcing a failure.
[  518.491050][T10040] name failslab, interval 1, probability 0, space 0, times 0
[  518.606715][T10040] CPU: 1 UID: 0 PID: 10040 Comm: syz.2.1058 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  518.606748][T10040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  518.606762][T10040] Call Trace:
[  518.606770][T10040]  <TASK>
[  518.606780][T10040]  dump_stack_lvl+0x189/0x250
[  518.606818][T10040]  ? __pfx____ratelimit+0x10/0x10
[  518.606850][T10040]  ? __pfx_dump_stack_lvl+0x10/0x10
[  518.606882][T10040]  ? __pfx__printk+0x10/0x10
[  518.606907][T10040]  ? __pfx___might_resched+0x10/0x10
[  518.606939][T10040]  ? fs_reclaim_acquire+0x7d/0x100
[  518.606976][T10040]  should_fail_ex+0x414/0x560
[  518.607009][T10040]  should_failslab+0xa8/0x100
[  518.607040][T10040]  __kmalloc_noprof+0xcb/0x4f0
[  518.607064][T10040]  ? tomoyo_encode+0x28b/0x550
[  518.607111][T10040]  tomoyo_encode+0x28b/0x550
[  518.607149][T10040]  tomoyo_realpath_from_path+0x58d/0x5d0
[  518.607195][T10040]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  518.607222][T10040]  tomoyo_path_number_perm+0x1e8/0x5a0
[  518.607253][T10040]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  518.607299][T10040]  ? __lock_acquire+0xab9/0xd20
[  518.607349][T10040]  ? __fget_files+0x2a/0x420
[  518.607381][T10040]  ? __fget_files+0x2a/0x420
[  518.607409][T10040]  ? __fget_files+0x3a0/0x420
[  518.607437][T10040]  ? __fget_files+0x2a/0x420
[  518.607471][T10040]  security_file_ioctl+0xcb/0x2d0
[  518.607504][T10040]  __se_sys_ioctl+0x47/0x170
[  518.607531][T10040]  do_syscall_64+0xfa/0x3b0
[  518.607563][T10040]  ? lockdep_hardirqs_on+0x9c/0x150
[  518.607595][T10040]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.607618][T10040]  ? clear_bhb_loop+0x60/0xb0
[  518.607644][T10040]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.607667][T10040] RIP: 0033:0x7f3945f8e929
[  518.607686][T10040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  518.607705][T10040] RSP: 002b:00007f3946e87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  518.607729][T10040] RAX: ffffffffffffffda RBX: 00007f39461b5fa0 RCX: 00007f3945f8e929
[  518.607746][T10040] RDX: 0000000000000000 RSI: 000000005000940c RDI: 0000000000000003
[  518.607759][T10040] RBP: 00007f3946e87090 R08: 0000000000000000 R09: 0000000000000000
[  518.607773][T10040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  518.607786][T10040] R13: 0000000000000000 R14: 00007f39461b5fa0 R15: 00007fffd2b27c48
[  518.607820][T10040]  </TASK>
[  518.607895][T10040] ERROR: Out of memory at tomoyo_realpath_from_path.
[  518.950250][   T30] audit: type=1804 audit(1749950728.199:146): pid=10051 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.1061" name="/newroot/203/file0/bus" dev="tmpfs" ino=2 res=1 errno=0
[  519.384884][ T5904] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  519.597492][ T5904] usb 6-1: not running at top speed; connect to a high speed hub
[  519.617545][ T5904] usb 6-1: config 1 has an invalid interface number: 237 but max is 1
[  519.632164][ T5904] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  519.661986][ T5904] usb 6-1: config 1 has an invalid interface number: 241 but max is 1
[  519.680923][ T5904] usb 6-1: config 1 has no interface number 0
[  519.691084][ T5904] usb 6-1: config 1 has no interface number 1
[  519.708772][ T5904] usb 6-1: config 1 interface 237 altsetting 4 has an invalid endpoint descriptor of length 5, skipping
[  519.740681][ T5904] usb 6-1: config 1 interface 237 altsetting 4 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  519.768223][ T5904] usb 6-1: config 1 interface 237 altsetting 4 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  519.790774][ T5904] usb 6-1: config 1 interface 237 altsetting 4 has a duplicate endpoint with address 0x6, skipping
[  519.824869][ T5904] usb 6-1: config 1 interface 237 altsetting 4 has a duplicate endpoint with address 0x2, skipping
[  519.845350][ T5904] usb 6-1: config 1 interface 237 altsetting 4 has 8 endpoint descriptors, different from the interface descriptor's value: 14
[  520.272390][ T5904] usb 6-1: too many endpoints for config 1 interface 241 altsetting 255: 129, using maximum allowed: 30
[  520.331191][ T5904] usb 6-1: config 1 interface 241 altsetting 255 endpoint 0xE has invalid maxpacket 1023, setting to 64
[  520.355971][ T5904] usb 6-1: config 1 interface 241 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  520.431927][ T5904] usb 6-1: config 1 interface 241 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  520.492653][ T5904] usb 6-1: config 1 interface 241 altsetting 255 has an invalid descriptor for endpoint zero, skipping
[  520.554694][ T5904] usb 6-1: config 1 interface 241 altsetting 255 has 4 endpoint descriptors, different from the interface descriptor's value: 129
[  520.599784][ T5904] usb 6-1: config 1 interface 237 has no altsetting 0
[  520.634498][ T5904] usb 6-1: config 1 interface 241 has no altsetting 0
[  520.673633][ T5904] usb 6-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=d9.e9
[  520.712775][ T5904] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.748447][ T5904] usb 6-1: Product: у
[  520.762941][ T5904] usb 6-1: Manufacturer: �
[  520.782667][ T5904] usb 6-1: SerialNumber: â �
[  521.124437][ T5915] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  521.252943][ T5904] usb 6-1: Found UVC 216.0c device у (8086:0b5b)
[  521.270669][ T5904] usb 6-1: No valid video chain found.
[  521.316368][ T5915] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  521.325161][ T5904] usb 6-1: USB disconnect, device number 11
[  521.351444][ T5915] usb 4-1: config 0 has no interfaces?
[  521.379572][ T5915] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  521.424097][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  521.444583][ T5915] usb 4-1: Product: syz
[  521.448878][ T5915] usb 4-1: Manufacturer: syz
[  521.456549][T10093] fuse: Bad value for 'fd'
[  521.465177][ T5915] usb 4-1: SerialNumber: syz
[  521.496384][ T5915] usb 4-1: config 0 descriptor??
[  521.912100][   T24] usb 4-1: USB disconnect, device number 26
[  523.549265][T10121] overlay: filesystem on ./file1 not supported
[  523.644502][   T24] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  523.844647][   T24] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  523.884556][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  523.981018][   T24] usb 6-1: config 0 descriptor??
[  524.095894][T10136] __nla_validate_parse: 48 callbacks suppressed
[  524.095940][T10136] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1079'.
[  524.519069][   T24] gspca_main: cpia1-2.14.0 probing 0813:0001
[  524.785866][T10119] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1077'.
[  524.894878][T10119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.916569][T10119] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  525.507469][   T24] gspca_cpia1: usb_control_msg 03, error -32
[  525.525635][   T24] cpia1 6-1:0.0: unexpected state after lo power cmd: 01
[  525.554773][T10148] fuse: Bad value for 'fd'
[  526.445040][   T24] gspca_cpia1: usb_control_msg 02, error -71
[  526.455842][T10161] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1084'.
[  526.484926][   T24] gspca_cpia1: usb_control_msg 05, error -71
[  526.494656][   T24] cpia1 6-1:0.0: unexpected systemstate: 01
[  526.524456][   T24] usb 6-1: USB disconnect, device number 12
[  526.835647][T10170] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1087'.
[  528.363026][T10188] ksmbd: Unknown IPC event: 4, ignore.
[  529.354545][T10183] kvm: apic: phys broadcast and lowest prio
[  529.813924][T10204] ksmbd: Unknown IPC event: 4, ignore.
[  531.417670][T10220] fuse: Bad value for 'fd'
[  531.801419][T10227] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1098'.
[  531.873943][T10230] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  531.917266][T10230] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1100'.
[  533.830909][T10255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  533.846302][T10255] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  534.204804][ T5904] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  534.489008][    T9] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  534.697082][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  534.735018][    T9] usb 4-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  534.778718][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.787924][T10273] random: crng reseeded on system resumption
[  534.842049][    T9] usb 4-1: config 0 descriptor??
[  535.064820][ T5904] usb 6-1: device descriptor read/64, error -71
[  535.268181][    T9] petalynx 0003:18B1:0037.0006: unknown main item tag 0x5
[  535.304864][ T5904] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  535.313589][    T9] petalynx 0003:18B1:0037.0006: unknown global tag 0xd
[  535.343124][    T9] petalynx 0003:18B1:0037.0006: item 0 2 1 13 parsing failed
[  535.391518][    T9] petalynx 0003:18B1:0037.0006: parse failed
[  535.411426][    T9] petalynx 0003:18B1:0037.0006: probe with driver petalynx failed with error -22
[  535.464781][ T5904] usb 6-1: device descriptor read/64, error -71
[  535.512160][ T5843] usb 4-1: USB disconnect, device number 27
[  535.608093][ T5904] usb usb6-port1: attempt power cycle
[  535.964951][ T5904] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  536.029624][ T5904] usb 6-1: device descriptor read/8, error -71
[  536.396606][ T5904] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  536.437932][ T5904] usb 6-1: device descriptor read/8, error -71
[  536.461340][T10294] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1111'.
