last executing test programs:

2m13.830478878s ago: executing program 3 (id=1010):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=@getnexthop={0x20, 0x76, 0xb0d, 0x4000, 0x0, {0x3, 0x0, 0x0, 0x0, 0x4000000}, [@NHA_MASTER={0x8, 0xa, 0x2}]}, 0x20}}, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = socket$inet6(0xa, 0x3, 0x20)
bind$inet6(r2, 0x0, 0x0)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x5b1f, @mcast1}, 0x1c)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x140f, 0x1, 0x70bd25, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x7, 0x45, 'sa\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000840}, 0x4084)

2m13.138204553s ago: executing program 3 (id=1013):
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000180)={{0x1, 0x1, 0x18}, './file0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000280)={0x9})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x40, 0x200002000001, 0x0, 0x2004c8, 0x0, 0x0, 0x68ff, 0x5, 0x7fff, 0x3, 0x400000000], 0x80ad003})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m10.545618481s ago: executing program 3 (id=1019):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
gettid()
signalfd4(0xffffffffffffffff, &(0x7f0000000300)={[0xffffffffffffffff]}, 0x8, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$fuse(0x0, 0x0, 0x0, 0x919009, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @local}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
dup3(r3, r4, 0x0)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)

2m7.770146702s ago: executing program 3 (id=1023):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file1/file4\x00', &(0x7f00000001c0), 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
sigaltstack(0x0, 0x0)

2m7.119411485s ago: executing program 3 (id=1027):
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000107000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffe58)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f0000000180)='fsi_master_gpio_cmd_rel_addr\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rt_sigaction(0x41, 0x0, 0x0, 0x8, &(0x7f0000001540))
syz_open_dev$tty20(0xc, 0x4, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
ppoll(&(0x7f0000000200), 0x1, 0x0, 0x0, 0xfffffeb2)
write$vga_arbiter(r3, &(0x7f00000000c0)=@unlock_all, 0xb)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x4e0, 0x0, 0x18c, 0x203, 0x320, 0x19030000, 0x410, 0x2e0, 0x2e0, 0x410, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x20, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0xe}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x3}, {0x2, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x8}, {}, {0x16}, {0x0, 0xff}, {}, {0x7}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0x101}, {}, {0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x9}, {0xfffc, 0x0, 0x0, 0x6}, {}, {0xfffe}, {}, {}, {}, {0xfffe, 0xfb}, {}, {0x7a04}, {}, {}, {0x20, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb8c, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {0x3}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {0x0, 0xfd}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0xb}, {0x4, 0x2}]}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x8001}}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz0\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x540)
socket$pppoe(0x18, 0x1, 0x0)
syz_emit_vhci(&(0x7f0000001080)=ANY=[@ANYBLOB="04040a00e0ffffff0f77"], 0xd)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
write$P9_RREAD(r5, &(0x7f0000000000)=ANY=[@ANYRESOCT], 0x100b)

2m2.867487808s ago: executing program 3 (id=1032):
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x28801, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0xfc, 0x0}, 0x800, 0x0, 0x3, 0x1, 0x0, 0x4}, 0x20)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x380000, @rand_addr=' \x01\x00'}, 0x1c)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000300)={@dev={0xfe, 0x80, '\x00', 0x28}, 0x0, 0x0, 0x3, 0x0, 0x0, 0xa4}, &(0x7f0000000040)=0x20) (fail_nth: 1)

2m1.768993372s ago: executing program 32 (id=1032):
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x28801, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0xfc, 0x0}, 0x800, 0x0, 0x3, 0x1, 0x0, 0x4}, 0x20)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x380000, @rand_addr=' \x01\x00'}, 0x1c)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000300)={@dev={0xfe, 0x80, '\x00', 0x28}, 0x0, 0x0, 0x3, 0x0, 0x0, 0xa4}, &(0x7f0000000040)=0x20) (fail_nth: 1)

18.326565345s ago: executing program 5 (id=1245):
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xc, 0x2031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffa000/0x4000)=nil, 0x4000}, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x8110, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
preadv(r1, 0x0, 0x0, 0x300, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa07, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @local}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050)

17.012043956s ago: executing program 5 (id=1248):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4138ae84, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x6, @empty, 0x8}, 0x1c)
listen(r0, 0xfffffffc)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x100}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendto$inet(r1, &(0x7f00000000c0)="1c", 0x10002, 0x0, 0x0, 0x0)