[  536.556699][ T5904] usb usb6-port1: unable to enumerate USB device
[  540.706291][T10326] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  541.570737][T10330] fuse: Bad value for 'fd'
[  541.744508][ T5926] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  541.938258][ T5926] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  541.994336][ T5926] usb 6-1: config 1 has no interface number 1
[  542.027917][ T5926] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  542.068254][   T24] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  542.084408][ T5926] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.122408][ T5926] usb 6-1: Product: syz
[  542.157500][ T5926] usb 6-1: Manufacturer: syz
[  542.162198][ T5926] usb 6-1: SerialNumber: syz
[  542.261999][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  542.313943][   T24] usb 3-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  542.369078][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.659318][   T24] usb 3-1: config 0 descriptor??
[  543.090289][   T24] petalynx 0003:18B1:0037.0007: unknown main item tag 0x5
[  543.142810][   T24] petalynx 0003:18B1:0037.0007: unknown global tag 0xd
[  543.184933][   T24] petalynx 0003:18B1:0037.0007: item 0 2 1 13 parsing failed
[  543.231437][   T24] petalynx 0003:18B1:0037.0007: parse failed
[  543.255562][   T24] petalynx 0003:18B1:0037.0007: probe with driver petalynx failed with error -22
[  543.331675][   T24] usb 3-1: USB disconnect, device number 12
[  543.796127][ T5926] usb 6-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  543.913552][ T5926] usb 6-1: USB disconnect, device number 17
[  544.337998][ T6609] udevd[6609]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  544.572769][ T5144] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  544.609878][ T5144] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  544.620853][ T5144] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  544.636774][ T5144] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  544.652622][ T5144] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  546.704562][ T5844] Bluetooth: hci0: command tx timeout
[  548.160520][T10354] chnl_net:caif_netlink_parms(): no params data found
[  548.775411][ T5844] Bluetooth: hci0: command tx timeout
[  550.854778][ T5844] Bluetooth: hci0: command tx timeout
[  550.891011][T10354] bridge0: port 1(bridge_slave_0) entered blocking state
[  550.925441][T10354] bridge0: port 1(bridge_slave_0) entered disabled state
[  551.003981][T10354] bridge_slave_0: entered allmulticast mode
[  551.021105][T10354] bridge_slave_0: entered promiscuous mode
[  551.058640][T10354] bridge0: port 2(bridge_slave_1) entered blocking state
[  551.187294][T10354] bridge0: port 2(bridge_slave_1) entered disabled state
[  551.465347][T10354] bridge_slave_1: entered allmulticast mode
[  551.617190][T10354] bridge_slave_1: entered promiscuous mode
[  551.742359][T10428] FAULT_INJECTION: forcing a failure.
[  551.742359][T10428] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  551.889615][T10354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  551.914737][T10428] CPU: 1 UID: 0 PID: 10428 Comm: syz.0.1138 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  551.914769][T10428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  551.914783][T10428] Call Trace:
[  551.914792][T10428]  <TASK>
[  551.914802][T10428]  dump_stack_lvl+0x189/0x250
[  551.914840][T10428]  ? __pfx____ratelimit+0x10/0x10
[  551.914871][T10428]  ? __pfx_dump_stack_lvl+0x10/0x10
[  551.914903][T10428]  ? __pfx__printk+0x10/0x10
[  551.914937][T10428]  should_fail_ex+0x414/0x560
[  551.914970][T10428]  _copy_to_user+0x31/0xb0
[  551.914993][T10428]  simple_read_from_buffer+0xe1/0x170
[  551.915025][T10428]  proc_fail_nth_read+0x1df/0x250
[  551.915058][T10428]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  551.915091][T10428]  ? rw_verify_area+0x258/0x650
[  551.915112][T10428]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  551.915143][T10428]  vfs_read+0x200/0x980
[  551.915173][T10428]  ? __pfx___mutex_lock+0x10/0x10
[  551.915207][T10428]  ? __pfx_vfs_read+0x10/0x10
[  551.915233][T10428]  ? __fget_files+0x2a/0x420
[  551.915268][T10428]  ? __fget_files+0x3a0/0x420
[  551.915296][T10428]  ? __fget_files+0x2a/0x420
[  551.915332][T10428]  ksys_read+0x145/0x250
[  551.915359][T10428]  ? __pfx_ksys_read+0x10/0x10
[  551.915381][T10428]  ? fput+0xa0/0xd0
[  551.915418][T10428]  ? do_syscall_64+0xbe/0x3b0
[  551.915456][T10428]  do_syscall_64+0xfa/0x3b0
[  551.915488][T10428]  ? lockdep_hardirqs_on+0x9c/0x150
[  551.915526][T10428]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.915550][T10428]  ? clear_bhb_loop+0x60/0xb0
[  551.915577][T10428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.915597][T10428] RIP: 0033:0x7f2a7bf8d33c
[  551.915617][T10428] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  551.915636][T10428] RSP: 002b:00007f2a7cd47030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  551.915659][T10428] RAX: ffffffffffffffda RBX: 00007f2a7c1b5fa0 RCX: 00007f2a7bf8d33c
[  551.915676][T10428] RDX: 000000000000000f RSI: 00007f2a7cd470a0 RDI: 0000000000000004
[  551.915690][T10428] RBP: 00007f2a7cd47090 R08: 0000000000000000 R09: 0000000000000000
[  551.915704][T10428] R10: 0000200000001b40 R11: 0000000000000246 R12: 0000000000000001
[  551.915717][T10428] R13: 0000000000000000 R14: 00007f2a7c1b5fa0 R15: 00007fff37e09968
[  551.915752][T10428]  </TASK>
[  552.410707][T10354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  552.940477][ T5844] Bluetooth: hci0: command tx timeout
[  553.175997][T10354] team0: Port device team_slave_0 added
[  553.192880][T10354] team0: Port device team_slave_1 added
[  554.103685][T10354] batman_adv: batadv0: Adding interface: batadv_slave_0
[  554.274904][T10354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  554.302021][T10354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  554.314837][T10354] batman_adv: batadv0: Adding interface: batadv_slave_1
[  554.321815][T10354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  554.482355][T10354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  555.149550][T10354] hsr_slave_0: entered promiscuous mode
[  555.195704][T10354] hsr_slave_1: entered promiscuous mode
[  556.454605][ T5844] Bluetooth: hci0: command tx timeout
[  560.033151][T10354] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  560.631880][T10354] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  561.444469][T10354] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  561.539244][T10354] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  562.382960][T10354] 8021q: adding VLAN 0 to HW filter on device bond0
[  562.426582][T10354] 8021q: adding VLAN 0 to HW filter on device team0
[  562.511750][ T6419] bridge0: port 1(bridge_slave_0) entered blocking state
[  562.518984][ T6419] bridge0: port 1(bridge_slave_0) entered forwarding state
[  563.123580][ T6419] bridge0: port 2(bridge_slave_1) entered blocking state
[  563.130912][ T6419] bridge0: port 2(bridge_slave_1) entered forwarding state
[  563.922257][T10535] fuse: Bad value for 'group_id'
[  563.927734][T10535] fuse: Bad value for 'group_id'
[  565.570869][T10354] 8021q: adding VLAN 0 to HW filter on device batadv0
[  565.932694][T10555] bond0: entered promiscuous mode
[  565.950608][T10555] bond_slave_0: entered promiscuous mode
[  565.970046][T10555] bond_slave_1: entered promiscuous mode
[  567.794917][ T5904] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  567.975699][ T5904] usb 3-1: Using ep0 maxpacket: 32
[  567.988294][ T5904] usb 3-1: unable to get BOS descriptor or descriptor too short
[  568.014033][ T5904] usb 3-1: config 1 has an invalid descriptor of length 168, skipping remainder of the config
[  568.065697][ T5904] usb 3-1: config 1 interface 0 altsetting 32 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  568.129838][T10555] sctp: failed to load transform for md5: -2
[  568.437382][ T5904] usb 3-1: config 1 interface 0 has no altsetting 0
[  568.464867][ T5904] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  568.485333][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.505219][ T5904] usb 3-1: Product: syz
[  568.521548][ T5904] usb 3-1: Manufacturer: syz
[  568.532489][ T5904] usb 3-1: SerialNumber: syz
[  568.555618][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  568.568005][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  568.979290][ T5904] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  569.048540][ T5926] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  569.110066][T10354] veth0_vlan: entered promiscuous mode
[  569.135838][ T5904] usb 3-1: USB disconnect, device number 13
[  569.178058][T10354] veth1_vlan: entered promiscuous mode
[  569.255301][ T5926] usb 4-1: Using ep0 maxpacket: 16
[  569.325040][ T5926] usb 4-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  569.376401][ T5926] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  569.446270][T10354] veth0_macvtap: entered promiscuous mode
[  569.452004][ T5926] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  569.500249][T10354] veth1_macvtap: entered promiscuous mode
[  569.507521][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.524004][T10596] FAULT_INJECTION: forcing a failure.
[  569.524004][T10596] name failslab, interval 1, probability 0, space 0, times 0
[  569.564784][ T5926] usb 4-1: Product: syz
[  569.569041][ T5926] usb 4-1: Manufacturer: syz
[  569.604459][T10596] CPU: 1 UID: 0 PID: 10596 Comm: syz.0.1178 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  569.604492][T10596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  569.604506][T10596] Call Trace:
[  569.604515][T10596]  <TASK>
[  569.604525][T10596]  dump_stack_lvl+0x189/0x250
[  569.604563][T10596]  ? __pfx____ratelimit+0x10/0x10
[  569.604596][T10596]  ? __pfx_dump_stack_lvl+0x10/0x10
[  569.604628][T10596]  ? __pfx__printk+0x10/0x10
[  569.604654][T10596]  ? __pfx___might_resched+0x10/0x10
[  569.604683][T10596]  ? fs_reclaim_acquire+0x7d/0x100
[  569.604718][T10596]  should_fail_ex+0x414/0x560
[  569.604759][T10596]  should_failslab+0xa8/0x100
[  569.604787][T10596]  __kmalloc_cache_noprof+0x70/0x3d0
[  569.604814][T10596]  ? rtnl_newlink+0xed/0x1c70
[  569.604834][T10596]  ? kasan_save_free_info+0x46/0x50
[  569.604871][T10596]  rtnl_newlink+0xed/0x1c70
[  569.604889][T10596]  ? netlink_sendmsg+0x805/0xb30
[  569.604912][T10596]  ? __sock_sendmsg+0x21c/0x270
[  569.604941][T10596]  ? ____sys_sendmsg+0x505/0x830
[  569.604964][T10596]  ? ___sys_sendmsg+0x21f/0x2a0
[  569.604987][T10596]  ? __x64_sys_sendmsg+0x19b/0x260
[  569.605012][T10596]  ? do_syscall_64+0xfa/0x3b0
[  569.605043][T10596]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  569.605074][T10596]  ? __pfx_rtnl_newlink+0x10/0x10
[  569.605119][T10596]  ? kasan_quarantine_put+0xdd/0x220
[  569.605141][T10596]  ? lockdep_hardirqs_on+0x9c/0x150
[  569.605176][T10596]  ? nlmon_xmit+0xb0/0x100
[  569.605205][T10596]  ? kmem_cache_free+0x18f/0x400
[  569.605238][T10596]  ? __local_bh_enable_ip+0x12d/0x1c0
[  569.605269][T10596]  ? lockdep_hardirqs_on+0x9c/0x150
[  569.605301][T10596]  ? __local_bh_enable_ip+0x12d/0x1c0
[  569.605331][T10596]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  569.605365][T10596]  ? __dev_queue_xmit+0x27e/0x3a70
[  569.605393][T10596]  ? __dev_queue_xmit+0x27e/0x3a70
[  569.605420][T10596]  ? __dev_queue_xmit+0x27e/0x3a70
[  569.605450][T10596]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  569.605489][T10596]  ? __lock_acquire+0xab9/0xd20
[  569.605545][T10596]  ? __pfx_rtnl_newlink+0x10/0x10
[  569.605566][T10596]  rtnetlink_rcv_msg+0x7cf/0xb70
[  569.605592][T10596]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  569.605614][T10596]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  569.605632][T10596]  ? ref_tracker_free+0x63a/0x7d0
[  569.605658][T10596]  ? __copy_skb_header+0xa7/0x550
[  569.605688][T10596]  ? __pfx_ref_tracker_free+0x10/0x10
[  569.605716][T10596]  ? __skb_clone+0x63/0x7a0
[  569.605759][T10596]  netlink_rcv_skb+0x205/0x470
[  569.605785][T10596]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  569.605807][T10596]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  569.605844][T10596]  ? netlink_deliver_tap+0x2e/0x1b0
[  569.605869][T10596]  ? netlink_deliver_tap+0x2e/0x1b0
[  569.605898][T10596]  netlink_unicast+0x758/0x8d0
[  569.605931][T10596]  netlink_sendmsg+0x805/0xb30
[  569.605967][T10596]  ? __pfx_netlink_sendmsg+0x10/0x10
[  569.606000][T10596]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  569.606027][T10596]  ? __pfx_netlink_sendmsg+0x10/0x10
[  569.606053][T10596]  __sock_sendmsg+0x21c/0x270
[  569.606089][T10596]  ____sys_sendmsg+0x505/0x830
[  569.606122][T10596]  ? __pfx_____sys_sendmsg+0x10/0x10
[  569.606160][T10596]  ? import_iovec+0x74/0xa0
[  569.606184][T10596]  ___sys_sendmsg+0x21f/0x2a0
[  569.606214][T10596]  ? __pfx____sys_sendmsg+0x10/0x10
[  569.606279][T10596]  ? __fget_files+0x2a/0x420
[  569.606307][T10596]  ? __fget_files+0x3a0/0x420
[  569.606347][T10596]  __x64_sys_sendmsg+0x19b/0x260
[  569.606377][T10596]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  569.606415][T10596]  ? __pfx_ksys_write+0x10/0x10
[  569.606438][T10596]  ? rcu_is_watching+0x15/0xb0
[  569.606474][T10596]  ? do_syscall_64+0xbe/0x3b0
[  569.606510][T10596]  do_syscall_64+0xfa/0x3b0
[  569.606542][T10596]  ? lockdep_hardirqs_on+0x9c/0x150
[  569.606573][T10596]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  569.606595][T10596]  ? clear_bhb_loop+0x60/0xb0
[  569.606622][T10596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  569.606643][T10596] RIP: 0033:0x7f2a7bf8e929
[  569.606663][T10596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  569.606683][T10596] RSP: 002b:00007f2a7cd47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  569.606705][T10596] RAX: ffffffffffffffda RBX: 00007f2a7c1b5fa0 RCX: 00007f2a7bf8e929
[  569.606720][T10596] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[  569.606733][T10596] RBP: 00007f2a7cd47090 R08: 0000000000000000 R09: 0000000000000000
[  569.606754][T10596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  569.606767][T10596] R13: 0000000000000000 R14: 00007f2a7c1b5fa0 R15: 00007fff37e09968
[  569.606800][T10596]  </TASK>
[  569.606864][ T5926] usb 4-1: SerialNumber: syz
[  569.806873][T10354] batman_adv: batadv0: Interface activated: batadv_slave_0
[  570.252296][ T5926] usb 4-1: rejected 1 configuration due to insufficient available bus power
[  570.261174][ T5926] usb 4-1: no configuration chosen from 1 choice
[  570.321306][T10600] ksmbd: Unknown IPC event: 4, ignore.
[  570.370822][T10354] batman_adv: batadv0: Interface activated: batadv_slave_1
[  570.398369][T10602] netlink: 364 bytes leftover after parsing attributes in process `syz.2.1182'.
[  570.678359][T10354] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  570.709155][T10354] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  570.760011][T10354] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  570.833802][T10354] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  570.987997][T10613] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1183'.
[  571.780801][ T5812] usb 4-1: USB disconnect, device number 28
[  571.860884][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  571.875594][T10623] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1187'.
[  571.908851][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  571.945074][T10623] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1187'.
[  572.304513][ T5812] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  572.757740][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  572.768496][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  572.924583][ T5812] usb 4-1: Using ep0 maxpacket: 8
[  574.251770][   T30] audit: type=1400 audit(1749950783.469:147): lsm=SMACK fn=smack_file_receive action=denied subject="w" object="_" requested=w pid=10633 comm="syz.2.1190" path="socket:[26142]" dev="sockfs" ino=26142
[  574.466231][T10644] autofs: Unknown parameter '0x0000000000000000'
[  574.675961][T10647] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1124'.
[  575.279691][ T5812] usb 4-1: unable to get BOS descriptor or descriptor too short
[  575.330226][ T5812] usb 4-1: unable to read config index 0 descriptor/start: -71
[  575.368942][ T5812] usb 4-1: can't read configurations, error -71
[  575.400425][T10650] ksmbd: Unknown IPC event: 4, ignore.
[  575.406800][T10651] autofs: Unknown parameter '0x0000000000000000'
[  575.855555][T10659] input: syz1 as /devices/virtual/input/input20
[  575.954594][   T24] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  576.144663][   T24] usb 3-1: Using ep0 maxpacket: 32
[  576.180931][   T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  576.290930][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'.
[  576.300785][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'.
[  576.311923][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'.
[  576.321110][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'.
[  576.330449][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'.
[  576.339560][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'.
[  576.348788][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'.
[  576.357866][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'.
[  576.366922][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'.
[  576.376368][T10668] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1198'.
[  576.396066][   T24] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  576.411686][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  576.418382][T10667] kvm: apic: phys broadcast and lowest prio
[  576.421318][   T24] usb 3-1: Product: syz
[  576.431586][   T24] usb 3-1: Manufacturer: syz
[  576.469176][   T24] usb 3-1: SerialNumber: syz
[  576.543459][   T24] usb 3-1: config 0 descriptor??
[  576.574755][T10658] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  576.673646][   T24] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input21
[  576.905595][ T5812] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  576.949353][ T5904] usb 3-1: USB disconnect, device number 14
[  576.949487][    C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  577.825158][ T5812] usb 6-1: config 0 has an invalid interface number: 117 but max is 0
[  577.933146][ T5812] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  577.951951][ T5812] usb 6-1: config 0 has no interface number 0
[  577.958714][ T5812] usb 6-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  577.994319][ T5812] usb 6-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  578.089168][ T5812] usb 6-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  578.140113][ T5812] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.188228][ T5812] usb 6-1: Product: syz
[  578.215808][ T5812] usb 6-1: Manufacturer: syz
[  578.237958][ T5812] usb 6-1: SerialNumber: syz
[  578.291797][ T5812] usb 6-1: config 0 descriptor??