16.42959808s ago: executing program 0 (id=1249):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x22, 0xe4}]}, 0x10)
r1 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
brk(0x7)
sendto$inet(r0, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000180)="df9156dfa2bc9adc3af2f785c9a20000b25272f55fcc22f19a4988df936e54de3cc1740c2bb8f230d8bd84276541c12fe96c9b6f0239c62ce08d48fd3d686f6c5a139e1047cac1e4d76d59e98ac7847b8c110a4731af82ae9416c1648e394625ba8c83e665cd7047af7fa2784322e0d871481568e026ae25d8ff3afe7043659b92bb33300e747fc61bbfd0469cd80d49118f32a8", 0x94, 0x80, 0x0, 0x0)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x0, 0x0, 0x21)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000004200)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0xffffffff80013248, 0x2d, 0x0, 0x6, 0x5, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f00000066c0)="a062030607792c01386f28a428828947de99f79cc542703d923c7cb9d4e1f6fd95fbf2f747ab32f6fb041861fb3f87a88cb85405b4e73c0b6b12c81e42a9f13d82c32b7ddb172bcba1aac5c38f083747ac179f08d4d6d342a87ba8dd9bb7a9680f27433c3357b4f6ac97b19a973592f1ac6e7853a0b15ba42a28efb9cc30b146346b546018966e94976ca28f26a1950dd64c0adbb0c2e09bbd9caa9e7886a2b3d6e2b6d6616b718f1322ea2881ca59ef73948b1bcdc2dd3970e63cbc1043ce42af0ea1f95d17268cbc3ef062c8c31a537e94a20c1c505a6022d5ece7f51bd9c754d8c47cbe80bbb30b2159991a94dd3a25e64aff8a7a17374b5a71e0c7c241cbfd7f084e18a50bea512ada902210a3881ffcd42071ab09c4d80139d8980d6dc5d12c2595ced445caf22f80d8fb1a4c243da47fadb8e28e9c04fea820a8a2f032f5adff8b7d9269e63db68d196bf7f416405e52b6b8abd8bb9d9694b8b5eddae348209963738cd9710bd6c291af1c8eaf0e52d2f2f24bef8c8bc9f77eed40104e07c8ee1b4cb358fc73e2653fef6232b5e9f5d0be26b91a0b7967ed5e3bf10c449424ff4d11951d963677001d9576425d6a9c4503268a407d74854f5e1caacc0ccc463dc56e684db1d80b370da238915579ab82cdbd7d155adf10b96ed71100ea92834e8a4e4f5b7b831bff6fb4febe01bb398ea4065446f277f107aa3cc06e0b7a6e98434bf57744ba9ecb8effe704d7f852e16bc33ac113649f7540b7a7a67cf5493b400ce06e571d485af1732938b79ded4de7dad97a7e1c0be7bd479dc264647bb76503168423e3f6fc95f8ac8ea35e39f476ab54e88286fcf73eead1f794784465592fe4ad112ac63bbc3b3f35b87c40bc5fa6e3ca6cad878f9772a61a23aa00491a9e2442eb90a32af2bd74e99d075bcda20288bfc30f3b00a7e8e1a0b4791573abd65284bbb53e2b7d667239b95b332dd423e4d7c512de559bd53fde5285add9795bda81ec142620e693af9c787a4499dd76ca0d77d9c7c4043e537ec6c1cd0b9a642b12adc782a0e00f6c1ed7379d5fff4c2feb19182db977f657b195e4710ff00f78e35a146119897495b0e1a0068a6606292ee72bf65adcd2cd29b4e59a4b3f82eac77d5254013d03d2fb2511975558906741912d09304f0d4cf08c8f62690c67968c869f75a4025224d8e84baf7a42e01b4ecf7e55d7c45839778c2266880d1bb73e3aad618d1a4f8d5a16914d64d70438a88512649fd4caa90506e5a2d58a33ecaebc9b2e5f8a4fbeca57c829ae02fd2dc146e939c3d295ada7df4a07e74b356c6ffd7a9c546b9eddf7e013cbcb2b57ae0d225249f7e06a415681d9f597a060fd55e39bd56f04b863efeca458a0cbc54b660db50ca40d27a3fda3416860e691cfc780593f06b467700968bb918c32547e378b14b4e0dcd11cb0b2fb36ea70946ac62290184b4eed38b51c322a75367b50f558e063bf363341a17c28ddcbf9ce53da06f26303fd156423a25f686809bc9845a78e0cc3d94e04bc8da85f22a4a8ece2c4ac2c79e54dcc4eabc61e067060ad880377a71fe0c2c0305256e4f3c637575f086e4ae3d7ab5d106fde03d24c47dccba3da23a244c1f50a4f60cd8d71b77390c5ce6d5612fd0260a2f33389b064ae6acac783eca62874232fd3808fb2188151a43de6cebc7e245106183f7d929f1eeff6f972da3e3d967170247925fb0f04bf38e88d06321f9ff9d2c296553d842b69036a2b6de2aad3879aedee723ff00736f7b0dffe6182104105ff0f0b636f5192d6bb5ae7ef950825827d2f3d6285d83aedca3f31474e0ad50ce6290a0e546c30d900e5b4208ecc8b3aca0ba3d110fc3c0a7e004a53e5d0ba1cc1c2bb42c3dbcbb4ceb6674151932ae56f6b03cc34ce450c292fecd2456ddcf42b075e6fd49305fbf265a36f3cff61321dd60f16e844089d659130947672a2d059e04af9ef653e8afec926b5a5d411f60a2a435437095a1df8dc60a616bd1a1ce7b5251ed8f905becffebd635eee8ff0055c40f146f1350a406b853ecb005c6ede4dc270ce6751cff915aa27f5f6b0736da14c9949de599d57868c29cc97ad03bd89502a34b88ad29c8762d0dc24a6df759821882a32e70531cab51fa1752a4fc49cf0706cb24d203174b2940f29ef8b0ce65b40cfde4e0c7310c685cc8de8384e485a951192fa8c36c11f9b88a48caf027dca480caa4fccae70ea6c837eb82f926ad7691c7709f217220d71f6e374fb8522a84c118b5c25f3d56acfb25afbe676fc9e574b6c5a59c00a0bbeeff61fd82a1677f3da9bb596133db491a8f11b945d930c8a67de9ce80025c764d518efcbae25d9194dc96c31ed02c63b1ac976715f7233ffed7cb6e929bbb5afabd34bc37c095acd0abbbdb1ea48e40a30ac99550f0ccca19ecef5acb2604c48fffb53b352d114fac72d6fc019ddec558406668f773fed9476148133c0f9ca4d1fd7e70dd04bfa089dc57e5940f29a5fd33dc79913ff48853794fdaf891d71de94c4a4fed0544e09f2bd578b07003031b8602f08ca8a79fa5ebfd5477f4d4f031c3efe0db273446a99d0cbe21a3cf43f3b82774e4657bb4f9675adbaf71c52953f0b18a61e05a9c770536fbad215848f8238e8730b9085189ea4621780dac500d7d7dc7815b45e232f86592498f1515ac8c50306013524cc5f0a74b67bc85d435d332ce69f00641c86a3e91be84b78ac358f35b18d69679df4197d3be8554417cf44aee6dc623f68ce3388df18168efa1c87c776cbda792f6110b6af178eb8200a91dfb72c1e23b5e5a66b5a3ee3f4c2bba2ccac939dcb036006b86e894093922a95fd70baba9424a3d0327a0f209fe10b39f3cec3f669d301a2834e58fd56f94d622dccf653f08e776c9f3e1b0e5b3cdef133834b93c41c70438d51a0b127262868d49ca91623c3d8b75c2cce0b771b9ac941bb96029e782224a3686a7c0dd164e162ede667e0e5817e7bde85ad3bf30a6a5bdc420f751679be74a02f84aa93b971c3f45a67d155f7ecb1d5284660918dbf102bc16f496fb62a1290e6b88ddaff55740583cba13076afd623276634e0c11663be50766980949095003ef5bc6f90a98bbad436b67928513e70115224f672ca2a24e27bb98bd5288c49ea23d47ef13c5ff28c43ce53ca16a6caeccc1f601226253c4a38a88a93828f6c800547cadbaa6d7ad26db618cccd38a671507cad5ba0065ce2edba81a059b95c36c5d04ab456fd6fd81ec3738ebe546d973c0886a5e7b83dd9c2f58f5d6c19519e67575b3732a486555f8d8c4ae004a62e8d07ab2c8ef74cdb96aa99d75aeb1c25985996f281d71106910a3c3da17de35e04dbe00e2b7b75ec2fed177a7f2d04fbf68bd0b8af682b30911867d4d1497ba060b662f4e97a8e7fd3613015cc34302377497cd08bcdc29f06dae240820d2ccddbf8c95c76a4ba5d3e1b37a62369ce3f79fb74ebd9bc82c3fa3edad4034b6715c2853fa7781c974b5a4e541e8b69bf4bd653fcce4e4340d9409fe9112e4d253a3b7e9d43f4426127b10f2d5d3fcd2193490f7d933e0cc53dae552f2d7c9d77b8f9b27c59105cfae43a0aab314a0820fbb5684bf20986e3be215688b42938d272c4c0edd17bcdc84a514d2483456d6cfb4f5c1218859ee55bfc77da36c9c75734932a12fd03df38232063ed92024f8ee7c21f314129feb10670bb4d6a0ad4fb3dc57a64cfe6509a0770650cdec0efd5e0b1fd29433cf871c9ddbe648319bd481357326ac1eb32b4bef4ad89ab6122e92dc786decac88624a4a3963ae771f8023b9a92e446114764c53d7efc07e3ea77a9daac5cabbe648a223e249db62102ef7b7b6d06df46b6ff913911b89848a47aecc0563fb06b6d77fe1daf4541cf619105ab68e0bcdf7a05af22b0551323bf33dec8167df2b7fac62dc9e286dd3462f488c82ad194f7fd5d3ca72fe9c0c37cdb6d75684326e5cb30319ab333fc70bb197320acda161d2e685e78ac2cb1417223f64742b12a316d590b18a4173b2a105a381baf6f383ec2e81d04860b5cc536475d7c5d05bd6a7db1a5d93930bacba8c1de63707bd24785e19fc1f15ba724660ac00d0f2ebbcd5528b8cbe4f3ca332e8611e937a310fc79d234be6c1cd09d6a5cb06ab36a9d667188144c81f86aaf0851763573b36cc21462ba4f3d6e95d38d1e9b943085661d234ef6d079bc9d84c7447c85baba88263451ba10559e1ce326fee5074b26b54872e690a9a1e589e1c444daa3224b292bf9ec4a604dc512760084084f27386c89a1190b8905f0d720508c0ed69272f396725805480188aa4602a26e833c16aa5079c0577a8203ec0b2b929ef3b410bb427c168b7fefd1be652f06efc61c7a295a5d07a9fd61bd5bfe67ac5f74e485a66c92950a1b460257084ca3a3489943ad450300967234b487fa3def4010f9b715196562ebb0846b7ac3eba47646af6285582b4402f64aa684dff7d9cf81fbe1aa88959f7906f06839389f2ad56efb5029afe1d5ceac99a3e698f49ff0da7db06d7c9e94a8773a13fab93def139667b4dc6b741bd2769da7786acecbe315f9006bb6b72abe5bdc587d8d5aa8f67aaefef68197fd2e7874d9b7da2c3a5618720c12e8fc31db3e334c47abcbf10c6181ec14af4f9e90e19a35360a793b1e9b336e49b3ed67568a860cd4c298f967ba323d315821959629e5b7aaac367e1ddb8a1c5d61500afa69331a4c90861852f533657b28b97a343bc531a11ff634b157a6d859a35f0d2a595375e11a32457575f1d73da033bf5eeda12337b9fdd46bce192d3aaaa240a8c65bf47704d6aa64a9531f9de14a96fc9fe380db35dd5ec52321c67fb4c18abcaf22fbe8f602ed201232251317e1a1b71e1e2c924a92d84685de348eec97fed954b7f6681ddf521b4ee03a1aeb2e446ee2a7f4dfa37b1c53831139fc624c14dcc4d144ccdf758fd9f344b4cdc1df70f6a24fa78cab136c912d1ebffa7053ccbc9b9445762236dca409820f738370117d5c369dfc50fd42277f14eeaf29110aedcd503008c42914d04e219a8b6c01e337d04724919b07157e2275ba6365a9dba5ebc8019bd1aa1b8668023f64cf47e1b49b4fbcfc10d560bb74405c90751504db8100d8a8a1a3ff84d98f1262fbbd6b962f492b9531a7411c08e7e56eb0f838075f754b6a395b6b58a8e4c47eb46bfaba2ac94800a396749d18ba0e6219f8d616ec71a1e60b3bcc24e19d4a20ddbc6a871e6d7efa50a362610598d892a5adecbcfe217534deee3620dfc88c7992ec2e710e083ef0a50c20621405f654804d1af4f24d22b8ca48f26303e6969127a74f0b276a5624c3b84410d4d5ee3c62605876e60a88df2bd6e8db8c7e486fdb452178563e7add6bc126b721b9ef8b12181989b87031573a4010d88e34f15a2344e4808b74c99ad68f0c2aca4e8d504397c03e1328c4b1ec43fd902d206c3cfb63d7541ac57fdbc70b0033f87514286101231fe7e79668c802e1c23d61540cdf13a5e675b736e221ddc29ab747d9c64f6213f51d3c1ded2e2b0efc4e45183d90468f61ec1720f7a0b87947e2c54125cebe6563ee4415d886bbe869d17d36371c942c11db1e13c1dd40ed24cabaf7ee80eae6c4db934e982d9619d753dcd679c5650cd95d21582e31b259043a0d03371cd294f4cc028042c75070c9b534a2d79f164ab9d773295795280d1584ca664b53b263fe2e23534d27b0d85742fae8061e03187795129dd272041c6eb9c10c3406da1f752f4ca697bdbddd74975cd4dbba5687fb30ac4fd5d2579494eac73053a63821a852cf41a80f6668006f7e1c4e30b48d638ebab470c558d42baeed1adc8fc71f73e95f3ca212a4b009b508e89898727f805685e4e7650a2961d62c117d1ee9017236a6bffa0c36ae11bc52d346c83399e43c42cdb9f443aa307109a97ee66ceb7a29eeb2f1a2bb3ee1492229116db07301b2aa4126aee7775daa2d0eab4d206fae11b3c6b565dcc4c7b4dd1cf2abec81150d0629803f6eb221be384b8772fe6d6c4fa98c928a9d0a02e9ff8bb7a2168dbebe140323d93bee8983c496bccf752c372b795a3493624cefb3cfeb4307bd39826cac1ea3f18912deef1b8c8db30bc016990a477bc0a925fb36453a9e21354b2d7e6e3d4ca4dd20f27a8db05429d44b7a485365191dc4ba977a815958faf6434813a9f4046054763dd55dbb7fae892b746e169ae046ae3361a9f75cf622b03f75b1633da864395bd1c3a594fab0b1fb37f088dd1f2776e2b795c78635c2026a8ce7ff40968a1960786049a217dd8872ac0c01f4bafcf2d3d751dd46a5e1bec00540a9ca7afca3ef37575d4a8b1291d05be94913092890a9b4bfff39edbff307e5654896e79228777c0f8ea46c55bfe19e522bf457ab4e6b0167d776dbcd0160598370a12c4a03e4edc82b245a7608797b03d4ed89dfc2a5bf07b9fcb251fb8608553f3b3774818717a9aabe6b2ded811515ba454b390a6065bbc59552f3bfe51d38f139792e1aae60093a7c5770b52a1730feb1049c14a7d5261d644f6b738e22ee72aafa422bd93f61e1ccac0a5ef4726c66f61bb539acb937bd63da82c700c0860be90ce5621ced22b52b63d041266fc258fbfa6641aef22e97804e5138ad2ce4405eaf76bb0acd7fc61b2d6de4aabc5c28a850fcf219cff77c97d3cb6bec0067c171b912d11d82c56cbad56c0032a9657d4cdd1eacaca53f40f5e3fe911127e1cd30781351f180e1413933cee2d46ca0eea31ee01fe4e99a567edd0b10565d47b87c8a48366143e889e52d0ff13c920aea092c2545fa9b7056204fec156549d3c0a997bc1cf4a01338483bf5c69d6958ae038f1c3e3b84baeb2c1f9e064c0750602c34c6c483c316391d975f94f21f6dfe74e92c33228b408a9e2b9abcda33c497abba9c48a63e5c8f1a8d0f4c24d36a44e1601e8a09e8a5c7179bd4c44b17e542dd99cace87aab60a5e53325d544c991b6fa5deffa49fd886332980deeca9229cb2f67f495a7b743153854ed81e1623b12dbd65512d08a5732fee2db3fb455cf6df5a1701a2b8674633c6792162dc86ac76e30da225b0167a7e704ad33ba694f9c902afbeed58eef609874767053f59414d4d3eccbbcdbc7eba997c71f9b1f5139bb020d5dae1db6e2dcfbb51b5371b08bdbc3312b05ee6d8c03c8b5a7d4f23da45f276394f222b1a0bdf4e2603243cdba60ee0530387c88bb457ca9932f2283a4d55bb1195e6d325ed93f714e21908b1baafa467f1cec7fa26e5c384ee6828e77978bd1abd014de549a5e5966f2b2f4ba000f9d77f1abfe3a6c337cdb852c1ec59f61b63d543f3062dd2616a163ed7ca60168b0347b5c5646a678dafb4c502c333a0a48f0341b47f5c5946e42e571db0bfa0682a449ca64e71b5661a842975182399245c6de241512c67ac918d7e0c5cb66565010e881b8333567ca584321ead1c383b099d8bf1c56dac08cb218cde4226ad420d6d6313f9c4884d6394722304fdaa76e61db8c0d54eb1151344c41ce1130272928eecb2f9f0f23c752622374eb1223a80efcf0b937dff7d813d7be0340226c0a7b163741d9aecafcb7ddae5a219323323f621c802be82399e06d2e1cc582e759ffa303c5103f8a44d7129d2853b02e506abda57ad2836d7ff16f95232149fbeb8b62e586d3536bb4ae042ecd9e25d1dee789353071f9c89d4361000c47b763556e8902f1f25cbd8ae71679e03ff27db0ec75eeee3fccafc7fcf22c377ac60d3c61a43cb53abf6162118f2efc86a5ce80e69a02bc1db80018beeef6d567941232e4412a958ed012bf7a832c1eaf68134ecabc4927ad666b3d0f21d4e8d52fa37e0a9751124efed8bf47544299138a6f69d89e295677f12606c79b72451c263fca3eec22bf0c47c641159a0bbfb3b2b03154af533e5c06a149e52adcfae31bfc55f30064a8903c8d3b828d275a937b1e4adffa0597da5e253b50bd71b33f057ffeff0b2a0829b3bf33350fbe67c7c79034f80d69e6a21be495a848d328f416f15966491b218eab390544e39d498258ad80ddae248634c845cbe6f1c1e93e7c2b02075411e075fe936bcc75f4a4e1a3687cb3dbbb61cb31ddfbbc87a1859b3a48fccdd8e5915c8bf4eebe8f7093cef6a7a91c8682915f9908c854c483e90c9643467292884d284134dbaddafdbc74d94a5f9713719d62b4f6b4236803d210181847ca27129fde264156895f4e1822ef78a3b215ef56d7e36d2b94c93f5e931a0d13a3a3030061ce62de595eecf47eae6bf698530145757700df18f66fd7261a12c119d6679663b3c0f99d1705aebe66dc862eb21ccb7360b93f54507149b577abf521113991e06f345e8282fdc18de673e1ca7b188ee34b14f37f86ddcf97fef0b913c33cf8e5d5d33707dbcdbe4b27cef056670252f186735cdd02f6ed6bfe5318a704f00e34ffc4fda9855bf37c51be6a7423e44dd8a98883c8fa82ca37c90d681fb7a0db915576b50e49aff545b99aa3aa6343b814ba0bf64e53b2a1edcae2231bf20d65e4bb4da6dc8382120ede652adfb7c30a46e0ee784cbde74563d83eb8d89a1573fa104fddca9d4833c49dc904bda905426c7dee3e48b596c8ee201bea57fedb1a0649457eaac3c5b5f4519af3adb66f10b861e711cd4034448890e15047c2f8902588268b5645051f3f3968ed8d630e050ccef0d01b61ffeade51e4e72d8fd46bba4c20009396e984c424d174934a67a1930665fbea04c809e7cda0a2cdfd3a14d6b99c3a8d8b3691825830456876f188ff871fc861e4c6a0ca377dc1f0cb0f929f7eb1f5da045d9a588a393312acacca5c5a3b15bb1b488b08fc40ad65ae2c1df187eccd8377525a81d80df57579ae52f775fb2efdd172a41c370300fcc594c2635dcf50e9eb9d34fa8b4bbfd13078422e3a7734a8ae6cc09e39d07c7ee19838f8da4cbafe4162c8f8dc44e284840bd0a5c80bfc657c22e37e0d9a96dda34a51ce616c9ccdc95955cf85d93860da902ab30f11aa333eacc25c47981d8636038761ed4d84fcbb0ca92dd2e07863b9505b451c3c49e36a172527578123049ff2dc2b4e258a3f698a12ca4705a6fd0ce6bc4f1767b4d9c2e57c9ed1388527964ac96ff5e4cf5ad6fdb6a853b43905df32af8bd788b520fd526cbb95195a1bc00d654cb080acdf67938517a6cdac741d86730358be16465b4e1301f47f6a444c4e8d2980b8bd98a8dcd6617cde0b287e2d1f59167b5c445146fa49728111b8a2729428cabd02facb8fbddbdb2769680f288648d6baac53e0d909335da3e2b4c13ebd41f32820c9f491e9124ca444a0532f60e2816e15a5810baa91f64454aa355f9d362c7d1a461561689d08b1350a216b6f1bda57aae0706b3710a1b8e52a7e3084e600b5ee3dc540bba0c16267d549304a7840659a32e40070715c9bb912792d4a7b84fa06e73b9ddbc2f06c4edc19d25f5a198c7e3fc6226842e6215da5d826fcf5949612889f78e9de39d4e64b86b7033b5717a21f8f2b81c799a3fc0bfe6f5837b252eefa360c91a6148296bd19d50a343d909c1edf5261e70c8dfb2c488940cf236941ad3fd01247e37902a4bbfdd1839f7c92c260a2c494022fac08629303c8e54108d78ae2c94289c7f998ba3b622b48931ee7c17c59f5499d282467a1b8050acc94a0b17b21836c80b69f519b9b077d18e33c027faad562fa09f2cc6120f8cf5ee18cf7db9d729ffbb9de58885713215b7aebb8c98d9fa009be0a9ef3ceccdb2b31968db555b26c5c94e382d06ebf6d356e8caa85def5813dd1596d823924c4fb63dba5bd094cb64f204d1e59d31287715f831a1f0be95d8749f2166ba0b0b6b64a37991be1fe1c1e922835f2da0c074ec9413561d52166576b1c4f1e18f078dc046d1c284964b80217b55c59a474740c3649116b33e927479736bff6005859c7c00598f22cb8eca38af802f4c86836e8330492ac7ef3707890a8ff856dc7786ed769bba75b18484b257b3b022eeb51aa720639f79e6e6bd3d3c9a61f7822abe562867b4693f0b2f61135aaeaa510b31112efeec48d2602c6d4f2ddeeb51bb03ab18c18d8e127a37e22881febca47742b9332d3f2251003b1a46c40eca111d02446466b669568c70971bd33254ca577777f126f86f8a3665f065b645ff261e78e0f532e83a81b99c5de3488de74ca82daa0e4e7404eff911ae955acbb800f9f91b774e472bc14aa92817b6d85877b1861a6ca92c03c83b6f1490068bad8eab1f58c9e91e1029683de2ca45c99966966031ee86d8c9995f0612480e2a6d5396e8ae361d6fd2e24557613a1191f5019d4c8078628013512ea3a59532efffa6cfe4970d28d8c7aa8c866c4275ff2b0b4ef1a7e56854d7ee4bc445713da9349d13e30a4a802cb9db2f10280fd9ea043b5b3480441e8ed2d907eae1259befba9d87a04ce42b0010c70af157b90e0bf72549852fd122edd6cf3475f76852b13b4bf887cf32e25ad34aed7fd5a6e97b307f9b4ff1c07b2b55beef5ef3dd96eeb2a57720c18209d911a55341cee67e6ff577f7acaba01c2c9690b15a3b8aaa5b9d734196467a8c074b2eeeb5ae931ddf3deb15b1a8d603e72125c2e68ad206f2c4252a659f8248ff882a8e54126ebc0c77a46101072272460e683d465279a3695be6b64c9eeb4a576d95fd520be42eab5c95cbace0dfd80e2d67bab9f683a1cc9c006c02f0f90a21a0f51218c628f5608fbf1abc79aa63452bde1002383033578f32980e3779a8edeb226f6d3f9b36d8f07bddd7479b60346a4b4fa883940e3aef8ad8d834dad4405960a4409a6255e8753d0c0ad0960ff3ef48ce93fbe6b165e86eab36fccb8b989f5b54e6ccaa19749ff065a0a732d15c41b9072bbc6f07e1fd5a3df2775874e46b61ed50714e8c403fbed6884ec06f52ab71d2c191fcc56ac0b17ba3c46d2dab3e11c79383bd8867ff14b5fbca73b9ae594b6a09fb73a2e8f15aee59150e8d6d3dad9659025d045bbd1b9ca257c67bb78abe8f7eb9c8b3bc32951c41f7390bacc8c7059a2a9b078ab50413605aec604e4666a6ace765b0e7ab558fe6232f2703d07811e3d0ac5bf9434e87876e99250ee9db6527a8ccb4a3ee3bde738563c9746f941cf2cd7efacdbd2593cafdbe5171864b2982b54dc5a32c86638c0e650a331625033b8dd65851965ae791880349d5cd52548f4422a317f96ed79e7ccf3bd671e6dc70365f521c65206386eb1f99570a544d11b3d36fea285f8a3770ca303a965a0c1d598ebe3696e647be734ccf760d3d47dec75e236d7ac08019b6622a7b9f08bc8f0937ab75e75a047a7386befbd56fc4b2f89c852dadce8df946cb3fafe4eed2678caadf1a913ae32b2c0b8a37984cb700343c5e24609f8c5ddeff5e653837a9332a41c8e21466a13d79224125d5f6a4fef79b5adae7f4ab7d351c55400545edd3c00637bd27164828925e9bb5d79f1f1e6eb3270ab799ae38772f779565d92c47503de695f7aad7ddacda6f6c71e755b3737231b64715bf07849d3466e4f92239f733436ce674389bd16900", 0x2000, &(0x7f0000008b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x90, 0x0, 0x0, {0x100000000404, 0x0, 0xc, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
read$FUSE(r4, &(0x7f0000008bc0)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000280)={0x50, 0x0, r6, {0x7, 0x24, 0x0, 0xffffffffc0416010, 0x20}}, 0x50)