[  580.169648][T10693] netlink: 'syz.5.1200': attribute type 1 has an invalid length.
[  580.452519][T10693] bond1: entered promiscuous mode
[  580.478491][T10693] 8021q: adding VLAN 0 to HW filter on device bond1
[  580.686889][T10710] fuse: Bad value for 'fd'
[  580.942918][T10702] bond1: (slave bridge2): making interface the new active one
[  581.226777][T10702] bridge2: entered promiscuous mode
[  581.247726][T10702] bond1: (slave bridge2): Enslaving as an active interface with an up link
[  581.310621][T10712] __nla_validate_parse: 45 callbacks suppressed
[  581.310645][T10712] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1208'.
[  581.418324][    T9] usb 6-1: USB disconnect, device number 18
[  581.512124][T10717] ksmbd: Unknown IPC event: 4, ignore.
[  581.847475][T10722] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1211'.
[  582.859777][T10722] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1211'.
[  584.245223][T10748] tmpfs: Bad value for 'mpol'
[  584.766762][T10750] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1219'.
[  585.775692][ T5926] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  585.814491][ T5812] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  585.994829][ T5926] usb 3-1: Using ep0 maxpacket: 8
[  586.016902][ T5926] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  586.184779][    T9] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  586.204684][ T5812] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  586.244003][ T5926] usb 3-1: config 179 has no interface number 0
[  586.261970][ T5812] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  586.274627][ T5926] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  586.298919][ T5812] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  586.308873][ T5926] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  586.324687][ T5812] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.334927][ T5926] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  586.357773][ T5812] usb 1-1: config 0 descriptor??
[  586.374962][    T9] usb 4-1: Using ep0 maxpacket: 8
[  586.378354][ T5926] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  586.420022][T10768] ksmbd: Unknown IPC event: 4, ignore.
[  586.430700][    T9] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  586.433333][ T5926] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  586.481177][    T9] usb 4-1: config 179 has no interface number 0
[  586.507046][    T9] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  586.675074][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.700130][T10756] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  586.750214][    T9] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  586.828897][    T9] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 102, changing to 10
[  586.879844][    T9] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 24624, setting to 1024
[  586.922918][    T9] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  586.953180][    T9] usb 4-1: config 179 interface 65 has no altsetting 0
[  586.969201][    T9] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  587.091363][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.058511][ T5926] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input23
[  588.294822][T10778] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  588.992801][    T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input24
[  592.719997][ T5179] input input24: unable to receive magic message: -110
[  592.812606][ T5960] usb 3-1: USB disconnect, device number 15
[  592.812605][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  592.828057][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  592.918034][    T9] usb 4-1: USB disconnect, device number 31
[  592.924078][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  592.937300][ T5960] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  592.948001][ T5812] usb 1-1: USB disconnect, device number 18
[  593.047159][    T9] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  593.231061][T10790] autofs: Unknown parameter 'fd0x0000000000000000'
[  593.603321][T10796] tmpfs: Bad value for 'mpol'
[  593.915532][ T5960] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  594.192508][ T5960] usb 3-1: Using ep0 maxpacket: 32
[  594.246116][ T5960] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  594.274290][ T5960] usb 3-1: config 0 has no interface number 0
[  594.471978][ T5960] usb 3-1: config 0 interface 184 has no altsetting 0
[  594.484401][ T5960] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  594.493539][ T5960] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  594.624979][   T30] audit: type=1326 audit(1749950803.879:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10801 comm="syz.6.1235" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f827e78e929 code=0x0
[  594.858359][ T5960] usb 3-1: Product: syz
[  594.863993][ T5960] usb 3-1: Manufacturer: syz
[  594.871103][ T5960] usb 3-1: SerialNumber: syz
[  595.502690][ T5960] usb 3-1: config 0 descriptor??
[  595.545759][ T5960] smsc75xx v1.0.0
[  595.900582][T10826] misc userio: Can't change port type on an already running userio instance
[  596.214764][    T9] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  596.362937][T10791] netlink: 'syz.2.1233': attribute type 10 has an invalid length.
[  596.502931][T10791] syz_tun: entered promiscuous mode
[  596.547310][    T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  596.590562][    T9] usb 7-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  596.628508][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  596.631179][T10791] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  596.683797][    T9] usb 7-1: Product: syz
[  596.705123][ T5960] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  596.734689][    T9] usb 7-1: Manufacturer: syz
[  596.759271][ T5960] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  596.769509][    T9] usb 7-1: SerialNumber: syz
[  596.815594][    T9] usb 7-1: config 0 descriptor??
[  596.873949][ T5960] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  596.905146][ T5960] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71
[  596.927375][    T9] ims_pcu 7-1:0.0: Missing CDC union descriptor
[  596.933706][    T9] ims_pcu 7-1:0.0: probe with driver ims_pcu failed with error -22
[  596.948436][ T5960] usb 3-1: USB disconnect, device number 16
[  600.997693][    T9] usb 7-1: USB disconnect, device number 2
[  601.012999][T10841] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1245'.
[  601.361944][T10850] tmpfs: Bad value for 'mpol'
[  601.464988][ T5812] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  601.928171][ T5812] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  602.000743][ T5812] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  602.116997][ T5812] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  602.165455][ T5812] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  602.173552][ T5812] usb 4-1: Manufacturer: syz
[  602.235228][ T5812] usb 4-1: config 0 descriptor??
[  603.878788][ T5812] rc_core: IR keymap rc-hauppauge not found
[  603.986483][ T5812] Registered IR keymap rc-empty
[  604.010618][ T5812] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  604.265019][T10864] UHID_CREATE from different security context by process 824 (syz.0.1250), this is not allowed.
[  604.865561][ T5812] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input25
[  605.064432][ T5812] usb 4-1: USB disconnect, device number 32
[  607.212754][T10887] tmpfs: Unknown parameter 'usrquota_block'
[  608.978069][T10896] kvm: apic: phys broadcast and lowest prio
[  609.398075][T10908] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1264'.
[  609.534804][T10908] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1264'.
[  610.086889][ T5915] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  610.409730][ T5915] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  610.432898][ T5915] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  610.444633][ T5812] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  610.481628][ T5915] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  610.513520][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.558650][T10905] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  610.662168][ T5812] usb 7-1: config 0 interface 0 has no altsetting 0
[  610.714433][ T5812] usb 7-1: New USB device found, idVendor=045e, idProduct=00f9, bcdDevice= 0.00
[  610.729554][ T5915] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  610.820593][ T5812] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.162406][ T5812] usb 7-1: config 0 descriptor??
[  611.230642][T10923] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1265'.
[  612.514817][ T5915] usb 3-1: USB disconnect, device number 17
[  612.616393][ T5812] microsoft 0003:045E:00F9.0008: hidraw0: USB HID v0.02 Device [HID 045e:00f9] on usb-dummy_hcd.6-1/input0
[  612.739888][ T5812] microsoft 0003:045E:00F9.0008: no inputs found
[  612.804362][ T5812] microsoft 0003:045E:00F9.0008: could not initialize ff, continuing anyway
[  612.875274][ T5812] usb 7-1: USB disconnect, device number 3
[  613.821791][T10933] FAULT_INJECTION: forcing a failure.
[  613.821791][T10933] name failslab, interval 1, probability 0, space 0, times 0
[  613.855850][T10933] CPU: 0 UID: 0 PID: 10933 Comm: syz.5.1273 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  613.855881][T10933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  613.855892][T10933] Call Trace:
[  613.855898][T10933]  <TASK>
[  613.855905][T10933]  dump_stack_lvl+0x189/0x250
[  613.855934][T10933]  ? __pfx____ratelimit+0x10/0x10
[  613.855957][T10933]  ? __pfx_dump_stack_lvl+0x10/0x10
[  613.855980][T10933]  ? __pfx__printk+0x10/0x10
[  613.856000][T10933]  ? __pfx___might_resched+0x10/0x10
[  613.856027][T10933]  should_fail_ex+0x414/0x560
[  613.856050][T10933]  should_failslab+0xa8/0x100
[  613.856072][T10933]  kmem_cache_alloc_noprof+0x73/0x3c0
[  613.856091][T10933]  ? taskstats_exit+0x14a/0xa30
[  613.856112][T10933]  taskstats_exit+0x14a/0xa30
[  613.856129][T10933]  ? do_exit+0x352/0x22e0
[  613.856147][T10933]  ? seccomp_filter_release+0xe3/0x120
[  613.856172][T10933]  do_exit+0x630/0x22e0
[  613.856193][T10933]  ? do_raw_spin_lock+0x121/0x290
[  613.856212][T10933]  ? __pfx_do_exit+0x10/0x10
[  613.856240][T10933]  do_group_exit+0x21c/0x2d0
[  613.856256][T10933]  ? lockdep_hardirqs_on+0x9c/0x150
[  613.856281][T10933]  get_signal+0x125e/0x1310
[  613.856318][T10933]  arch_do_signal_or_restart+0x9a/0x750
[  613.856338][T10933]  ? __fget_files+0x3a0/0x420
[  613.856362][T10933]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  613.856400][T10933]  ? exit_to_user_mode_loop+0x40/0x110
[  613.856424][T10933]  exit_to_user_mode_loop+0x75/0x110
[  613.856445][T10933]  do_syscall_64+0x2bd/0x3b0
[  613.856469][T10933]  ? lockdep_hardirqs_on+0x9c/0x150
[  613.856491][T10933]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.856507][T10933]  ? clear_bhb_loop+0x60/0xb0
[  613.856526][T10933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.856541][T10933] RIP: 0033:0x7f4b6b38e929
[  613.856555][T10933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.856568][T10933] RSP: 002b:00007f4b6c2da038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  613.856585][T10933] RAX: fffffffffffffe00 RBX: 00007f4b6b5b5fa0 RCX: 00007f4b6b38e929
[  613.856597][T10933] RDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000003
[  613.856606][T10933] RBP: 00007f4b6c2da090 R08: 0000000000000000 R09: 0000000000000000
[  613.856616][T10933] R10: 0000000000010100 R11: 0000000000000246 R12: 0000000000000001
[  613.856625][T10933] R13: 0000000000000000 R14: 00007f4b6b5b5fa0 R15: 00007ffd85fb6e88
[  613.856648][T10933]  </TASK>
[  614.153368][T10942] fido_id[10942]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  616.773368][T10961] tmpfs: Bad value for 'mpol'
[  619.956225][T10988] FAULT_INJECTION: forcing a failure.