16.41818008s ago: executing program 2 (id=1250):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x2f, 0x100008, 0x0, 0x8, 0xf, 0x3, 0x3, 0xfc, 0x0, 0x1, 0x0, 0x4000000, 0x0, 0xff, 0x0, 0xfffffeff}})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x3, 0x7, 0x2, 0x17d, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182})
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x1e1983, 0x0)
r6 = dup(r5)
ioctl$PTP_EXTTS_REQUEST2(r6, 0xc0603d06, &(0x7f0000000000)={0x0, 0x4})
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='illinois\x00', 0x9)
sendto$inet(r0, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0)

16.270242371s ago: executing program 4 (id=1251):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
prlimit64(0x0, 0xe, 0x0, &(0x7f0000000080))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/smackfs/load-self\x00', 0x2, 0x0)
socket$packet(0x11, 0xa, 0x300)
read$FUSE(0xffffffffffffffff, &(0x7f00000024c0)={0x2020}, 0x2020)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004300)=""/102400, 0x19000)
socket$xdp(0x2c, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000001600)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf200000000000002600020007ffffffbd0310000000000095002000000000006916000000000000bf6700000000000004070000b964b01a4607feff00200000540700000ee61e00bf150000000000000f5700000000000065070000d23700002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e0f84f9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f18c30907d7bee45a0100000fe9de56c9d05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f1d5af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8dfd13ff15f852a39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916fcecc8158f0200000000c8fb735fd552bdc268694aeb0743e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6037ed8c85f21ec2c081bdce431e56723888fb126a19bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c921b5bbf7949632cacfdd32b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3738270b315d362ed834f2af97787f696649a462e7e090000000000000045eac1f2014f720e83b7838e3eede14308d582685e1becd6f35154bcb4000000000000000000000000000000bc3af2b170ad3e2b26539cebca8f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed840a7afaab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b4040c1458d0320ce7d0000413a0000000000000000005f37983f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc1cb26a0f6a5480a55d624a0c544ba0dc828c22fe30000aa391598000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac872ade9d1f2ab779b8dbe843aeeda0426c767c00327b8c95b2bb6ddb55117669d9598c0f3598073f3a921c76beceff7e4fbf909a2cabf5b8ea5011db9020823b83abe54346c7af0a99fa077ffe7000feb9e44023a1749eb1d0d572b77d6e0d0fcd74031c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c7108ef0a7e59fd6d906fbc3c9b412e0478cfee4485f423c63f49db43833c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4fe39cc2d292691672cc18ca372104ceb83a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec905000000b13f4a2575fbe943a6c40000000000000000000000000000028026b80c3899543223a6079ee96198b9a326db3be3a48af415ca28ca68c502550044ed8e29af8d763ef9b1f31befcad2ce5394601c7cdc233bff7f0000000000009fb3ad650f77e339768924dfdbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c1ba322fd4d6fbf19e617d51f964727bfd5cc5ba15370f6e1141d2271eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d952c7ad17a58d9be691c334ea35bae71e76e160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1d802af2b7bcf6f8af41933cea0d0343261bccf64ca1c81045153eafbefdb91fbdff9ee3307d4a1837963b2dc2a3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16ebbeeae1ce2baaae05aed6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e529c5bea49cad70e22df522c2803b6ef65df70223c6e22c3433e322d8dbd6e9b040065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d1382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da04647aa5e6fc1a6f5d663380967ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e81fc068fcbb9792b673827fe7018a988fbce55bb74cdb327ced4b77b8743fb3cb72cc280b9f62e4f92f46a19600b802cba88b7d0a938d9e0e6cfe5d66b874c9a0c6c04b96360d6f499d004179e5b6025c0e1050faec7ecd9de190a975db2f8c06a551236278c4766d7e22e3b85168c9851de6266c791252f919b4f8b257b5a786734e5142e4666c67aef5b7b2f88c6640995434aa8636993089c73f196c54ae829ad4307132655b075ae534fa7f1ea9a17e62357b0bd2bd1d62d34bfc1364640250136729ba4f763ff25c33e8acc806611792add8254e705fefd2a44d5b15e3b36f6b75c97c9c04c511d8cf9e24c61c8284a913a381cb1a5628878040000000000000017b68afd95d4abf7920de9ebe1c89661f4adc3d83d72b1b778e30c2bf2efbbcd054cf51f4205ebf9a98a0d9f18135cb1d8d567c3436fa697b72c3b0200000000000079c0b3339debc78352b2e65299223d7ef2bd540e78167b3ac92a4c4f826f6d0e5c4ebf4f7a70c03e2f5ddbebf168586360c3663531eb5995d228f011a10ffc8b17d716b0c528dab6d0c4fe2ee402348104bc5d4012babedee898c6d3e1017be2e9bc759d3ab4d615f5000000000000000000000000000000000000000000007fff0000000000e693e314adf7dc9f517d04f1e6ca367d30d31d3647c6059db6e1e9529eb1623ef99e2d9ac2ab4872f8e784b07a31110bef6d000000a6f9e89e6d50ee06ce716f94da60f1f22d9669560d296287c13c92070000ee7553eb2df17839542fa88d09f000e88a90cf4406b9000000000000000000000000f441d6a6f516c235c6f5863e7f454ee0e16b9aa2593eb31fa3836703e7765aaeb77a8770e518efaa6d3dd85e03b3b133eb749057cea9af75a0e6f633532f2891b8e263cb6eecea691842827bc7c8c0130187081c8d320642389f5f0c42dba0ff68e84d7b130906f17f6aa075a257310f2d92cb1d1e16468949f5675262ee318e735930b01d8f586e34537bcff7d6196f494cdcf3a712078d745db0f5687a78ee6d000b3d171a0f08299b52d207f32e9da311ca090000003a42732808515eec574f892622c5be497fc3d9ca122d7c18b9e54637812c8debc61f0e42d838e44a819b74bce1a56108bb0fde97a02475920532309c55b2c9ae9f281391ec5cc72a5e94cca1cbf1ff01000000000000bdb537a0c52bd45a9f966c25616cec30c3ea3246cb8e6aac7cf273638e6656a3e4ccadc348f0172028c99cc5f6d5c6d09ed65aa54549e73c28b7c8ad06ad3c5e3c27eec0eff1a6c84f1189919eefcee807fc081e004ffb7d3104af00ac92f1080211c4bee74381a0e31021918f27863fdbafb50f70857d52a1f7df51935a80b1980a4778d35f183ea517f55a98095305701ab3f3ae43f06e91bc7d85e3800b46926944fba9805a985e63e53a62232fcd3f01dbe1728f300e247a7ebe344f9749818ff3961b2a42664ccd680a90bbb6ab400e286acc8f9febef64594777f848ed1cf980a3da2f0f7745760a05887d0c28060d613dd6539d392fc21fee0b5131609664b821d7a994e6c5965a4fa1ec1790c54e54586907dcc5e8bac16e79da9c2444420900000000000000f888a94365b99b72796fca1b922fc9aefaf1546c17cbb1d2d2fd12cb1a49cad501a3ca218c595b667b634606c57987ebfb0783a4948e4561d5cda158fe74453ff4a837beeedba483842c57d6005b544b4f80003386edfd3d4a88a667bd41eefe0d808abed08a29e6bc370a80cc0366fb4080bfbaaa946fd47ab662c794846e403950bbc3a48bb276cbb08a8eab145c06221ef16a238e3d50ad18aea9a2cec97d3c2d0569caabe2bffe02506bc9cb7294c5d020536dd5e7a6351642112df3b55d0215aaec7e45598995e79699e47567e353e68b03f82be860b188554b734e1192f9c1a867b815ef52cdc3307c0cc9be05a40fde69c350e59f11f1d26a4d04d8c8b2c4a4d23ec931d14bc7807db773a614b670acf46f83f7c65a0f8d43c5f64705f0d27c46d4b686e867e9b0be76a7978a8f962bb5a070df97f2bf7612115cfe5ebdc7ad0bc5a5f3ace25347d0e5c347279d55aa67a967380000000000000000000000000000000000000000000000ed0942d980c754c6c69ef65c375ad018824f78b260d5f51bc3feba504408a8c8141d84f3f417603b5081680f346ff0ffbe4ae19e936511966965ce268b6345a0001c0f26a32e0a999fc869292e939dcf89b9bfd794f9c12d41959a00688cca43015a9eec58f647796adea520cd2abeb0b55c22949d10e5a05fee4543fdc1e02554a55b5fef2427a6e5708edc38fac53c2f961945a3f83cdf01979939b49bc6b1aef8c733401bbe473de8d64efbe0d123739f387d1c0d9e74f2175c174ada1678c7db79492e8dd0f34e2ccf419cf7f14ffa408b50a52685b36aed14aa22ad928191d5a2697646edc52a1c0c5d720ae690add2b34aed161f51cc1cb424f76098e1e1921e5a405f9d298a8461f2da30e47b7c6ed7c95c84c745f58723e4cddffae3b53b5b947f9435e589f9ae55b30ecd3827b2de5df31976870823da8058c2538c04e397f3d0ef90c11c74da984fa558697ecb57224ce8fa6f79aadbd7dbf3678e74d790bc2ee72769a3ada1dd504f8e4133ce1effd446bc9a2f139e65cc4bd83912af3122352506c7c2191b3705116b2f4fc20d4e93882bdd6ccea97f3a08d3565b0000000000000000000000000000d35fb97c2d7a9374294dcec3da3df9a13c4fc63b00426682534d894caee0b963a3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe50}, 0x48)

16.269374196s ago: executing program 1 (id=1252):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0xfffffffffffffff3)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x189e, &(0x7f0000001700)='\xb3x\xd7,n\x1e\v\xc4\xe84\x04\xcb\xcb#\x80\x83\xb2\'&\xe3\xf1\x97\a\xef\xff`\x1e\x11E\xff\xff\x9b\x9f\x1c\x13w\xd7\xda\x92~i\xf5\x06\x00\xe7;K\x97\xeb\xda\\\t)<\xf4{\x95+A\xf9*\xa0\xd8\x13\x88\xcd\xe2\x86\x8a\x00jrv\xe4\xafY(\xe1\xdb\bF\xbb\xde\x02\x00\x00\x00\x83E/\x00V\xf0\xa8\xf5!_\xe7\xa0\xd0,\x00\x00\xff\xf6\x00\x00\x00\xbd\x03\n\xecT\x03&i\xa6_\xc5>\xdc?\x191#\xf41\x00\x7f\xce\xea]\xc2\x7f!\xd1\xb8\x94\t3S\tm\xe9\xfa\x13\xa7\xe3HI\xed\xf6\xe4\xdc!Aw5\x9ay \xb0\nGoF\xef\xaa\xe8\xec\x1c\x8a\x88\x10U\xd4\x91\xf4\xa7/\x01\x83\xa6~\xcdl\x82\x8ck\x93\x7f\xdc\xdf\x0e\xdc4K8\xe2\x10\xa2N\x91\xe0\xf3\xfb\x1c\xcc`\x87\x11\xc5\xa2\x13>\x9a%\x1c(Q|s\xdd\xd1\x9b\xfb\xf0\xfet\x01\xb9\xb1\x04J\xaf~\xa6:^\x00\x19\xc4P\x80.\xa3\xebM\x13\x03\x13u\xd0\xac\x8c\r\x9f7\x9a\x16\xe6\xba\xec\xdb\x15\xa2-\x9b\xf8\xfc\xee\x10O\xed$t\xa99\'C\xa1')
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
syz_80211_join_ibss(&(0x7f0000000000)='wlan0\x00', 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000fedbdf251e00000008000300", @ANYRES32=r2, @ANYBLOB='(\x00/'], 0x44}, 0x1, 0x0, 0x0, 0x20000041}, 0x2000c0c0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="2e00000010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb440009000e000a0010000000ba8004001201", 0x2e}], 0x1}, 0x0)

15.237353556s ago: executing program 0 (id=1253):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
socket$l2tp6(0xa, 0x2, 0x73)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
socket$inet_smc(0x2b, 0x1, 0x0)
pselect6(0x40, &(0x7f0000000180)={0x0, 0x40000000002, 0x8000000000000000, 0x8000f, 0x7fff, 0xfffffffffffffffe, 0x100, 0x10001000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x9, 0x4, 0x2, 0x0, 0x2, 0x7}, 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)

13.939413866s ago: executing program 2 (id=1254):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id', @ANYRESDEC=0x0, @ANYBLOB=',gr'])
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

12.954789522s ago: executing program 4 (id=1255):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000400)={0x1, 0xa, 0xfffdfff7, 0x8, 0x3})
socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00'})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x6, 0x0, 0x7fff7ff9}]})
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f00000001c0)={0x28, 0x7, r4, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
socket$kcm(0x10, 0x400000002, 0x0)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
socket$kcm(0x2, 0x200000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
capget(&(0x7f0000000280)={0x20080522}, &(0x7f00000002c0)={0x56a, 0x20, 0x8, 0x2c0, 0x2, 0x1})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='memory.stat\x00', 0x26e1, 0x0)
socket$packet(0x11, 0x3, 0x300)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e0000002340003ec060002004e230000060002004e240000060001004e200000060002004e200000060002004e230000060001004e200000340004000000000000000000000000000000000008000200ac1414aa140005000000000000000000000000000000000008000100e000000284000e801400018008000100ac141409080002000a0101010600034000000000060003400001000006000340000300000c000280050001009f0000000c00028005000100000000002c00018014000300fe80000000000000000000000000002d14000400fc02000000000000000000000000000106000340000300000600034000040000080008d322be8899f58fd0412706a3110b6ac509050fbdad13da3ea4174b0ebbb14f4e2f69"], 0x1e8}}, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r4, 0x0, <r6=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r3, 0x3ba0, &(0x7f0000000040)={0x48, 0x7, r6, 0x0, 0x0, 0x0, 0x0, 0x2})
close_range(r2, 0xffffffffffffffff, 0x0)