[  619.956225][T10988] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  620.054692][T10988] CPU: 1 UID: 0 PID: 10988 Comm: syz.3.1288 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  620.054726][T10988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  620.054741][T10988] Call Trace:
[  620.054749][T10988]  <TASK>
[  620.054759][T10988]  dump_stack_lvl+0x189/0x250
[  620.054790][T10988]  ? __pfx____ratelimit+0x10/0x10
[  620.054818][T10988]  ? __pfx_dump_stack_lvl+0x10/0x10
[  620.054843][T10988]  ? __pfx__printk+0x10/0x10
[  620.054860][T10988]  ? __might_fault+0xb0/0x130
[  620.054892][T10988]  should_fail_ex+0x414/0x560
[  620.054917][T10988]  _copy_from_iter+0x1db/0x16f0
[  620.054946][T10988]  ? rcu_is_watching+0x15/0xb0
[  620.054973][T10988]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  620.054995][T10988]  ? __pfx__copy_from_iter+0x10/0x10
[  620.055022][T10988]  ? __build_skb_around+0x257/0x3e0
[  620.055053][T10988]  ? netlink_sendmsg+0x642/0xb30
[  620.055072][T10988]  ? skb_put+0x11b/0x210
[  620.055094][T10988]  netlink_sendmsg+0x6b2/0xb30
[  620.055122][T10988]  ? __pfx_netlink_sendmsg+0x10/0x10
[  620.055148][T10988]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  620.055169][T10988]  ? __pfx_netlink_sendmsg+0x10/0x10
[  620.055190][T10988]  __sock_sendmsg+0x21c/0x270
[  620.055219][T10988]  ____sys_sendmsg+0x505/0x830
[  620.055245][T10988]  ? __pfx_____sys_sendmsg+0x10/0x10
[  620.055274][T10988]  ? import_iovec+0x74/0xa0
[  620.055293][T10988]  ___sys_sendmsg+0x21f/0x2a0
[  620.055316][T10988]  ? __pfx____sys_sendmsg+0x10/0x10
[  620.055368][T10988]  ? __fget_files+0x2a/0x420
[  620.055390][T10988]  ? __fget_files+0x3a0/0x420
[  620.055422][T10988]  __x64_sys_sendmsg+0x19b/0x260
[  620.055446][T10988]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  620.055475][T10988]  ? __pfx_ksys_write+0x10/0x10
[  620.055493][T10988]  ? rcu_is_watching+0x15/0xb0
[  620.055522][T10988]  ? do_syscall_64+0xbe/0x3b0
[  620.055552][T10988]  do_syscall_64+0xfa/0x3b0
[  620.055577][T10988]  ? lockdep_hardirqs_on+0x9c/0x150
[  620.055603][T10988]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.055620][T10988]  ? clear_bhb_loop+0x60/0xb0
[  620.055641][T10988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.055658][T10988] RIP: 0033:0x7f9edf98e929
[  620.055674][T10988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  620.055689][T10988] RSP: 002b:00007f9ee0837038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  620.055708][T10988] RAX: ffffffffffffffda RBX: 00007f9edfbb5fa0 RCX: 00007f9edf98e929
[  620.055720][T10988] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  620.055731][T10988] RBP: 00007f9ee0837090 R08: 0000000000000000 R09: 0000000000000000
[  620.055742][T10988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  620.055752][T10988] R13: 0000000000000000 R14: 00007f9edfbb5fa0 R15: 00007ffc2fe10a78
[  620.055778][T10988]  </TASK>
[  622.316300][T11009] tmpfs: Bad value for 'mpol'
[  622.389152][T11009] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1295'.
[  622.989380][T11016] binder: 11015:11016 ioctl c0306201 200000000280 returned -14
[  625.189172][T11028] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1301'.
[  625.429577][T11032] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1304'.
[  629.312617][T11045] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  629.322165][T11045] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  629.331164][T11045] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  629.340991][T11045] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  630.136045][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  630.754318][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  631.178751][T11064] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1312'.
[  631.233806][T11065] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1312'.
[  631.426866][   T30] audit: type=1400 audit(1749950840.509:149): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=11060 comm="syz.6.1311" dest=20002 netif=wpan0
[  631.474999][    T9] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  631.618714][    T9] usb 4-1: device descriptor read/64, error -71
[  631.875469][    T9] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  632.348321][    T9] usb 4-1: device descriptor read/64, error -71
[  632.465840][    T9] usb usb4-port1: attempt power cycle
[  632.814738][    T9] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  632.836301][    T9] usb 4-1: device descriptor read/8, error -71
[  633.124483][    T9] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  633.169462][    T9] usb 4-1: device descriptor read/8, error -71
[  633.316577][    T9] usb usb4-port1: unable to enumerate USB device
[  635.855374][T11102] team_slave_0: entered promiscuous mode
[  635.861445][T11102] team_slave_1: entered promiscuous mode
[  640.409659][   T43] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  640.654513][   T43] usb 6-1: Using ep0 maxpacket: 32
[  640.672346][   T43] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[  640.723496][   T43] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  640.918577][   T43] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  641.266999][   T43] usb 6-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  641.304809][   T43] usb 6-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  641.341085][   T43] usb 6-1: Product: syz
[  641.354513][   T43] usb 6-1: Manufacturer: syz
[  641.365806][   T43] usb 6-1: SerialNumber: syz
[  641.548468][   T43] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input26
[  642.223243][    C1] appletouch 6-1:1.0: atp_complete: usb_submit_urb failed with result -1
[  642.385291][   T43] usb 6-1: USB disconnect, device number 19
[  642.385309][    C0] appletouch 6-1:1.0: atp_complete: usb_submit_urb failed with result -19
[  642.722722][   T43] appletouch 6-1:1.0: input: appletouch disconnected
[  645.159824][T11194] FAULT_INJECTION: forcing a failure.
[  645.159824][T11194] name failslab, interval 1, probability 0, space 0, times 0
[  645.172934][T11194] CPU: 1 UID: 0 PID: 11194 Comm: syz.6.1348 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  645.172965][T11194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  645.172979][T11194] Call Trace:
[  645.172988][T11194]  <TASK>
[  645.172998][T11194]  dump_stack_lvl+0x189/0x250
[  645.173037][T11194]  ? __pfx____ratelimit+0x10/0x10
[  645.173070][T11194]  ? __pfx_dump_stack_lvl+0x10/0x10
[  645.173103][T11194]  ? __pfx__printk+0x10/0x10
[  645.173132][T11194]  ? __pfx___might_resched+0x10/0x10
[  645.173163][T11194]  ? fs_reclaim_acquire+0x7d/0x100
[  645.173200][T11194]  should_fail_ex+0x414/0x560
[  645.173234][T11194]  should_failslab+0xa8/0x100
[  645.173273][T11194]  __kmalloc_noprof+0xcb/0x4f0
[  645.173297][T11194]  ? kfree+0x4d/0x440
[  645.173318][T11194]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  645.173358][T11194]  tomoyo_realpath_from_path+0xe3/0x5d0
[  645.173394][T11194]  ? tomoyo_domain+0xda/0x130
[  645.173435][T11194]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  645.173463][T11194]  tomoyo_path_number_perm+0x1e8/0x5a0
[  645.173495][T11194]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  645.173543][T11194]  ? __lock_acquire+0xab9/0xd20
[  645.173595][T11194]  ? __fget_files+0x2a/0x420
[  645.173629][T11194]  ? __fget_files+0x2a/0x420
[  645.173656][T11194]  ? __fget_files+0x3a0/0x420
[  645.173684][T11194]  ? __fget_files+0x2a/0x420
[  645.173718][T11194]  security_file_ioctl+0xcb/0x2d0
[  645.173750][T11194]  __se_sys_ioctl+0x47/0x170
[  645.173776][T11194]  do_syscall_64+0xfa/0x3b0
[  645.173808][T11194]  ? lockdep_hardirqs_on+0x9c/0x150
[  645.173840][T11194]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.173862][T11194]  ? clear_bhb_loop+0x60/0xb0
[  645.173889][T11194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.173911][T11194] RIP: 0033:0x7f827e78e929
[  645.173931][T11194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  645.173950][T11194] RSP: 002b:00007f827f5c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  645.173974][T11194] RAX: ffffffffffffffda RBX: 00007f827e9b6080 RCX: 00007f827e78e929
[  645.173990][T11194] RDX: 0000200000000140 RSI: 00000000c020aa00 RDI: 0000000000000003
[  645.174005][T11194] RBP: 00007f827f5c2090 R08: 0000000000000000 R09: 0000000000000000
[  645.174018][T11194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  645.174031][T11194] R13: 0000000000000000 R14: 00007f827e9b6080 R15: 00007ffd7bae02e8
[  645.174065][T11194]  </TASK>
[  645.174075][T11194] ERROR: Out of memory at tomoyo_realpath_from_path.
[  645.610104][T11196] fuse: Bad value for 'user_id'
[  645.615987][T11196] fuse: Bad value for 'user_id'
[  646.195203][ T5960] usb 6-1: new full-speed USB device number 20 using dummy_hcd
[  646.643440][ T6440] Bluetooth: hci6: Frame reassembly failed (-84)
[  646.655087][ T5960] usb 6-1: config 7 has an invalid interface number: 101 but max is 0
[  646.663376][ T5960] usb 6-1: config 7 has no interface number 0
[  646.923882][ T5960] usb 6-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b
[  646.963138][ T5960] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  647.209773][ T5960] usb 6-1: Product: syz
[  647.219732][ T5960] usb 6-1: Manufacturer: syz
[  647.233029][ T5960] usb 6-1: SerialNumber: syz
[  647.676054][T11200] FAULT_INJECTION: forcing a failure.
[  647.676054][T11200] name failslab, interval 1, probability 0, space 0, times 0
[  647.774331][T11200] CPU: 1 UID: 0 PID: 11200 Comm: syz.5.1352 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  647.774364][T11200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  647.774377][T11200] Call Trace:
[  647.774387][T11200]  <TASK>
[  647.774396][T11200]  dump_stack_lvl+0x189/0x250
[  647.774435][T11200]  ? __pfx____ratelimit+0x10/0x10
[  647.774468][T11200]  ? __pfx_dump_stack_lvl+0x10/0x10
[  647.774500][T11200]  ? __pfx__printk+0x10/0x10
[  647.774529][T11200]  ? __pfx___might_resched+0x10/0x10
[  647.774567][T11200]  should_fail_ex+0x414/0x560
[  647.774599][T11200]  should_failslab+0xa8/0x100
[  647.774630][T11200]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  647.774658][T11200]  ? __alloc_skb+0x112/0x2d0
[  647.774686][T11200]  __alloc_skb+0x112/0x2d0
[  647.774719][T11200]  netlink_sendmsg+0x5c6/0xb30
[  647.774757][T11200]  ? __pfx_netlink_sendmsg+0x10/0x10
[  647.774792][T11200]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  647.774818][T11200]  ? __pfx_netlink_sendmsg+0x10/0x10
[  647.774846][T11200]  __sock_sendmsg+0x21c/0x270
[  647.774882][T11200]  ____sys_sendmsg+0x505/0x830
[  647.774916][T11200]  ? __pfx_____sys_sendmsg+0x10/0x10
[  647.774954][T11200]  ? import_iovec+0x74/0xa0
[  647.774979][T11200]  ___sys_sendmsg+0x21f/0x2a0
[  647.775010][T11200]  ? __pfx____sys_sendmsg+0x10/0x10
[  647.775089][T11200]  ? __fget_files+0x2a/0x420
[  647.775118][T11200]  ? __fget_files+0x3a0/0x420
[  647.775160][T11200]  __x64_sys_sendmsg+0x19b/0x260
[  647.775191][T11200]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  647.775228][T11200]  ? __pfx_ksys_write+0x10/0x10
[  647.775250][T11200]  ? rcu_is_watching+0x15/0xb0
[  647.775288][T11200]  ? do_syscall_64+0xbe/0x3b0
[  647.775326][T11200]  do_syscall_64+0xfa/0x3b0
[  647.775361][T11200]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.775382][T11200]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  647.775403][T11200]  ? clear_bhb_loop+0x60/0xb0
[  647.775430][T11200]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.775451][T11200] RIP: 0033:0x7f4b6b38e929
[  647.775471][T11200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  647.775490][T11200] RSP: 002b:00007f4b6c2da038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  647.775513][T11200] RAX: ffffffffffffffda RBX: 00007f4b6b5b5fa0 RCX: 00007f4b6b38e929
[  647.775529][T11200] RDX: ff0f0000040000c0 RSI: 0000200000000000 RDI: 0000000000000004
[  647.775544][T11200] RBP: 00007f4b6c2da090 R08: 0000000000000000 R09: 0000000000000000
[  647.775558][T11200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.775571][T11200] R13: 0000000000000000 R14: 00007f4b6b5b5fa0 R15: 00007ffd85fb6e88
[  647.775604][T11200]  </TASK>
[  648.065343][ T5960] as10x_usb: device has been detected
[  648.131759][ T5960] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe)
[  648.552322][ T5960] usb 6-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)...
[  648.694540][ T5844] Bluetooth: hci6: Entering manufacturer mode failed (-110)
[  648.702427][ T5144] Bluetooth: hci6: command 0xfc11 tx timeout
[  649.521500][T11206] sp0: Synchronizing with TNC
[  649.551433][ T5960] as10x_usb: error during firmware upload part1
[  649.747524][ T5960] Registered device Elgato EyeTV DTT Deluxe
[  649.792551][ T5960] usb 6-1: USB disconnect, device number 20
[  650.338154][ T5960] Unregistered device Elgato EyeTV DTT Deluxe
[  650.343237][ T5960] as10x_usb: device has been disconnected
[  651.381389][T11245] FAULT_INJECTION: forcing a failure.
[  651.381389][T11245] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  651.394707][T11245] CPU: 1 UID: 0 PID: 11245 Comm: syz.2.1361 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  651.394736][T11245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  651.394749][T11245] Call Trace:
[  651.394757][T11245]  <TASK>
[  651.394767][T11245]  dump_stack_lvl+0x189/0x250
[  651.394805][T11245]  ? __pfx____ratelimit+0x10/0x10
[  651.394839][T11245]  ? __pfx_dump_stack_lvl+0x10/0x10
[  651.394872][T11245]  ? __pfx__printk+0x10/0x10
[  651.394895][T11245]  ? __might_fault+0xb0/0x130
[  651.394938][T11245]  should_fail_ex+0x414/0x560
[  651.394973][T11245]  _copy_from_user+0x2d/0xb0
[  651.394996][T11245]  core_sys_select+0x604/0xa20
[  651.395040][T11245]  ? __pfx_core_sys_select+0x10/0x10
[  651.395098][T11245]  ? __pfx_set_user_sigmask+0x10/0x10
[  651.395147][T11245]  __se_sys_pselect6+0x27a/0x300
[  651.395183][T11245]  ? __pfx___se_sys_pselect6+0x10/0x10
[  651.395211][T11245]  ? __pfx_ksys_write+0x10/0x10
[  651.395236][T11245]  ? rcu_is_watching+0x15/0xb0
[  651.395278][T11245]  ? __x64_sys_pselect6+0x21/0xf0
[  651.395311][T11245]  do_syscall_64+0xfa/0x3b0
[  651.395345][T11245]  ? lockdep_hardirqs_on+0x9c/0x150
[  651.395378][T11245]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.395401][T11245]  ? clear_bhb_loop+0x60/0xb0
[  651.395429][T11245]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.395452][T11245] RIP: 0033:0x7f3945f8e929
[  651.395473][T11245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  651.395493][T11245] RSP: 002b:00007f3946e66038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  651.395518][T11245] RAX: ffffffffffffffda RBX: 00007f39461b6080 RCX: 00007f3945f8e929
[  651.395535][T11245] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000040
[  651.395550][T11245] RBP: 00007f3946e66090 R08: 0000000000000000 R09: 0000000000000000
[  651.395583][T11245] R10: 0000200000000680 R11: 0000000000000246 R12: 0000000000000001
[  651.395598][T11245] R13: 0000000000000000 R14: 00007f39461b6080 R15: 00007fffd2b27c48
[  651.395633][T11245]  </TASK>
[  652.384388][ T5843] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  652.706988][ T5843] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  652.822316][ T5843] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  652.867386][ T5843] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  653.374580][ T5843] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  653.536235][ T5843] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  653.546457][ T5843] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.559161][ T5843] usb 6-1: config 0 descriptor??
[  653.977305][T11246] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  653.987407][T11246] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  655.511850][ T5843] usbhid 6-1:0.0: can't add hid device: -71
[  655.522152][ T5843] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  655.685597][ T5843] usb 6-1: USB disconnect, device number 21
[  660.830046][T11318] ksmbd: Unknown IPC event: 4, ignore.
[  662.975187][T11329] No control pipe specified
[  670.649449][T11379] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1397'.
[  673.227600][T11407] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1403'.
[  675.075432][ T5960] kernel write not supported for file /snd/seq (pid: 5960 comm: kworker/0:7)
[  675.172284][T11415] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1407'.