12.17642839s ago: executing program 0 (id=1256):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000400)={0x1, 0xa, 0xfffdfff7, 0x8, 0x3})
socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00'})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x6, 0x0, 0x7fff7ff9}]})
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f00000001c0)={0x28, 0x7, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
socket$kcm(0x10, 0x400000002, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
socket$kcm(0x2, 0x200000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
capget(&(0x7f0000000280)={0x20080522}, &(0x7f00000002c0)={0x56a, 0x20, 0x8, 0x2c0, 0x2, 0x1})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='memory.stat\x00', 0x26e1, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e0000002340003ec060002004e230000060002004e240000060001004e200000060002004e200000060002004e230000060001004e200000340004000000000000000000000000000000000008000200ac1414aa140005000000000000000000000000000000000008000100e000000284000e801400018008000100ac141409080002000a0101010600034000000000060003400001000006000340000300000c000280050001009f0000000c00028005000100000000002c00018014000300fe80000000000000000000000000002d14000400fc02000000000000000000000000000106000340000300000600034000040000080008d322be8899f58fd0412706a3110b6ac509050fbdad13da3ea4174b0ebbb14f4e2f69"], 0x1e8}}, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r3, 0x0, <r6=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r2, 0x3ba0, &(0x7f0000000040)={0x48, 0x7, r6, 0x0, 0x0, 0x0, 0x0, 0x2})

11.483704505s ago: executing program 4 (id=1257):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c", 0x1e}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cd", 0x3f}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$vim2m(&(0x7f0000000080), 0x1000, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
r6 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000c68000/0x3000)=nil, 0x7fffffff, 0x0, 0x0, 0x6, 0x0, 0x2, 0x0, 0xe4})
pipe(&(0x7f0000000380)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendto$unix(r7, 0x0, 0x0, 0x20000000, &(0x7f0000000280)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
splice(r4, 0x0, r8, 0x0, 0x9, 0x1)
write(0xffffffffffffffff, 0x0, 0x0)

8.511263363s ago: executing program 0 (id=1258):
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ptrace$poke(0x4, 0x0, &(0x7f0000000280), 0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/14, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r4}, 0x18)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x3, 0x0, 0x7, 0x0})

8.358765472s ago: executing program 2 (id=1259):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000090000008500000011000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r2=>0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001240)=ANY=[@ANYBLOB="400000001000030528bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="15460100ef000000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32=r2, @ANYBLOB="bd334590d348520fd6d0897c5c17c260fe821bb172b4c9956c64d45083da078e79a5e1f44a4ba6fc442666d6645a5d0a6a5fe92020a644e4beb7b1bd37d86240446dd4e7d92e39b600cd838e8bf9d12265f4cba5ffbd3a85e488cf0ae1949f03cf82bda61cf79d0ebc1c185579e921d233d76be4ed07cd195a6adaf347e8e89f3be3ff07baadcd161dbe405d58593fb8a912c42d80fac8c1"], 0x40}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe, 0x0, &(0x7f0000000300)="0000f1bcd399b81e1011f5aa5e5c", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
setresgid(0xee00, 0xee01, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ipv6_route\x00')
preadv(r4, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, 0x96, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ppoll(0x0, 0x0, &(0x7f0000001200)={0x0, 0x989680}, 0x0, 0x0)
r6 = timerfd_create(0x7, 0x0)
timerfd_gettime(r6, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='mounts\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x8, 0x17, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000c3030000000000008500000083000000bf09000000000000b60901000000000065000c000000000018010000646c6c2500000000002020207b92f8ff000000002d9a00000000000037090000f8ffffffb702000008000000b70300000000000015000000060000003d93000000000000b5030000000000008500000000000000b7000000000000009543710000000000"], &(0x7f00000009c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
modify_ldt$write(0x1, &(0x7f0000000000)={0xfff}, 0x10)
syz_clone(0x23802400, 0x0, 0x0, 0x0, 0x0, 0x0)
setresgid(0xee01, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r7=>0xffffffffffffffff, {0x1}}, './file0\x00'})
ioctl$SG_GET_VERSION_NUM(r7, 0x2282, &(0x7f0000000040))

7.469394312s ago: executing program 0 (id=1260):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x180502)
ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f0000002f00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000002d80)=[{}, {}, {}], 0x0, 0x0, 0x0})
socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './mnt\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = open(&(0x7f00000002c0)='./file0\x00', 0x1491ff, 0x22)
fcntl$setlease(r3, 0x400, 0x0)
fsetxattr(r3, &(0x7f00000000c0)=@known='trusted.overlay.origin\x00', &(0x7f0000000140)='\x00', 0x1, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e22, 0x6, @mcast2, 0x4}}, 0x0, 0x0, 0x3fc, 0x0, 0x32, 0x0, 0x4}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0x6}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x0, 0x0, 0x300, 0x0, 0x52}, 0x9c)
r5 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x94, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x8da, 0x2, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x3, 0x0, 0x2}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000b"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
syz_usb_control_io(r5, &(0x7f00000001c0)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x5, {0x5, 0x0, "b1a748"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
sendmsg(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x1, {0xa, 0x4e23, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x10001}}}, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB], 0x1e0}, 0x20)
syz_usb_connect(0x0, 0x676, 0x0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0})
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8042, 0x0)
fallocate(r8, 0x0, 0x1000000, 0x3)

6.601085493s ago: executing program 5 (id=1261):
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000040)=0x1c00)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
fsmount(r4, 0x0, 0x9)
r5 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280"], 0x48}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$alg(r5, &(0x7f00000000c0), 0x492492492492627, 0x0)

6.207030985s ago: executing program 1 (id=1262):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x14)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYRESHEX, @ANYBLOB=',rootmode=000000000000000000400', @ANYRESDEC=0x0, @ANYBLOB=',gr'])
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5.989842894s ago: executing program 4 (id=1263):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000300000000000000000000009518000000000000"], &(0x7f00000001c0)='syzkaller\x00'}, 0x80)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000680)={r0, r2, 0x25, 0x0, @val=@tracing={0x0, 0x3c73}}, 0x20)
syz_emit_ethernet(0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0xdfd, &(0x7f0000000c80)={@remote, @empty, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x2, 0x0, 0xdef, 0x67, 0x0, 0x4, 0x6, 0x0, @empty, @remote, {[@timestamp_prespec={0x44, 0x4, 0xf2, 0x3, 0x6}]}}, {{0x4e24, 0x4e23, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x5, 0x0, 0x7ff}, {"03af37b1662e57db10c94becb9ab5c1740e805ec8e70738faa64f0d67261245552201d3095621ac0c065ce5bbb222412f8b2dc77b49ce05f5c72882275f43ca4e8bb3f1ff2bd213709d031eebdf30dd9777637c0c243be721a3a9d1cc7e2a20f9d7d064853c229e73548b740de2a51d44e7b3bc52b3fcb0765fa928b9d243f4660f07b8cff5ba2a8507753150ccf4e3df315f455994c48d2422fa39d29ab743b065846b71e3e8169f491917cfb0d9e6902c3ff43a54ee06c7c304f9307b578959d3e3fd01735bf27ac16c422217b6d1ede33733e41c7dfc5ee6f3d4d547d2215dbcf532570d0c48b2fbdbd64871a61ff36e5eac39e3f1b85a4dd081b32c3cfd8d8eec33ad265cac5f496feeb5e16b9f95f0250b92989d0d5b1c1489d736414dce8d1a5de4952a8344a0858befa60030096dcd26587765ae609ea4d30b684281f4349e5614d9fa7cc061fc70248f8e2f1a19b2df506c50e5bc1fc3617820dbb2faaf17d35543b69fe3a0b212f8d467e6fadd3a04ac5d9026b62e40fdbae8aecc37c8962220f9f30580e2f493d47838ed3678a014e0dee17a7168b6ee6f996f92fbf48d43db4b766336173cb4c33a2915ca62ec34a6adbf6253936e49f4687ec359b61b3c72ed28d37ace89ae90c7e51fcf1a4dcc49ecadf849b63e098db6e6ce2b8b81fcb8457ce5b25e22df9cfa0b3b87729e13e23a5e7255aa60e3fc3da445ec5e252348ece4e2244755588ebb644f3b3fd984c17390fa1125c116e94659a162497bf624eeb413b897d8f11069e8960049b2369a987733b0b4b8e419c2098e24c846dc01476a64f7e2af5b7d077c537a043b771a2d6fff3dfc90ffa7313f8e5a1d94c94245da11e240ce8efc3df24fc18afdd0ca6c8cb13632ae29491b19cd08fcb0336ade09ac3d1313fcbfed39ce576580117bff0fe8ccb9752be328327778ea7aaf40b2e25217748792bda076f71a6f7089681722a816dff8f932fd5b22ed9ad76170c94c32c6ef076c2c9975b3ab1d727df07f9d9f3323f74370d4cc5b2ec6c30dc1f417330fcee79ec672aab5ff7ad0eb917cc29108bc98056a444dbb911bde1007da50edcb6ec220a4d62434621c426f8826f3bca5294085d3e644be231f2ceb081d761bcb8d67f33ea0184784a97d600292db02fabc6cae48f28b4653057c1943a6e12a3f9c8b0165cfe1fcfc737470cff30fb4a2d8746277b9f4f9d26637d8ad76c9bf389deb56d102c0c57e7f192761df43252e06daa5b54d8bb0dcdbe8e275f4efc161cbce9dcf494b233ad62308aac08c6a3ad1e61f55026f2e02e5bba4fb667bc05ac92999ab71475c812bc9db0ba1989e71dad60fc3996361a62232d5dd2ea71648d8f2f1ddaad4560027af83cf10f0026107dcc254cb65bd7c414fa377e3752e7227b7dbcbb9c1f2d3ceeba3dca37e88abb6ad5728260596ba7cbebc2707e008b845715b3f936a082e7d5084cdb73ca47129b8b68913a98dfa7d58c54ca10a7e8b3ec7d15dc8f603c860eb76d7b615bfc1f986e5aa156e33c3169625a57f789d612d8bf998442e12b8e1195e53921936c49080873f0a05ce4b21a6cd6db4e5240bf820f31ddbf93039abfb095c4e60eae509b4c49d3ab4231efa754e1615f30bccf707fb0fadd38bfa8f12737aed3890761abfd85fd8d77feb71a224400525744cea2d6316c155d9323e6cc5c25b65a9ccebb8d0cadaffa16a15f50c10e5b38aef4059d23db5d934fc93f30d4269dfdd48f6f23c0ce777ed42b05b0a51c8bd2d1574f49caf8e99bd130c62bb9277dc41d7e743aaf40e213add4e7e2c66bf0585fd23596b079f2d10063b0626c359a006d8a14ea4489ab65792f5dec14e09f9f3837895d5500ed7449b6cfb4934da303d92728248b61a1414da9b6ead6aeee9157eb9885d6844db5dbea3f227a278108159f922f64dd60fbf2e96f11138a47fe4a596c1256d534e67ea8d813ee451618a5d4c8df4e9528a1c4f6696f316c25a2c684d0ce364b57248cc8c5a77d0e128fdb8299540ed9ae436917698561a5c07683d011c15a841c5d3f35ff272275fc9d85cb14c951d1bcb384f6a171a3c8c1aae47a83299d39ba06e20834d56eb640ae181c9e61f1fc976a600d58678f2322b31990784c185580aa2b375b905dade22f7ff0b9459af1ebc9ca2cea15e120e48371b0180ef1c4b6ab266a71979ce0f5d8750d3231cf46b00c3424900e3457a7ff8dfdba31c5f2ce0b67f42899dd24e1c5b0b604aeaa0b5bc5395db00633caa08b2655a4e5df2880ce7e3b64f3b50e96784cc1c10b0737deb85da6d50293f8270c8c6cb545289b7de3e2c7f1bbed86558e10e5e5d5a4906d148e53342cddffecfecc9251ddbcddf66528d3add6ea93c822c25ff32b708d2e9455f62a1fff7598e8a1b44233d950bbdad17aad4ebe83382dc08bd985b2fae1000f59a1d60270c73c5c08db45a61164c04e43a6363589d66ffa7fc7cdfc497cebf5895c1536cde6fd7d899b4f5bcf35571351358f1562ad2a15c48efe49a5cd7f624659a091af0527fd22c6ebb2af4f7eecb0f8473b977a80512c3d24bca1bfcc4c85ba33a6f818a3cc7baa560d2dd9ffd673546434d2547b8efd207bff3c70a3366da5cdb669f7b31dff00cea793a72df5ff886a2db08fbe099a905425c23c2ea2651e2a5ea667f64a81577184f908df1b0d0941382ef99497a057f9ced400f71340b4069c8c268ec699433ad59205b7ca5e08c87a8102c626f5b6dd3e5d1f430edebe8485d924200d5be4c9b0bd42097e9519a446807dad8834e4a7103a4caec3418cc0d9058182872c9e2f5be6e15fa9e86c901c18896d1025e829dbcfb329b6b7b2d8a35a2c9df4cb4efd18546d09b3ba30d924495dc27f17dea92909129e6e7dd69635d6d930fb2786e88265020cb5626d7c158d4c8af312eb17bc6f62d3748e229c0ffd415efad556db5e76a7a1d5815b29e9e7a631bf6adc9b52a4983a0d2edbe38857856e0c064939d080e79cda92fd027b989976a3d6459ac0925d7159e015698a1133006e21a98219db6d629814fdbb0a537edd037db327b834063c03ac1b3d98df2d869251d11cec9ce067eb3bda922a7e51d645cb48ed4631573e147b643b931b0c281ccbda9605bf2c9e7f72d174921b5171e2cf66ec008e769fb05397ac9d6d8d09193d790c428e1e2f75b4fd79462e9491686c0142bfc9fb70b3de154a90091755ff6202a407d234dbfc638e9d6b6c7ceffce7f6be8a47e8c3ffdeda304ebc31fe76c24bb7fae4e3e4191bcc95196e0499bbd4ac38e36466126657396fecddc9a992ce589229202fb0161bc45725e66c3cdec1a35224da619d2a329791f6d0e424ba5aba386b87fcab8c42bef14635819b339b0593de9d004ae234328eb180bf969969c1f74a0f104922522750010592852dac466523d9a8bae85348a3b422f74b59aed3c0549134dcb057115010ed5bbc84b3cdd1595c4016d5900990fb21316ed64599ef81ed5e4d3e9de592ec22d916c3ac20ff5941edcf049e9c301bfa129cf33a40ebe6096e91adb995d0da960224aa713748e14285326f2aba9a056dbc5b2baba6d7d4c480c6cebba68fcc92cf3e4ab53f4001271643b9bbe713768f8c8a4ae1b0a77ccd516658188221b1cc69ba335a695bf24792a725a5dca59a9bf08bc65904071fc5c40ffad2e85588754adace7af83362dc49e568c8f368b2528361082dbfbba692e315585b0cbbdb5492643c9804e3427d266a2863d8f3c71f657dc2b98387f9e0aab5ad4fb0481cfd0bb2a985817e66ade285d844ee374e42648c5b8387a5dccb7a7d3c437c328a5a54b6b5364a2565eccc410b8c3b99a7955c68c2cdec9e5240f81aa9d29284299498d4451be05a82de5fb82d540770a41f2248386d2e39dac6a486e3015aa78399d71619a661f920ec46713dc9f72daf081d95767c8e23e5c1aa706d4abce518574301267499ed082c03944133f739abd8bbec09244c45ff2dc595b58b2f7a2ec7016e59b1cdb036f26d01baf0c5208f3ed683f7ad67abea1176085c231e22d42f2c59f7c89cc3d01a3578ed0f1d785fa0cb493cd01eff0597b74648f6655fd42e428048feec4a038e55e3f3338c5a780c5309268750ffc726613f86f4f8f261ccb820516ff267ec5ff3100ce6bf9c25e5a79e810117aa9e955df8a19d9c141dba7f424efed6ac7f3e69a5afd3d573026f7f0e11706eb5ad61975883c97d81ce29318f03c761ca3c528bdb4edc614405e82b313e07132a699328820a55a5087636a550f47fd2521383818cda2ba50eca7be430c4ed67b58a54c9f7c84f19071b0bc4a148434ee78025d87f0177dbb8064ac61a47c0641bdb6779413227c5e35c84ef7e982924a586edfcc93452bb4a744164f4a99a9cb4b9a4841abb4fc0a0b6926380f52ff548ee6f43e63216be2390908a58049e9f718851e00433939fe90a2fde16ff7c1120261bda71023009dbef61b98c61f8a5681754f5adfc76543d27e1c786648fe343465acd87e4629a938d52577e7a5677122cb06eede3f43c481270c0751979347a86e87bc6c195054e67a11c876f0dba7c3e6353c101bb8eb0c795d3bba71653b033d3ccc0bb5cbc45a133a6f349874f5aabe608382bfe247e42109bd5b6bf8579d74b1901c6f98cf34bdac200d37c24af1d8d00bdd0565d30691e319a660f13cca25796d48304e8c09d7773876f34e1a028793f815294fb044d9f1e0b36271ae6fa3b1fa696399869037ecd27ebc763ff6c2b73e0ca8ef93fe44c577e9b0a93bda10015c2e4b37d70a8d327d9fd8353da0998e0b130eefcd77ad492b0cc9e8ca89d8be522372bcd4ac2c61be83a4bc1104eebb190fc31aa38a3f0d0123e2fa9dc5b8455af9ec196e37bfd65bf33cc3bcd54bd6229ab02856ec3baab4f461619472d62285bfd006d9be9ddb9fc4538783a113e2fc4bc27f4da7ca92164865b57bd0b944747f48d1606"}}}}}}, &(0x7f0000000280)={0x1, 0x4, [0xb45, 0xd8a, 0x788, 0x14d]})