[  675.384592][ T5960] usb 4-1: new full-speed USB device number 37 using dummy_hcd
[  676.007479][ T5843] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  676.264773][ T5960] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  676.287937][ T5843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  676.304551][ T5960] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  676.321175][ T5843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 12408, setting to 64
[  676.353556][ T5960] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  676.376008][ T5960] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  676.388517][ T5843] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  676.408318][ T5843] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  676.417144][ T5960] usb 4-1: SerialNumber: syz
[  676.474858][ T5843] usb 3-1: Product: syz
[  676.496306][ T5960] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  676.537396][ T5843] usb 3-1: Manufacturer: syz
[  676.542085][ T5843] usb 3-1: SerialNumber: syz
[  676.595079][ T5960] usb-storage 4-1:1.0: USB Mass Storage device detected
[  676.632079][ T5843] usb 3-1: config 0 descriptor??
[  676.669560][ T5960] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  676.959393][ T5960] scsi host1: usb-storage 4-1:1.0
[  677.153090][T11443] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1411'.
[  677.790942][ T5960] usb 4-1: USB disconnect, device number 37
[  678.852805][ T5843] usb 3-1: USB disconnect, device number 18
[  679.015739][T10626] udevd[10626]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  679.194350][ T5915] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  679.384624][ T5915] usb 6-1: device descriptor read/64, error -71
[  680.054413][ T5915] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  680.295230][ T5915] usb 6-1: device descriptor read/64, error -71
[  680.635406][ T5915] usb usb6-port1: attempt power cycle
[  680.825244][ T5926] usb 4-1: new full-speed USB device number 38 using dummy_hcd
[  681.148124][ T5915] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  681.177554][ T5926] usb 4-1: config 7 has an invalid interface number: 101 but max is 0
[  681.336989][T11481] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1424'.
[  681.839339][ T5926] usb 4-1: config 7 has no interface number 0
[  681.850798][ T5926] usb 4-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b
[  682.001062][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.069102][ T5926] usb 4-1: Product: syz
[  682.087131][ T5926] usb 4-1: Manufacturer: syz
[  682.092004][ T5915] usb 6-1: device descriptor read/8, error -71
[  682.102522][ T5926] usb 4-1: SerialNumber: syz
[  683.346758][ T5926] as10x_usb: device has been detected
[  683.786872][T11497] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1428'.
[  683.808853][ T5926] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe)
[  683.873526][ T5926] usb 4-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)...
[  683.950115][ T5926] as10x_usb: error during firmware upload part1
[  683.973719][ T5926] Registered device Elgato EyeTV DTT Deluxe
[  685.000697][    T9] kernel write not supported for file /snd/seq (pid: 9 comm: kworker/0:0)
[  685.610480][ T5843] usb 4-1: USB disconnect, device number 38
[  685.702383][ T5843] Unregistered device Elgato EyeTV DTT Deluxe
[  685.739599][ T5843] as10x_usb: device has been disconnected
[  685.764373][   T43] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  685.938843][   T43] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  685.997224][   T43] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  686.545635][   T43] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  686.594854][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  686.890429][   T43] usb 3-1: SerialNumber: syz
[  686.959651][   T43] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  686.991147][   T43] usb-storage 3-1:1.0: USB Mass Storage device detected
[  687.088460][   T43] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  687.134364][   T43] scsi host1: usb-storage 3-1:1.0
[  687.174346][   T43] usb 3-1: USB disconnect, device number 19
[  687.605162][ T5843] usb 4-1: new full-speed USB device number 39 using dummy_hcd
[  687.799903][ T5843] usb 4-1: config 0 has an invalid interface number: 93 but max is 0
[  687.846047][ T5843] usb 4-1: config 0 has no interface number 0
[  687.866611][ T5843] usb 4-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  687.918694][ T5843] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  687.974733][ T5843] usb 4-1: Product: syz
[  687.978994][ T5843] usb 4-1: Manufacturer: syz
[  688.014621][ T5843] usb 4-1: SerialNumber: syz
[  688.035636][ T5843] usb 4-1: config 0 descriptor??
[  688.249350][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1438'.
[  688.273687][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1438'.
[  688.327427][T11529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  688.334800][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1438'.
[  688.365347][T11529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  688.408578][ T5843] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  688.453621][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1438'.
[  688.476312][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1438'.
[  688.504281][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1438'.
[  688.526257][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1438'.
[  688.548228][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1438'.
[  688.595352][ T5843] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  688.599594][T11539] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1438'.
[  688.636503][ T5843] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  688.723570][ T5843] usb 4-1: media controller created
[  688.783307][ T5843] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  689.037680][ T5843] DVB: Unable to find symbol dib7000p_attach()
[  689.045019][ T5843] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  690.366035][ T5843] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  690.393980][ T5843] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  690.497228][ T5843] usb 4-1: media controller created
[  690.896626][ T5843] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  691.084043][T11562] __nla_validate_parse: 44 callbacks suppressed
[  691.084089][T11562] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1445'.
[  691.428872][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  691.430155][ T5843] dib0700: the master dib7090 has to be initialized first
[  691.435690][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  691.545536][ T5843] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  691.839135][T11566] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(18)
[  691.845829][T11566] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  691.855229][ T5843] rc_core: IR keymap rc-dib0700-rc5 not found
[  691.861408][ T5843] Registered IR keymap rc-empty
[  691.884438][T11566] vhci_hcd vhci_hcd.0: Device attached
[  692.052740][ T5843] dvb-usb: could not initialize remote control.
[  692.059823][ T5843] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  692.074482][   T43] vhci_hcd: vhci_device speed not set
[  692.079662][ T5843] usb 4-1: USB disconnect, device number 39
[  692.086867][T11578] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  692.744975][T11566] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(20)
[  692.751634][T11566] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  692.763408][T11566] vhci_hcd vhci_hcd.0: Device attached
[  692.844583][   T43] usb 33-1: new full-speed USB device number 2 using vhci_hcd
[  692.878762][T11566] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(22)
[  692.885465][T11566] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  692.954941][ T5843] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  692.990793][T11566] vhci_hcd vhci_hcd.0: Device attached
[  693.037635][T11578] vhci_hcd vhci_hcd.0: pdev(0) rhport(4) sockfd(25)
[  693.044330][T11578] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  693.078269][T11578] vhci_hcd vhci_hcd.0: Device attached
[  693.171307][T11587] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1450'.
[  693.215518][T11578] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  693.234668][T11566] vhci_hcd vhci_hcd.0: pdev(0) rhport(5) sockfd(28)
[  693.241367][T11566] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  693.300987][T11578] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  693.335695][   T31] INFO: task syz.4.1089:10181 blocked for more than 143 seconds.
[  693.347623][T11566] vhci_hcd vhci_hcd.0: Device attached
[  693.377808][   T31]       Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0
[  693.404760][   T31]       Blocked by coredump.
[  693.436383][T11584] vhci_hcd: connection closed
[  693.437749][ T6440] vhci_hcd: stop threads
[  693.437987][T11582] vhci_hcd: connection closed
[  693.452682][T11576] vhci_hcd: connection closed
[  693.454379][T11588] vhci_hcd: connection closed
[  693.462279][T11573] vhci_hcd: connection reset by peer
[  693.475295][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  693.500050][ T6440] vhci_hcd: release socket
[  693.524294][   T31] task:syz.4.1089      state:D stack:26504 pid:10181 tgid:10176 ppid:5841   task_flags:0x400548 flags:0x00024002
[  693.545789][ T6440] vhci_hcd: disconnect device
[  693.571033][   T31] Call Trace:
[  693.573081][ T6440] vhci_hcd: stop threads
[  693.583790][   T31]  <TASK>
[  693.610432][   T31]  __schedule+0x16a2/0x4cb0
[  693.631830][   T31]  ? schedule+0x165/0x360
[  693.633163][ T6440] vhci_hcd: release socket
[  693.650245][   T31]  ? __pfx___schedule+0x10/0x10
[  693.661809][ T6440] vhci_hcd: disconnect device
[  693.674393][   T31]  ? schedule+0x91/0x360
[  693.691783][ T6440] vhci_hcd: stop threads
[  693.702121][ T6440] vhci_hcd: release socket
[  693.712347][ T6440] vhci_hcd: disconnect device
[  693.720960][   T31]  schedule+0x165/0x360
[  693.731675][   T31]  schedule_timeout+0x9a/0x270
[  693.740644][ T6440] vhci_hcd: stop threads
[  693.749019][ T6440] vhci_hcd: release socket
[  693.753933][ T6440] vhci_hcd: disconnect device
[  693.761495][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  693.771938][ T6440] vhci_hcd: stop threads
[  693.777823][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  693.783301][ T6440] vhci_hcd: release socket
[  693.790427][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  693.795052][ T5915] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  693.805509][ T6440] vhci_hcd: disconnect device
[  693.830753][   T31]  ? wait_for_completion+0x267/0x5d0
[  693.841818][   T31]  wait_for_completion+0x2bf/0x5d0
[  693.865850][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  693.871840][   T31]  ? io_wq_put_and_exit+0x160/0x690
[  693.878497][   T31]  ? io_wq_put_and_exit+0x160/0x690
[  693.884017][   T31]  io_wq_put_and_exit+0x31b/0x690
[  693.890843][   T31]  ? io_wq_put_and_exit+0x160/0x690
[  693.898307][   T31]  io_uring_clean_tctx+0x11f/0x1a0
[  693.903593][   T31]  ? __pfx_io_uring_clean_tctx+0x10/0x10
[  693.910725][   T31]  ? io_uring_drop_tctx_refs+0x131/0x1c0
[  693.917667][   T31]  io_uring_cancel_generic+0x68f/0x730
[  693.923461][   T31]  ? __pfx_io_uring_cancel_generic+0x10/0x10
[  693.931158][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[  694.015085][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  694.024247][ T5915] usb 3-1: Using ep0 maxpacket: 32
[  694.030599][   T31]  ? io_uring_unreg_ringfd+0x52f/0x540
[  694.036627][   T31]  do_exit+0x345/0x22e0
[  694.042470][   T31]  ? do_raw_spin_lock+0x121/0x290
[  694.047787][ T5915] usb 3-1: config 0 has an invalid interface number: 146 but max is 0
[  694.056535][   T31]  ? __pfx_do_exit+0x10/0x10
[  694.061309][ T5915] usb 3-1: config 0 has no interface number 0
[  694.070887][   T31]  do_group_exit+0x21c/0x2d0
[  694.075789][ T5915] usb 3-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  694.087943][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  694.093369][   T31]  get_signal+0x125e/0x1310
[  694.098259][ T5915] usb 3-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  694.112778][   T31]  arch_do_signal_or_restart+0x9a/0x750
[  694.119573][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  694.130459][ T5915] usb 3-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  694.142094][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  694.153287][   T31]  exit_to_user_mode_loop+0x75/0x110
[  694.158825][ T5915] usb 3-1: config 0 interface 146 altsetting 0 endpoint 0x9 has invalid maxpacket 19604, setting to 1024
[  694.170582][   T31]  do_syscall_64+0x2bd/0x3b0
[  694.180483][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  694.186196][ T5915] usb 3-1: config 0 interface 146 altsetting 0 bulk endpoint 0x9 has invalid maxpacket 1024
[  694.196826][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.203079][   T31]  ? clear_bhb_loop+0x60/0xb0
[  694.208115][ T5915] usb 3-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 25135, setting to 1024
[  694.219668][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.226938][   T31] RIP: 0033:0x7f32ac78e929
[  694.235019][ T5915] usb 3-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  694.245732][   T31] RSP: 002b:00007f32aa5f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  694.259390][   T31] RAX: 0000000000008000 RBX: 00007f32ac9b6160 RCX: 00007f32ac78e929
[  694.271157][   T31] RDX: 0000000000000000 RSI: 00000000000847ba RDI: 0000000000000005
[  694.288753][ T5915] usb 3-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95
[  694.306135][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.314617][   T31] RBP: 00007f32ac810b39 R08: 0000000000000000 R09: 0000000000000000
[  694.337431][ T5915] usb 3-1: Product: syz
[  694.343456][   T31] R10: 000000000000000e R11: 0000000000000246 R12: 0000000000000000
[  694.359328][ T5915] usb 3-1: Manufacturer: syz
[  694.365233][   T31] R13: 0000000000000000 R14: 00007f32ac9b6160 R15: 00007ffc062411e8
[  694.369720][ T5915] usb 3-1: SerialNumber: syz
[  694.373390][   T31]  </TASK>
[  694.400157][ T5915] usb 3-1: config 0 descriptor??
[  694.414037][T11591] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  694.440092][   T31] 
[  694.440092][   T31] Showing all locks held in the system:
[  694.453185][T11591] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  694.461464][   T31] 1 lock held by khungtaskd/31:
[  694.483675][   T31]  #0: ffffffff8e13ed60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  694.494832][T11591] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  694.507403][   T31] 5 locks held by kworker/1:1/43:
[  694.512544][   T31]  #0: ffff88801cecc548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  694.540377][   T31]  #1: ffffc90000b37bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  694.552390][ T5915] microtek usb (rev 0.4.3): can only deal with one output endpoints. Bailing out.
[  694.570182][   T31]  #2: ffff888144b23198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[  694.707831][   T31]  #3: ffff888144b27510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21a3/0x4a00
[  694.798711][   T31]  #4: ffff888028e22b68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21cb/0x4a00
[  694.820371][T11597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.829659][   T31] 2 locks held by getty/5586:
[  694.846043][   T31]  #0: ffff88803588a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  694.855220][T11597] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.893341][T11591] 9pnet_fd: Insufficient options for proto=fd
[  694.908731][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  694.959964][   T31] 1 lock held by syz-executor/5811:
[  694.977216][   T31] 1 lock held by syz.3.1448/11594:
[  694.995156][   T31] 2 locks held by syz.2.1451/11590:
[  695.004682][   T31]  #0: ffff888011970e08 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: sock_close+0x9b/0x240
[  695.037195][   T31]  #1: ffffffff8e144878 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  695.063504][   T31] 
[  695.069506][ T5812] usb 3-1: USB disconnect, device number 20
[  695.070851][   T31] =============================================
[  695.070851][   T31] 
[  695.102728][   T31] NMI backtrace for cpu 0
[  695.102745][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  695.102765][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  695.102775][   T31] Call Trace:
[  695.102781][   T31]  <TASK>
[  695.102787][   T31]  dump_stack_lvl+0x189/0x250
[  695.102814][   T31]  ? __wake_up_klogd+0xd9/0x110
[  695.102833][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  695.102856][   T31]  ? __pfx__printk+0x10/0x10
[  695.102881][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  695.102903][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  695.102920][   T31]  ? _printk+0xcf/0x120
[  695.102938][   T31]  ? __pfx__printk+0x10/0x10
[  695.102955][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  695.102976][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  695.102998][   T31]  watchdog+0xfee/0x1030
[  695.103020][   T31]  ? watchdog+0x1de/0x1030
[  695.103045][   T31]  kthread+0x70e/0x8a0
[  695.103064][   T31]  ? __pfx_watchdog+0x10/0x10
[  695.103082][   T31]  ? __pfx_kthread+0x10/0x10
[  695.103099][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  695.103121][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  695.103142][   T31]  ? __pfx_kthread+0x10/0x10
[  695.103159][   T31]  ret_from_fork+0x3fc/0x770
[  695.103182][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  695.103207][   T31]  ? __switch_to_asm+0x39/0x70
[  695.103222][   T31]  ? __switch_to_asm+0x33/0x70
[  695.103235][   T31]  ? __pfx_kthread+0x10/0x10
[  695.103252][   T31]  ret_from_fork_asm+0x1a/0x30
[  695.103278][   T31]  </TASK>
[  695.103284][   T31] Sending NMI from CPU 0 to CPUs 1:
[  695.264017][    C1] NMI backtrace for cpu 1
[  695.264036][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  695.264058][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  695.264070][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  695.264102][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 06 29 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  695.264118][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  695.264135][    C1] RAX: f6b571a2068d8300 RBX: ffffffff81974c68 RCX: f6b571a2068d8300
[  695.264154][    C1] RDX: 0000000000000001 RSI: ffffffff8d96e2c4 RDI: ffffffff8be1b380
[  695.264170][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb
[  695.264184][    C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8f9fdef0
[  695.264198][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a52b40
[  695.264210][    C1] FS:  0000000000000000(0000) GS:ffff888125d86000(0000) knlGS:0000000000000000
[  695.264225][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  695.264237][    C1] CR2: 00007f3946e64fe0 CR3: 0000000027bc2000 CR4: 00000000003526f0
[  695.264254][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  695.264265][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  695.264277][    C1] Call Trace:
[  695.264284][    C1]  <TASK>
[  695.264290][    C1]  default_idle+0x13/0x20
[  695.264309][    C1]  default_idle_call+0x74/0xb0
[  695.264328][    C1]  do_idle+0x1e8/0x510
[  695.264356][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  695.264376][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  695.264403][    C1]  ? __pfx_do_idle+0x10/0x10
[  695.264434][    C1]  ? do_idle+0x4ef/0x510
[  695.264463][    C1]  cpu_startup_entry+0x44/0x60
[  695.264489][    C1]  start_secondary+0x101/0x110
[  695.264518][    C1]  common_startup_64+0x13e/0x147
[  695.264546][    C1]  </TASK>
[  695.465936][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  695.472869][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[  695.484722][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  695.494824][   T31] Call Trace:
[  695.498130][   T31]  <TASK>
[  695.501073][   T31]  dump_stack_lvl+0x99/0x250
[  695.505699][   T31]  ? __asan_memcpy+0x40/0x70
[  695.510336][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  695.515572][   T31]  ? __pfx__printk+0x10/0x10
[  695.520201][   T31]  panic+0x2db/0x790
[  695.524124][   T31]  ? __pfx_panic+0x10/0x10
[  695.528575][   T31]  ? __pfx_delay_tsc+0x10/0x10
[  695.533355][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  695.539185][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  695.544595][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  695.550800][   T31]  watchdog+0x102d/0x1030
[  695.555166][   T31]  ? watchdog+0x1de/0x1030
[  695.559768][   T31]  kthread+0x70e/0x8a0
[  695.563864][   T31]  ? __pfx_watchdog+0x10/0x10
[  695.568578][   T31]  ? __pfx_kthread+0x10/0x10
[  695.573296][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  695.578532][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  695.583772][   T31]  ? __pfx_kthread+0x10/0x10
[  695.588376][   T31]  ret_from_fork+0x3fc/0x770
[  695.592992][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  695.598132][   T31]  ? __switch_to_asm+0x39/0x70
[  695.602903][   T31]  ? __switch_to_asm+0x33/0x70
[  695.607691][   T31]  ? __pfx_kthread+0x10/0x10
[  695.612292][   T31]  ret_from_fork_asm+0x1a/0x30
[  695.617082][   T31]  </TASK>
[  695.620439][   T31] Kernel Offset: disabled
[  695.624791][   T31] Rebooting in 86400 seconds..