5.888053998s ago: executing program 2 (id=1264):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x2f, 0x100008, 0x0, 0x8, 0xf, 0x3, 0x3, 0xfc, 0x0, 0x1, 0x0, 0x4000000, 0x0, 0xff, 0x0, 0xfffffeff}})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x3, 0x7, 0x2, 0x17d, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182})
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x1e1983, 0x0)
r6 = dup(r5)
ioctl$PTP_EXTTS_REQUEST2(r6, 0xc0603d06, &(0x7f0000000000)={0x0, 0x4})
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='illinois\x00', 0x9)
sendto$inet(r0, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0)

5.580253987s ago: executing program 1 (id=1265):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344], 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[], 0x48}}, 0x40800)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x0, 0x10)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8000, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x2}, 0x0, 0x0)

5.579699695s ago: executing program 4 (id=1266):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ptrace$poke(0xf, 0x0, &(0x7f0000001540), 0x4)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, 0x0, 0x400)
bind$unix(r1, &(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0b00000000cf1c7b18"], 0x48)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000030000008500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xc3}, {}, {0xe, 0xd}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000340)={'batadv_slave_0\x00'})
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="89000000120081ae08060cdc030000007f1be3f74001000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e281ad6e747033a0093b837dc6cc01e32efaec80000ec00120c00014006040400090404009bbc7a46e3988285dcdf12f213e6f768fec601955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$poke(0x5, r6, &(0x7f0000000080), 0x0)

4.164505203s ago: executing program 2 (id=1267):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, 0x0, &(0x7f0000000100))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001480)='./cgroup/syz1\x00', 0x200002, 0x0)
mkdirat$cgroup(r1, &(0x7f00000000c0)='syz1\x00', 0x1ff)
r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r2, &(0x7f0000000080)=0x7, 0x12)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0006}, {0x81, 0xa6, 0x7, 0x3}, {0x16, 0x5, 0x6}]})

2.808070675s ago: executing program 1 (id=1268):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x658, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe, 0x2}, {0x0, 0xe}, {0x6, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x628, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0x104, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0xb4, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x68, 0x2, 0x0, 0x0, {{0x4, 0x0, 0x7}, "645809825d93df900fa8fae387fbed6313a639f20b0238ccdd4da9fde2f0be34e659ba729925eff5ebd76dec200e0c6b209649b549944fb335b53ad7e5b0f72af98dbb05ee1778a3e952122289a807cd7b48f87fa52a56b8fa1e"}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x4}, {0x4, 0x1, 0x6, "eb"}}}, @TCF_EM_CONTAINER={0x18, 0x3, 0x0, 0x0, {{0x4, 0x0, 0xb}, "d0fa3d16cd50d147ba"}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x1, 0x3, 0x81}, {0x10, 0xe, 0x6, 0xd4c}}}]}, @TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xffd3, 0x8, 0x8}, {0x3, 0x6}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0xf0a, 0x3, 0x6c0}, {0x5, 0x0, 0x3, 0x7ff}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xf, 0x7, 0x7f}, {{0x4, 0x1, 0x0, 0x1}, {0x1, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x4f8, 0x9, 0x0, 0x1, [@m_gact={0x140, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x9d, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x2ca8b8d7ec1784b0, 0x2680, 0xffffffffffffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1abe}}]}, {0xed, 0x6, "f2984ea5ae0b0909ca5198b5e56548da1af4efe458d68e8346a5ad6fa8d75b3efbcec03667694b23e57efb5dea177c9fec912eda500f92ad241d4a3e1eb9b05c2461a1e89e99a22f43eb3b64257b78512c9df802c3ea23ede5e978e8db3be47630f9b48cdfcee2130369da2ce7473e6324d4fc0342cb38a9e544eb6f4e0148acb294b877f68eb4b6b13e38196c311c9ebb06d7a5ee9ead5689128fa35472611715963d35fb43d3014ff74e144932866ca97f5c001aab6053dd7ce7d38a407074614c2a21063cc49a687085d3ab9d042fcc913d8377863381be46ad8fade1f71945e9d5053fd5d1123d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0xb4, 0x1b, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x5, 0xffff}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @rand_addr=0x64010101}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @dev={0xac, 0x14, 0x14, 0x30}}]}, {0x69, 0x6, "effbbfbb9975b98b391b34602a99202c04f8aff0f475c3649e7f9024793790e685860edfb7d78570905ca6acc9165a1fb42c399f209c0f00a8f4866f081cd17e904ddc3210cc30ec49b70f2b1fb3ead1fe143d5356ac58b602d03fa75b270e66d3b14a3b76"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0x140, 0x1f, 0x0, 0x0, {{0xb}, {0x3c, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x3, 0xe1a3, 0x6, 0x3, 0x6}, 0x4}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x8000}, @TCA_SKBMOD_SMAC={0xa, 0x4, @local}]}, {0xd9, 0x6, "364a95306a0125f7c7762d651b8604a6d91ec4567f627089ed8d3453859a3d2c79d3d70f085dca8af621c4a5da976ca910f38151f1a68c0e0730e7273e6af4eab8e2ea5df8cb0f6ab249f7561ea8c0dd3e562e5e6a1db3a546a7f7c5f1d0ae94557d9f43b53f0c2e3edaf804191d2d3a1cbdae068d8e342ed2d4e751b25b639e2536238fb6a4824a50b9c6bb62944110874faeed2eb2a6db4dfa6ff7d67302260dd8c80e3c4c3a3a11f1d204106eec615119eaaa73bd0bb3e2d774039d9c7e0d445019a712cc0c16707a7b8505b7c94133ceccee82"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_tunnel_key={0xa4, 0x3, 0x0, 0x0, {{0xf}, {0x5c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @private=0xa010101}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x54, 0xffffffffffffffff, 0x10, 0xfffff001}, 0x2}}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x80000000}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x9, 0xffffffff, 0x10000000, 0x3, 0x3ff}, 0x2}}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @remote}]}, {0x19, 0x6, "6c73dc20ec0f1f62d72faf3465d04d6e1f1e4cf9b5"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_xt={0x11c, 0xe, 0x0, 0x0, {{0x7}, {0xc, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x6}]}, {0xe9, 0x6, "2a0caebad864038ff40a5d287f3088600ceb92031a440f806744f2c29cd762b34d1c3e200652a37a380abee23790e6050e067b4335afeb4ae4a0dfe9fa72cc1df85464324a30272ee56c17d0913025ba5b385f50249552b3d0baa66c6ffc89df47949c8e52874be2547d84a88eaf65c1a57f44be2ac8409dc80a1286dc54b446bceacb288bceeb018feed674cd3991cf602a4e1e2de9b27bb4036b0ac3e4a6048cdd4ebfc8b92c63ac0f4245eecd529108a46a7eaf202777861df68712f67c7f83338caa73ec2f351fdbe40e46f577bf7a5be51d0996a396ab824c47f201ff8a90dc191b12"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x658}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

2.460240002s ago: executing program 5 (id=1269):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id', @ANYRESDEC=0x0, @ANYBLOB=',gr'])
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.407616415s ago: executing program 2 (id=1270):
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f0000000040)=0x1c00)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsmount(r4, 0x0, 0x9)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280"], 0x48}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000e40)={0x1c, 0x2b, 0xb, 0x0, 0x0, {0x9}, [@typed={0x8, 0x2, 0x0, 0x0, @fd=r5}]}, 0x1c}}, 0x0)

2.256707417s ago: executing program 0 (id=1271):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0, 0x0, 0x10}, 0x18)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20000056)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x50, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev}}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @multicast2}}}]}]}, 0x50}}, 0x0)
futex_waitv(&(0x7f0000001b00)=[{0xfff, &(0x7f0000000940)=0x6, 0x6}], 0x1, 0x0, 0x0, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94)
write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000140)={'full'}, 0xfffffdef)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/tcp_timestamps\x00', 0x1, 0x0)
sendfile(r3, r2, &(0x7f00000000c0)=0x8b, 0x100000500)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000300)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x400000000000000, 0x0, 0x0)
recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
capset(0x0, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd})
socket(0x25, 0x2, 0xffffffff)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x4004)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x98, 0x30, 0x51b, 0x0, 0x0, {}, [{0x84, 0x1, [@m_skbmod={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}, @m_ct={0x2c, 0x1, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x98}}, 0x0)
sendmsg$netlink(r5, 0x0, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)

2.102927814s ago: executing program 1 (id=1272):
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344], 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[], 0x48}}, 0x40800)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x0, 0x10)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8000, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x2}, 0x0, 0x0)

2.015741647s ago: executing program 5 (id=1273):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
prlimit64(0x0, 0xe, 0x0, &(0x7f0000000080))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
socket$packet(0x11, 0xa, 0x300)
read$FUSE(0xffffffffffffffff, &(0x7f00000024c0)={0x2020}, 0x2020)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004300)=""/102400, 0x19000)
socket$xdp(0x2c, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000001600)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf200000000000002600020007ffffffbd0310000000000095002000000000006916000000000000bf6700000000000004070000b964b01a4607feff00200000540700000ee61e00bf150000000000000f5700000000000065070000d23700002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e0f84f9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f18c30907d7bee45a0100000fe9de56c9d05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f1d5af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8dfd13ff15f852a39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916fcecc8158f0200000000c8fb735fd552bdc268694aeb0743e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6037ed8c85f21ec2c081bdce431e56723888fb126a19bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c921b5bbf7949632cacfdd32b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3738270b315d362ed834f2af97787f696649a462e7e090000000000000045eac1f2014f720e83b7838e3eede14308d582685e1becd6f35154bcb4000000000000000000000000000000bc3af2b170ad3e2b26539cebca8f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed840a7afaab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b4040c1458d0320ce7d0000413a0000000000000000005f37983f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc1cb26a0f6a5480a55d624a0c544ba0dc828c22fe30000aa391598000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac872ade9d1f2ab779b8dbe843aeeda0426c767c00327b8c95b2bb6ddb55117669d9598c0f3598073f3a921c76beceff7e4fbf909a2cabf5b8ea5011db9020823b83abe54346c7af0a99fa077ffe7000feb9e44023a1749eb1d0d572b77d6e0d0fcd74031c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c7108ef0a7e59fd6d906fbc3c9b412e0478cfee4485f423c63f49db43833c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4fe39cc2d292691672cc18ca372104ceb83a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec905000000b13f4a2575fbe943a6c40000000000000000000000000000028026b80c3899543223a6079ee96198b9a326db3be3a48af415ca28ca68c502550044ed8e29af8d763ef9b1f31befcad2ce5394601c7cdc233bff7f0000000000009fb3ad650f77e339768924dfdbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c1ba322fd4d6fbf19e617d51f964727bfd5cc5ba15370f6e1141d2271eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d952c7ad17a58d9be691c334ea35bae71e76e160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1d802af2b7bcf6f8af41933cea0d0343261bccf64ca1c81045153eafbefdb91fbdff9ee3307d4a1837963b2dc2a3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16ebbeeae1ce2baaae05aed6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e529c5bea49cad70e22df522c2803b6ef65df70223c6e22c3433e322d8dbd6e9b040065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d1382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da04647aa5e6fc1a6f5d663380967ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e81fc068fcbb9792b673827fe7018a988fbce55bb74cdb327ced4b77b8743fb3cb72cc280b9f62e4f92f46a19600b802cba88b7d0a938d9e0e6cfe5d66b874c9a0c6c04b96360d6f499d004179e5b6025c0e1050faec7ecd9de190a975db2f8c06a551236278c4766d7e22e3b85168c9851de6266c791252f919b4f8b257b5a786734e5142e4666c67aef5b7b2f88c6640995434aa8636993089c73f196c54ae829ad4307132655b075ae534fa7f1ea9a17e62357b0bd2bd1d62d34bfc1364640250136729ba4f763ff25c33e8acc806611792add8254e705fefd2a44d5b15e3b36f6b75c97c9c04c511d8cf9e24c61c8284a913a381cb1a5628878040000000000000017b68afd95d4abf7920de9ebe1c89661f4adc3d83d72b1b778e30c2bf2efbbcd054cf51f4205ebf9a98a0d9f18135cb1d8d567c3436fa697b72c3b0200000000000079c0b3339debc78352b2e65299223d7ef2bd540e78167b3ac92a4c4f826f6d0e5c4ebf4f7a70c03e2f5ddbebf168586360c3663531eb5995d228f011a10ffc8b17d716b0c528dab6d0c4fe2ee402348104bc5d4012babedee898c6d3e1017be2e9bc759d3ab4d615f5000000000000000000000000000000000000000000007fff0000000000e693e314adf7dc9f517d04f1e6ca367d30d31d3647c6059db6e1e9529eb1623ef99e2d9ac2ab4872f8e784b07a31110bef6d000000a6f9e89e6d50ee06ce716f94da60f1f22d9669560d296287c13c92070000ee7553eb2df17839542fa88d09f000e88a90cf4406b9000000000000000000000000f441d6a6f516c235c6f5863e7f454ee0e16b9aa2593eb31fa3836703e7765aaeb77a8770e518efaa6d3dd85e03b3b133eb749057cea9af75a0e6f633532f2891b8e263cb6eecea691842827bc7c8c0130187081c8d320642389f5f0c42dba0ff68e84d7b130906f17f6aa075a257310f2d92cb1d1e16468949f5675262ee318e735930b01d8f586e34537bcff7d6196f494cdcf3a712078d745db0f5687a78ee6d000b3d171a0f08299b52d207f32e9da311ca090000003a42732808515eec574f892622c5be497fc3d9ca122d7c18b9e54637812c8debc61f0e42d838e44a819b74bce1a56108bb0fde97a02475920532309c55b2c9ae9f281391ec5cc72a5e94cca1cbf1ff01000000000000bdb537a0c52bd45a9f966c25616cec30c3ea3246cb8e6aac7cf273638e6656a3e4ccadc348f0172028c99cc5f6d5c6d09ed65aa54549e73c28b7c8ad06ad3c5e3c27eec0eff1a6c84f1189919eefcee807fc081e004ffb7d3104af00ac92f1080211c4bee74381a0e31021918f27863fdbafb50f70857d52a1f7df51935a80b1980a4778d35f183ea517f55a98095305701ab3f3ae43f06e91bc7d85e3800b46926944fba9805a985e63e53a62232fcd3f01dbe1728f300e247a7ebe344f9749818ff3961b2a42664ccd680a90bbb6ab400e286acc8f9febef64594777f848ed1cf980a3da2f0f7745760a05887d0c28060d613dd6539d392fc21fee0b5131609664b821d7a994e6c5965a4fa1ec1790c54e54586907dcc5e8bac16e79da9c2444420900000000000000f888a94365b99b72796fca1b922fc9aefaf1546c17cbb1d2d2fd12cb1a49cad501a3ca218c595b667b634606c57987ebfb0783a4948e4561d5cda158fe74453ff4a837beeedba483842c57d6005b544b4f80003386edfd3d4a88a667bd41eefe0d808abed08a29e6bc370a80cc0366fb4080bfbaaa946fd47ab662c794846e403950bbc3a48bb276cbb08a8eab145c06221ef16a238e3d50ad18aea9a2cec97d3c2d0569caabe2bffe02506bc9cb7294c5d020536dd5e7a6351642112df3b55d0215aaec7e45598995e79699e47567e353e68b03f82be860b188554b734e1192f9c1a867b815ef52cdc3307c0cc9be05a40fde69c350e59f11f1d26a4d04d8c8b2c4a4d23ec931d14bc7807db773a614b670acf46f83f7c65a0f8d43c5f64705f0d27c46d4b686e867e9b0be76a7978a8f962bb5a070df97f2bf7612115cfe5ebdc7ad0bc5a5f3ace25347d0e5c347279d55aa67a967380000000000000000000000000000000000000000000000ed0942d980c754c6c69ef65c375ad018824f78b260d5f51bc3feba504408a8c8141d84f3f417603b5081680f346ff0ffbe4ae19e936511966965ce268b6345a0001c0f26a32e0a999fc869292e939dcf89b9bfd794f9c12d41959a00688cca43015a9eec58f647796adea520cd2abeb0b55c22949d10e5a05fee4543fdc1e02554a55b5fef2427a6e5708edc38fac53c2f961945a3f83cdf01979939b49bc6b1aef8c733401bbe473de8d64efbe0d123739f387d1c0d9e74f2175c174ada1678c7db79492e8dd0f34e2ccf419cf7f14ffa408b50a52685b36aed14aa22ad928191d5a2697646edc52a1c0c5d720ae690add2b34aed161f51cc1cb424f76098e1e1921e5a405f9d298a8461f2da30e47b7c6ed7c95c84c745f58723e4cddffae3b53b5b947f9435e589f9ae55b30ecd3827b2de5df31976870823da8058c2538c04e397f3d0ef90c11c74da984fa558697ecb57224ce8fa6f79aadbd7dbf3678e74d790bc2ee72769a3ada1dd504f8e4133ce1effd446bc9a2f139e65cc4bd83912af3122352506c7c2191b3705116b2f4fc20d4e93882bdd6ccea97f3a08d3565b0000000000000000000000000000d35fb97c2d7a9374294dcec3da3df9a13c4fc63b00426682534d894caee0b963a3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe50}, 0x48)

311.099959ms ago: executing program 1 (id=1274):
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53c"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
sendfile(r0, r0, 0x0, 0x8)
socket$unix(0x1, 0x2, 0x0)
r1 = msgget$private(0x0, 0x790)
msgsnd(r1, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0)
msgrcv(r1, 0x0, 0x0, 0x1, 0x3000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000004c0), 0x208e24b)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
writev(r3, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
rseq(&(0x7f0000000340), 0x20, 0x0, 0x0)
r4 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x42, 0x5c})
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xa0090199)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ftruncate(r2, 0x8)
msgsnd(r1, &(0x7f0000000040)=ANY=[@ANYRESDEC], 0x401, 0x0)

51.291467ms ago: executing program 5 (id=1275):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000001000000000100000080000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0xe)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000140)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000800)={0x0, {0xfffffff9, 0x0, 0x8, 0x3, 0x3, 0xbb}})
write$uinput_user_dev(r2, &(0x7f0000000240)={'syz0\x00', {0x9, 0x1, 0x2, 0x3}, 0x2, [0x5, 0x5, 0x81, 0x8, 0x4, 0x1000, 0x50000, 0x1, 0x10001, 0xffffa103, 0x3, 0x6, 0x6, 0x6, 0x7, 0x3, 0x6, 0x0, 0x40, 0x5, 0x1cac, 0x3eb, 0xb8f, 0x3, 0x400, 0x40, 0x6, 0x0, 0xfffffffa, 0xdc, 0xffffffff, 0xa1bc, 0x200, 0x7, 0x6, 0x5, 0x3, 0x1, 0x0, 0x0, 0x2, 0x400, 0x7a08, 0x200, 0x3, 0x6, 0x800, 0x7f, 0x4, 0x7, 0xe, 0x9, 0x5, 0xa, 0x3, 0x2, 0xf7, 0xfff, 0x71, 0x7, 0x1ac0, 0x4f, 0x6, 0x8], [0x5, 0x3ff, 0x6, 0xea, 0x3, 0x0, 0xca, 0x1c5936c5, 0x9, 0xfffffff8, 0x4, 0x1, 0x7, 0x6, 0xa, 0x4, 0x2, 0x4, 0x5, 0x2, 0x0, 0x6, 0x9, 0x1, 0x9, 0x6, 0x5e5893ee, 0xfffffff7, 0x9, 0x10000, 0x3, 0x8001, 0x2e6d, 0x7ff, 0x3, 0x1000, 0x877, 0x9, 0x8, 0x8, 0x80000000, 0xfff, 0x5, 0x7, 0x8, 0x5, 0x75da, 0x2, 0x5, 0xe8, 0x3, 0x9, 0x5, 0x7, 0xb99c, 0x2, 0x1, 0x4, 0x4, 0x1, 0x1, 0x9, 0x2, 0xc406], [0x80000001, 0x2, 0x9, 0x9, 0x0, 0xb9, 0x897, 0x5, 0x3, 0x4, 0x2, 0x5, 0x3, 0x9, 0x9, 0x7, 0x9, 0x61, 0x9, 0x5, 0x9, 0x8, 0x2, 0x6, 0x8001, 0x4, 0xc, 0x80000000, 0x7fffffff, 0x1, 0x1, 0x6, 0x8, 0x3, 0x2, 0x5, 0x3, 0x2, 0x1, 0x24, 0x9, 0x2000000, 0x4, 0xff, 0x7, 0x3eef6cc9, 0x1, 0x7, 0x7, 0x8bd, 0x24000000, 0xfffffff9, 0x80000001, 0x5, 0xffffff1d, 0x6, 0x0, 0xa, 0xfff, 0xfff, 0x1, 0x0, 0x19ee, 0xfffffff9], [0x0, 0x10, 0x101, 0x2, 0x8, 0x9c500, 0xef, 0x8, 0xc61, 0x7, 0xd, 0x358, 0xd567, 0x1d5, 0xc8b, 0x658, 0xcbfd, 0x101, 0x6, 0x5, 0xb, 0x5, 0x6, 0x3, 0x75d6, 0xb26, 0x3ff, 0x6, 0x9, 0x0, 0x1, 0xf412, 0x2, 0x2, 0x2, 0x3, 0x3, 0x9, 0x3, 0x5, 0x3, 0x3, 0xfffffff3, 0x8000, 0x6, 0x6, 0xffff, 0x80, 0xf, 0xfff, 0xfff, 0xffff, 0xfffffffe, 0x80, 0xb975, 0x5, 0x5e1, 0xb, 0xffff58ee, 0x2, 0x2530, 0x4, 0x26da282, 0xc]}, 0x45c)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000900)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r5, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10, 0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0xffffffff}]}}]}, 0x38}}, 0x4048000)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3)
ioctl$UI_DEV_SETUP(r2, 0x5501, 0x0)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$uinput_user_dev(r6, &(0x7f0000000d80)={'syz0\x00', {0xb, 0x3, 0x4, 0x9}, 0x3, [0xfffff47e, 0x0, 0x0, 0x3, 0xf, 0x0, 0x7ff, 0xa, 0x5, 0x3, 0x5, 0x40, 0x1, 0x1, 0x100, 0x6, 0x0, 0x7, 0x1, 0xdef, 0x5, 0x7, 0x1ff, 0x5, 0x73c, 0x5, 0x4, 0x7f, 0x1, 0x6, 0xfffffff9, 0x8, 0x6, 0x4, 0x7, 0x7, 0x1939, 0x8, 0x7, 0x2, 0xe12c, 0x8162, 0x8, 0x3, 0x1, 0x41, 0x7, 0x10000, 0x101, 0x8, 0xc000, 0x6, 0x4, 0x4, 0x5, 0x6, 0xfff, 0x0, 0x104, 0xf8ac, 0x2, 0x3, 0x7fffdfff], [0xfffffff8, 0xff, 0x4, 0x8, 0x1e0f, 0xfffffff7, 0x5, 0x7, 0xffffffff, 0x2, 0x4, 0x100, 0x8, 0xe63, 0x1, 0xa3a5, 0x2, 0x2, 0xb9, 0x6, 0x3, 0x43d, 0x6, 0xe, 0x4, 0x3, 0x6, 0x9, 0x1, 0x11, 0x5, 0x4, 0x8, 0x30000, 0x81, 0xfffffe00, 0x0, 0x10001, 0x7ff, 0x9, 0x8, 0xffffa467, 0x5, 0xfffffffb, 0x0, 0xff, 0x9, 0x6aac, 0x0, 0x3, 0x4, 0xfff, 0x200, 0xc1a, 0xe456, 0x100, 0x2, 0x0, 0x1c00000, 0x6, 0x3, 0xfffffff6, 0xffff1068, 0xffff9241], [0x9, 0x611, 0x6, 0xff, 0x101, 0x5, 0x0, 0x2, 0x80000001, 0x96, 0x7, 0x1, 0xfffffffa, 0x9, 0x4, 0xfb, 0x10001, 0x8, 0x8, 0x3, 0x1, 0x100001, 0x1, 0x7, 0x3, 0x40000000, 0x8, 0x3, 0x5, 0x3, 0xb89, 0xf, 0x0, 0x9, 0x3, 0xff, 0x0, 0x2, 0x1ff, 0x4501, 0x9, 0x0, 0x9, 0x7, 0x966, 0x6, 0x10000, 0xf, 0xffffffff, 0x9, 0xe2, 0x1, 0x8, 0x4, 0x8, 0x3ff, 0x5, 0xfffeffff, 0x3, 0x0, 0x80, 0x6, 0x7, 0x9], [0x5, 0x7f, 0x7, 0x9, 0x2, 0x6, 0x45d, 0x5, 0xab73, 0x5, 0x7, 0x0, 0x5, 0xed5a, 0x9, 0x4, 0x9, 0x8, 0x8, 0x3, 0xeb, 0x6, 0x5, 0xff, 0xffffffff, 0x7fff, 0x4, 0xcb7, 0xa3, 0xffff, 0x8, 0x80000000, 0x3, 0x1ff, 0xfffff26e, 0xf81e, 0x6, 0x9, 0x3, 0x8, 0x5, 0xe5, 0x2, 0x4, 0x4, 0x3, 0x0, 0xfffffff9, 0x7, 0x1ff, 0x204000, 0x5, 0x80, 0x9, 0x7, 0x5078, 0xd, 0x8001, 0x8000, 0x3000000, 0x200, 0x45, 0x0, 0x3]}, 0x45c)
userfaultfd(0x800)
syz_open_dev$vcsa(&(0x7f0000000000), 0x3b, 0x101002)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
dup(r7)

0s ago: executing program 4 (id=1276):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4020000)
socket$packet(0x11, 0x2, 0x300)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300", 0x42}], 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'xfrm0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x24040890)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000180), 0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
socketpair(0x1, 0x3, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x18, &(0x7f0000000080)=0x5, 0x4)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4)
socket(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0)
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r1, &(0x7f0000000200), 0x12)
bind$x25(r0, &(0x7f0000000080), 0x12)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000700)={'bond0\x00'}) (fail_nth: 1)

kernel console output (not intermixed with test programs):

essed
[  396.519410][ T8642] Buffer I/O error on dev loop6, logical block 0, async page read
[  396.535303][ T8642] Buffer I/O error on dev loop6, logical block 0, async page read
[  396.544154][ T8642] Buffer I/O error on dev loop6, logical block 0, async page read
[  396.552968][ T8642] Buffer I/O error on dev loop6, logical block 0, async page read
[  396.845071][ T8642] Buffer I/O error on dev loop6, logical block 0, async page read
[  396.858852][ T8642] Buffer I/O error on dev loop6, logical block 0, async page read
[  396.871661][ T8642] Buffer I/O error on dev loop6, logical block 0, async page read
[  396.883819][ T8642] Buffer I/O error on dev loop6, logical block 0, async page read
[  396.893174][ T8642] ldm_validate_partition_table(): Disk read failed.
[  396.901418][ T8642] Buffer I/O error on dev loop6, logical block 0, async page read
[  396.911931][ T8642] Buffer I/O error on dev loop6, logical block 0, async page read
[  396.922348][ T8642] Dev loop6: unable to read RDB block 0
[  396.932070][ T8642]  loop6: unable to read partition table
[  396.939404][ T8642] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  397.088642][ T8645] netlink: 8 bytes leftover after parsing attributes in process `syz.3.623'.
[  397.124475][ T8645] netlink: 20 bytes leftover after parsing attributes in process `syz.3.623'.
[  397.172675][ T8645] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  397.221991][ T8645] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  397.271961][ T8645] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  397.291087][ T8645] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  397.320127][ T5207] ldm_validate_partition_table(): Disk read failed.
[  397.343944][ T8645] geneve2: entered promiscuous mode
[  397.356711][ T5207] Dev loop6: unable to read RDB block 0
[  397.383852][ T8645] geneve2: entered allmulticast mode
[  397.390511][ T5207]  loop6: unable to read partition table
[  397.915277][ T8654] loop6: detected capacity change from 0 to 524287999
[  397.966528][ T8654] ldm_validate_partition_table(): Disk read failed.
[  397.982452][ T8654] Dev loop6: unable to read RDB block 0
[  397.997062][ T8654]  loop6: unable to read partition table
[  398.009919][ T8654] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  401.288656][ T8684] netlink: 8 bytes leftover after parsing attributes in process `syz.4.634'.
[  401.297999][ T8684] netlink: 20 bytes leftover after parsing attributes in process `syz.4.634'.
[  401.403095][ T8684] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  401.412148][ T8684] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  401.421077][ T8684] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  401.430044][ T8684] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  401.439998][ T8684] geneve2: entered promiscuous mode
[  401.445452][ T8684] geneve2: entered allmulticast mode
[  403.129079][ T8701] netlink: 3 bytes leftover after parsing attributes in process `syz.0.640'.
[  403.262203][ T1541] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  403.448565][ T1541] usb 3-1: Using ep0 maxpacket: 32
[  403.449991][ T8701] batadv1: entered promiscuous mode
[  403.459757][ T8701] batadv1: entered allmulticast mode
[  403.463894][ T1541] usb 3-1: config 0 has an invalid interface number: 133 but max is 0
[  403.479782][ T1541] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  403.504317][ T1541] usb 3-1: config 0 has no interface number 0
[  403.510981][ T1541] usb 3-1: config 0 interface 133 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  403.522372][ T1541] usb 3-1: config 0 interface 133 altsetting 0 bulk endpoint 0xF has invalid maxpacket 528
[  403.534060][ T8706] netlink: 72 bytes leftover after parsing attributes in process `syz.0.640'.
[  403.547740][ T1541] usb 3-1: config 0 interface 133 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  403.548591][ T8706] tc_dump_action: action bad kind
[  403.594099][ T1541] usb 3-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e
[  403.608464][ T1541] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.625822][ T1541] usb 3-1: Product: syz
[  403.630363][ T1541] usb 3-1: Manufacturer: syz
[  403.637684][ T1541] usb 3-1: SerialNumber: syz
[  403.650929][ T1541] usb 3-1: config 0 descriptor??
[  403.658824][ T8698] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  403.698365][ T8698] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  403.756430][ T8714] syzkaller1: entered promiscuous mode
[  403.764464][ T8714] syzkaller1: entered allmulticast mode
[  403.777667][ T8714] FAULT_INJECTION: forcing a failure.
[  403.777667][ T8714] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  403.826181][ T8714] CPU: 0 UID: 0 PID: 8714 Comm: syz.3.643 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  403.826211][ T8714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  403.826224][ T8714] Call Trace:
[  403.826233][ T8714]  <TASK>
[  403.826242][ T8714]  dump_stack_lvl+0x189/0x250
[  403.826271][ T8714]  ? __pfx____ratelimit+0x10/0x10
[  403.826294][ T8714]  ? __pfx_dump_stack_lvl+0x10/0x10
[  403.826315][ T8714]  ? __pfx__printk+0x10/0x10
[  403.826340][ T8714]  ? __might_fault+0xb0/0x130
[  403.826375][ T8714]  should_fail_ex+0x414/0x560
[  403.826401][ T8714]  _copy_from_iter+0x1db/0x16f0
[  403.826427][ T8714]  ? __lock_acquire+0xab9/0xd20
[  403.826456][ T8714]  ? __pfx__copy_from_iter+0x10/0x10
[  403.826501][ T8714]  tun_get_user+0x20f/0x3ce0
[  403.826531][ T8714]  ? __lock_acquire+0xab9/0xd20
[  403.826561][ T8714]  ? __might_fault+0xb0/0x130
[  403.826583][ T8714]  ? __pfx_tun_get_user+0x10/0x10
[  403.826614][ T8714]  ? __lock_acquire+0xab9/0xd20
[  403.826639][ T8714]  ? ref_tracker_alloc+0x318/0x460
[  403.826657][ T8714]  ? __lock_acquire+0xab9/0xd20
[  403.826677][ T8714]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  403.826705][ T8714]  ? tun_get+0x1c/0x2f0
[  403.826735][ T8714]  ? tun_get+0x1c/0x2f0
[  403.826758][ T8714]  ? tun_get+0x1c/0x2f0
[  403.826786][ T8714]  tun_chr_write_iter+0x113/0x200
[  403.826815][ T8714]  vfs_write+0x54b/0xa90
[  403.826839][ T8714]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  403.826864][ T8714]  ? __pfx_vfs_write+0x10/0x10
[  403.826903][ T8714]  ? __fget_files+0x2a/0x420
[  403.826937][ T8714]  ksys_write+0x145/0x250
[  403.826959][ T8714]  ? __pfx_ksys_write+0x10/0x10
[  403.826975][ T8714]  ? rcu_is_watching+0x15/0xb0
[  403.827003][ T8714]  ? do_syscall_64+0xbe/0x3b0
[  403.827030][ T8714]  do_syscall_64+0xfa/0x3b0
[  403.827055][ T8714]  ? lockdep_hardirqs_on+0x9c/0x150
[  403.827075][ T8714]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.827095][ T8714]  ? clear_bhb_loop+0x60/0xb0
[  403.827121][ T8714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.827140][ T8714] RIP: 0033:0x7fef4dd8eb69
[  403.827158][ T8714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.827174][ T8714] RSP: 002b:00007fef4ec67038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  403.827195][ T8714] RAX: ffffffffffffffda RBX: 00007fef4dfb5fa0 RCX: 00007fef4dd8eb69
[  403.827209][ T8714] RDX: 00000000000000ca RSI: 0000200000000080 RDI: 0000000000000003
[  403.827221][ T8714] RBP: 00007fef4ec67090 R08: 0000000000000000 R09: 0000000000000000
[  403.827234][ T8714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  403.827246][ T8714] R13: 0000000000000000 R14: 00007fef4dfb5fa0 R15: 00007fff63e9c248
[  403.827278][ T8714]  </TASK>
[  406.194093][ T1541] usb 3-1: probing VID:PID(0424:012C)   
[  406.226354][ T1541] usb 3-1: vub300 testing BULK OUT EndPoint(0) 0B
[  406.258859][ T1541] usb 3-1: vub300 testing BULK OUT EndPoint(1) 0F
[  406.296906][ T1541] usb 3-1: Could not find two sets of bulk-in/out endpoint pairs
[  406.378924][ T1541] vub300 3-1:0.133: probe with driver vub300 failed with error -22
[  406.448622][ T1541] usb 3-1: USB disconnect, device number 9
[  406.805034][ T8750] netlink: 'syz.2.650': attribute type 13 has an invalid length.
[  406.822529][ T8750] netlink: 'syz.2.650': attribute type 17 has an invalid length.
[  407.267906][ T8750] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  407.463673][ T8749] sctp: [Deprecated]: syz.4.654 (pid 8749) Use of struct sctp_assoc_value in delayed_ack socket option.
[  407.463673][ T8749] Use struct sctp_sack_info instead
[  408.360131][ T8760] netlink: 16 bytes leftover after parsing attributes in process `syz.1.656'.
[  408.740500][ T8765] loop6: detected capacity change from 0 to 2098
[  410.413152][ T8776] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  410.502176][ T8776] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.440071][ T8829] netlink: 8 bytes leftover after parsing attributes in process `syz.4.675'.
[  415.449271][ T8829] netlink: 20 bytes leftover after parsing attributes in process `syz.4.675'.
[  416.158466][ T8824] kvm: kvm [8822]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x6d7a
[  416.221157][ T8824] kvm: kvm [8822]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x2d7a
[  416.311535][ T8824] kvm: kvm [8822]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x5f2c
[  418.248929][ T8847] netlink: 8 bytes leftover after parsing attributes in process `syz.0.682'.
[  418.259770][ T8847] netlink: 4 bytes leftover after parsing attributes in process `syz.0.682'.
[  419.875980][ T8861] =======================================================
[  419.875980][ T8861] WARNING: The mand mount option has been deprecated and
[  419.875980][ T8861]          and is ignored by this kernel. Remove the mand
[  419.875980][ T8861]          option from the mount to silence this warning.
[  419.875980][ T8861] =======================================================
[  419.956418][ T8861] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  421.008711][ T8875] binder: 8874:8875 ioctl c0306201 200000000080 returned -14
[  421.064574][ T6092] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  421.252248][ T6092] usb 4-1: Using ep0 maxpacket: 8
[  421.270406][ T6092] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[  421.297832][ T6092] usb 4-1: config 0 has no interface number 0
[  421.318129][ T6092] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  421.343833][ T6092] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  421.371259][ T6092] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  421.402464][ T6092] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  421.448098][ T6092] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  421.558345][ T6092] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.577762][ T6092] usb 4-1: Product: syz
[  421.583845][ T6092] usb 4-1: Manufacturer: syz
[  421.588586][ T6092] usb 4-1: SerialNumber: syz
[  423.851465][ T6092] usb 4-1: config 0 descriptor??
[  424.017522][ T6092] usb 4-1: can't set config #0, error -71
[  424.712661][ T6092] usb 4-1: USB disconnect, device number 10
[  424.751599][ T8900] binder: 8899:8900 ioctl c0306201 200000000080 returned -14
[  425.216877][ T8911] netlink: 16 bytes leftover after parsing attributes in process `syz.3.704'.
[  425.661460][ T8925] netlink: 8 bytes leftover after parsing attributes in process `syz.1.708'.
[  425.671935][ T8925] netlink: 4 bytes leftover after parsing attributes in process `syz.1.708'.
[  426.952448][ T6092] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  427.202049][ T8944] netlink: 8 bytes leftover after parsing attributes in process `syz.2.715'.
[  427.211887][ T8944] netlink: 4 bytes leftover after parsing attributes in process `syz.2.715'.
[  427.217712][ T8946] netlink: 'syz.1.716': attribute type 1 has an invalid length.
[  427.241974][ T6092] usb 4-1: Using ep0 maxpacket: 8
[  427.684667][ T6092] usb 4-1: config 0 has an invalid interface number: 37 but max is 0
[  427.742024][ T6092] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  427.767173][ T6092] usb 4-1: config 0 has no interface number 0
[  427.823285][ T6092] usb 4-1: New USB device found, idVendor=0421, idProduct=0508, bcdDevice=50.d3
[  427.845147][ T6092] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  427.874363][ T6092] usb 4-1: Product: syz
[  427.878616][ T6092] usb 4-1: Manufacturer: syz
[  427.887508][ T8949] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  427.904217][ T8952] 8021q: adding VLAN 0 to HW filter on device bond1
[  427.911163][   T59] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  427.938188][ T6092] usb 4-1: SerialNumber: syz
[  427.963746][ T6092] usb 4-1: config 0 descriptor??
[  428.057536][ T7601] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  428.115932][ T8957] veth3: entered promiscuous mode
[  428.118074][ T6092] usb 4-1: bad CDC descriptors
[  428.329640][ T8957] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  428.917167][ T6092] usb 4-1: USB disconnect, device number 11
[  429.060048][ T8969] random: crng reseeded on system resumption
[  429.318886][ T8973] netlink: 'syz.1.724': attribute type 10 has an invalid length.
[  429.341466][ T8973] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  429.442941][ T6092] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  429.624172][ T6092] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  429.632632][ T1541] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  429.634260][ T6092] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.708507][ T6092] usb 4-1: config 0 descriptor??
[  429.724545][ T6092] cp210x 4-1:0.0: cp210x converter detected
[  429.803864][ T1541] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  429.819793][ T1541] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  429.829982][ T1541] usb 2-1: config 0 interface 0 has no altsetting 0
[  429.846032][ T1541] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  429.855371][ T1541] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.903256][ T1541] usb 2-1: config 0 descriptor??
[  430.174955][ T8971] bridge0: entered promiscuous mode
[  430.181973][ T8971] bridge0: port 3(macsec1) entered blocking state
[  430.188743][ T8971] bridge0: port 3(macsec1) entered disabled state
[  430.202380][ T8971] macsec1: entered allmulticast mode
[  430.208271][ T8971] bridge0: entered allmulticast mode
[  430.218379][ T8971] macsec1: left allmulticast mode
[  430.246271][ T8987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  430.261351][ T8971] bridge0: left allmulticast mode
[  430.268414][ T8987] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  430.288884][ T8971] bridge0: left promiscuous mode
[  430.414877][ T6092] usb 4-1: cp210x converter now attached to ttyUSB0
[  430.429489][ T6092] usb 4-1: USB disconnect, device number 12
[  430.486330][ T6092] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  430.571153][ T8992] netlink: 8 bytes leftover after parsing attributes in process `syz.2.729'.
[  430.581735][ T8992] netlink: 4 bytes leftover after parsing attributes in process `syz.2.729'.
[  430.913452][ T1541] usb 2-1: string descriptor 0 read error: -22
[  431.100144][ T6092] cp210x 4-1:0.0: device disconnected
[  431.319315][ T1541] uclogic 0003:256C:006D.0002: failed retrieving string descriptor #100: -71
[  431.334731][ T1541] uclogic 0003:256C:006D.0002: failed retrieving pen parameters: -71
[  431.503373][ T8996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.730'.
[  431.514514][ T8996] netlink: 4 bytes leftover after parsing attributes in process `syz.2.730'.
[  431.527952][ T1541] uclogic 0003:256C:006D.0002: failed probing pen v1 parameters: -71
[  431.884353][ T1541] uclogic 0003:256C:006D.0002: failed probing parameters: -71
[  431.942074][ T1541] uclogic 0003:256C:006D.0002: probe with driver uclogic failed with error -71
[  431.984835][ T1541] usb 2-1: USB disconnect, device number 12
[  432.240483][ T8999] netlink: 'syz.3.732': attribute type 4 has an invalid length.
[  432.498716][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.731'.
[  432.509394][ T9005] netlink: 4 bytes leftover after parsing attributes in process `syz.2.731'.
[  435.729874][ T9023] netlink: 8 bytes leftover after parsing attributes in process `syz.3.740'.
[  435.740383][ T9023] netlink: 4 bytes leftover after parsing attributes in process `syz.3.740'.
[  436.448864][ T9039] dlm: non-version read from control device 0
[  436.778743][ T1541] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  436.997015][ T1541] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  437.005951][ T1541] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  437.024332][ T1541] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  437.049884][ T1541] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  437.089323][ T1541] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  437.100763][ T1541] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  437.118934][ T1541] usb 2-1: Product: syz
[  437.131081][ T1541] usb 2-1: Manufacturer: syz
[  437.149051][ T1541] cdc_wdm 2-1:1.0: skipping garbage
[  437.165225][ T1541] cdc_wdm 2-1:1.0: skipping garbage
[  437.206703][ T1541] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  437.225518][ T1541] cdc_wdm 2-1:1.0: Unknown control protocol
[  437.356375][ T9040] FAULT_INJECTION: forcing a failure.
[  437.356375][ T9040] name failslab, interval 1, probability 0, space 0, times 0
[  437.463525][ T9040] CPU: 0 UID: 0 PID: 9040 Comm: syz.1.743 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  437.463557][ T9040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  437.463574][ T9040] Call Trace:
[  437.463583][ T9040]  <TASK>
[  437.463593][ T9040]  dump_stack_lvl+0x189/0x250
[  437.463622][ T9040]  ? __pfx____ratelimit+0x10/0x10
[  437.463645][ T9040]  ? __pfx_dump_stack_lvl+0x10/0x10
[  437.463668][ T9040]  ? __pfx__printk+0x10/0x10
[  437.463702][ T9040]  ? __pfx___might_resched+0x10/0x10
[  437.463723][ T9040]  ? fs_reclaim_acquire+0x7d/0x100
[  437.463754][ T9040]  should_fail_ex+0x414/0x560
[  437.463782][ T9040]  should_failslab+0xa8/0x100
[  437.463807][ T9040]  __kmalloc_noprof+0xcb/0x4f0
[  437.463825][ T9040]  ? kfree+0x4d/0x440
[  437.463851][ T9040]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  437.463885][ T9040]  tomoyo_realpath_from_path+0xe3/0x5d0
[  437.463912][ T9040]  ? tomoyo_domain+0xda/0x130
[  437.463945][ T9040]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  437.463967][ T9040]  tomoyo_path_number_perm+0x1e8/0x5a0
[  437.463994][ T9040]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  437.464037][ T9040]  ? __lock_acquire+0xab9/0xd20
[  437.464080][ T9040]  ? __fget_files+0x2a/0x420
[  437.464107][ T9040]  ? __fget_files+0x2a/0x420
[  437.464128][ T9040]  ? __fget_files+0x3a0/0x420
[  437.464149][ T9040]  ? __fget_files+0x2a/0x420
[  437.464177][ T9040]  security_file_ioctl+0xcb/0x2d0
[  437.464201][ T9040]  __se_sys_ioctl+0x47/0x170
[  437.464234][ T9040]  do_syscall_64+0xfa/0x3b0
[  437.464258][ T9040]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.464278][ T9040]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  437.464299][ T9040]  ? clear_bhb_loop+0x60/0xb0
[  437.464324][ T9040]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.464342][ T9040] RIP: 0033:0x7ff15358eb69
[  437.464360][ T9040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  437.464378][ T9040] RSP: 002b:00007ff15444b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  437.464401][ T9040] RAX: ffffffffffffffda RBX: 00007ff1537b5fa0 RCX: 00007ff15358eb69
[  437.464416][ T9040] RDX: 0000000000000000 RSI: 000000000000541b RDI: 0000000000000004
[  437.464428][ T9040] RBP: 00007ff15444b090 R08: 0000000000000000 R09: 0000000000000000
[  437.464441][ T9040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.464462][ T9040] R13: 0000000000000000 R14: 00007ff1537b5fa0 R15: 00007ffe73127598
[  437.464494][ T9040]  </TASK>
[  437.771954][ T9040] ERROR: Out of memory at tomoyo_realpath_from_path.
[  437.797246][ T6092] usb 2-1: USB disconnect, device number 13
[  440.226708][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  440.233423][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  440.309855][ T9070] netlink: 'syz.0.752': attribute type 29 has an invalid length.
[  440.343258][ T9070] netlink: 'syz.0.752': attribute type 29 has an invalid length.
[  441.323106][ T9081] FAULT_INJECTION: forcing a failure.
[  441.323106][ T9081] name failslab, interval 1, probability 0, space 0, times 0
[  441.374396][ T9081] CPU: 0 UID: 0 PID: 9081 Comm: syz.3.754 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  441.374426][ T9081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  441.374438][ T9081] Call Trace:
[  441.374447][ T9081]  <TASK>
[  441.374456][ T9081]  dump_stack_lvl+0x189/0x250
[  441.374483][ T9081]  ? __pfx____ratelimit+0x10/0x10
[  441.374506][ T9081]  ? __pfx_dump_stack_lvl+0x10/0x10
[  441.374529][ T9081]  ? __pfx__printk+0x10/0x10
[  441.374562][ T9081]  ? __pfx___might_resched+0x10/0x10
[  441.374584][ T9081]  ? fs_reclaim_acquire+0x7d/0x100
[  441.374613][ T9081]  should_fail_ex+0x414/0x560
[  441.374641][ T9081]  should_failslab+0xa8/0x100
[  441.374666][ T9081]  __kmalloc_noprof+0xcb/0x4f0
[  441.374686][ T9081]  ? kfree+0x4d/0x440
[  441.374712][ T9081]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  441.374746][ T9081]  tomoyo_realpath_from_path+0xe3/0x5d0
[  441.374775][ T9081]  ? tomoyo_domain+0xda/0x130
[  441.374808][ T9081]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  441.374830][ T9081]  tomoyo_path_number_perm+0x1e8/0x5a0
[  441.374856][ T9081]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  441.374899][ T9081]  ? __lock_acquire+0xab9/0xd20
[  441.374944][ T9081]  ? __fget_files+0x2a/0x420
[  441.374970][ T9081]  ? __fget_files+0x2a/0x420
[  441.374991][ T9081]  ? __fget_files+0x3a0/0x420
[  441.375011][ T9081]  ? __fget_files+0x2a/0x420
[  441.375039][ T9081]  security_file_ioctl+0xcb/0x2d0
[  441.375066][ T9081]  __se_sys_ioctl+0x47/0x170
[  441.375099][ T9081]  do_syscall_64+0xfa/0x3b0
[  441.375119][ T9081]  ? lockdep_hardirqs_on+0x9c/0x150
[  441.375141][ T9081]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.375160][ T9081]  ? clear_bhb_loop+0x60/0xb0
[  441.375194][ T9081]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.375213][ T9081] RIP: 0033:0x7fef4dd8eb69
[  441.375232][ T9081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  441.375249][ T9081] RSP: 002b:00007fef4ec46038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  441.375272][ T9081] RAX: ffffffffffffffda RBX: 00007fef4dfb6080 RCX: 00007fef4dd8eb69
[  441.375287][ T9081] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  441.375300][ T9081] RBP: 00007fef4ec46090 R08: 0000000000000000 R09: 0000000000000000
[  441.375313][ T9081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  441.375325][ T9081] R13: 0000000000000001 R14: 00007fef4dfb6080 R15: 00007fff63e9c248
[  441.375359][ T9081]  </TASK>
[  441.375368][ T9081] ERROR: Out of memory at tomoyo_realpath_from_path.
[  443.344447][ T5851] Bluetooth: hci0: connection err: -111
[  443.720784][ T9093] tty tty28: ldisc open failed (-12), clearing slot 27
[  445.579335][ T9101] netlink: 8 bytes leftover after parsing attributes in process `syz.4.761'.
[  446.021683][ T9101] netlink: 4 bytes leftover after parsing attributes in process `syz.4.761'.
[  446.313398][ T9124] dlm: non-version read from control device 0
[  447.352067][   T43] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  448.121901][   T43] usb 5-1: Using ep0 maxpacket: 8
[  448.203078][   T43] usb 5-1: config index 0 descriptor too short (expected 28277, got 36)
[  448.232148][   T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  448.296122][   T43] usb 5-1: config 0 has no interfaces?
[  448.351981][   T43] usb 5-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  448.472065][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.524141][ T9144] netlink: 'syz.1.771': attribute type 13 has an invalid length.
[  448.532067][ T9144] netlink: 'syz.1.771': attribute type 17 has an invalid length.
[  448.555531][   T43] usb 5-1: config 0 descriptor??
[  448.568896][ T9144] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  448.844808][ T9132] fuse: Bad value for 'group_id'
[  448.857139][ T9132] fuse: Bad value for 'group_id'
[  450.975734][ T9161] netlink: 12 bytes leftover after parsing attributes in process `syz.2.777'.
[  451.423000][ T9169] netlink: 8 bytes leftover after parsing attributes in process `syz.1.778'.
[  451.433948][ T9169] netlink: 4 bytes leftover after parsing attributes in process `syz.1.778'.
[  451.471973][   T43] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  451.968353][ T1541] usb 5-1: USB disconnect, device number 15
[  452.032089][   T43] usb 4-1: Using ep0 maxpacket: 8
[  452.107783][   T43] usb 4-1: config index 0 descriptor too short (expected 28277, got 36)
[  452.182525][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  452.367495][   T43] usb 4-1: config 0 has no interfaces?
[  453.151957][   T43] usb 4-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  453.161179][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.173559][   T43] usb 4-1: config 0 descriptor??
[  453.543473][ T9188] dlm: non-version read from control device 0
[  454.470010][ T9194] netlink: 8 bytes leftover after parsing attributes in process `syz.0.784'.
[  456.888412][ T9216] FAULT_INJECTION: forcing a failure.
[  456.888412][ T9216] name failslab, interval 1, probability 0, space 0, times 0
[  456.905266][ T6092] usb 4-1: USB disconnect, device number 13
[  456.915902][ T9216] CPU: 0 UID: 0 PID: 9216 Comm: syz.4.790 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  456.915932][ T9216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  456.915944][ T9216] Call Trace:
[  456.915952][ T9216]  <TASK>
[  456.915962][ T9216]  dump_stack_lvl+0x189/0x250
[  456.916001][ T9216]  ? __pfx____ratelimit+0x10/0x10
[  456.916024][ T9216]  ? __pfx_dump_stack_lvl+0x10/0x10
[  456.916048][ T9216]  ? __pfx__printk+0x10/0x10
[  456.916082][ T9216]  ? __pfx___might_resched+0x10/0x10
[  456.916105][ T9216]  ? fs_reclaim_acquire+0x7d/0x100
[  456.916136][ T9216]  should_fail_ex+0x414/0x560
[  456.916166][ T9216]  should_failslab+0xa8/0x100
[  456.916191][ T9216]  __kmalloc_noprof+0xcb/0x4f0
[  456.916210][ T9216]  ? kfree+0x4d/0x440
[  456.916236][ T9216]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  456.916269][ T9216]  tomoyo_realpath_from_path+0xe3/0x5d0
[  456.916298][ T9216]  ? tomoyo_domain+0xda/0x130
[  456.916332][ T9216]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  456.916354][ T9216]  tomoyo_path_number_perm+0x1e8/0x5a0
[  456.916379][ T9216]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  456.916421][ T9216]  ? __lock_acquire+0xab9/0xd20
[  456.916466][ T9216]  ? __fget_files+0x2a/0x420
[  456.916493][ T9216]  ? __fget_files+0x2a/0x420
[  456.916514][ T9216]  ? __fget_files+0x3a0/0x420
[  456.916534][ T9216]  ? __fget_files+0x2a/0x420
[  456.916562][ T9216]  security_file_ioctl+0xcb/0x2d0
[  456.916589][ T9216]  __se_sys_ioctl+0x47/0x170
[  456.916623][ T9216]  do_syscall_64+0xfa/0x3b0
[  456.916644][ T9216]  ? lockdep_hardirqs_on+0x9c/0x150
[  456.916666][ T9216]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.916686][ T9216]  ? clear_bhb_loop+0x60/0xb0
[  456.916712][ T9216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.916730][ T9216] RIP: 0033:0x7fae4818eb69
[  456.916749][ T9216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  456.916766][ T9216] RSP: 002b:00007fae4900e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  456.916789][ T9216] RAX: ffffffffffffffda RBX: 00007fae483b5fa0 RCX: 00007fae4818eb69
[  456.916803][ T9216] RDX: 0000200000000040 RSI: 00000000c040565f RDI: 0000000000000003
[  456.916822][ T9216] RBP: 00007fae4900e090 R08: 0000000000000000 R09: 0000000000000000
[  456.916835][ T9216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  456.916847][ T9216] R13: 0000000000000000 R14: 00007fae483b5fa0 R15: 00007ffd771fe768
[  456.916882][ T9216]  </TASK>
[  456.918114][ T9216] ERROR: Out of memory at tomoyo_realpath_from_path.
[  460.275219][ T9239] lo speed is unknown, defaulting to 1000
[  460.281639][ T9239] lo speed is unknown, defaulting to 1000
[  461.000316][ T9239] lo speed is unknown, defaulting to 1000
[  461.013385][ T9239] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  461.034202][ T9239] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  461.086180][ T9239] lo speed is unknown, defaulting to 1000
[  461.093744][ T9239] lo speed is unknown, defaulting to 1000
[  461.100657][ T9239] lo speed is unknown, defaulting to 1000
[  461.107762][ T9239] lo speed is unknown, defaulting to 1000
[  461.124202][ T9239] lo speed is unknown, defaulting to 1000
[  462.111894][   T43] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  463.719153][ T9273] netlink: 12 bytes leftover after parsing attributes in process `syz.1.807'.
[  464.870000][ T9282] netlink: 3 bytes leftover after parsing attributes in process `syz.0.808'.
[  465.105064][ T9282] batadv1: entered promiscuous mode
[  465.110366][ T9282] batadv1: entered allmulticast mode
[  465.201234][ T9288] FAULT_INJECTION: forcing a failure.
[  465.201234][ T9288] name failslab, interval 1, probability 0, space 0, times 0
[  465.215920][ T9288] CPU: 0 UID: 0 PID: 9288 Comm: syz.1.810 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  465.215941][ T9288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  465.215950][ T9288] Call Trace:
[  465.215955][ T9288]  <TASK>
[  465.215961][ T9288]  dump_stack_lvl+0x189/0x250
[  465.215981][ T9288]  ? __pfx____ratelimit+0x10/0x10
[  465.215995][ T9288]  ? __pfx_dump_stack_lvl+0x10/0x10
[  465.216009][ T9288]  ? __pfx__printk+0x10/0x10
[  465.216034][ T9288]  ? __pfx___might_resched+0x10/0x10
[  465.216048][ T9288]  ? fs_reclaim_acquire+0x7d/0x100
[  465.216067][ T9288]  should_fail_ex+0x414/0x560
[  465.216092][ T9288]  should_failslab+0xa8/0x100
[  465.216117][ T9288]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  465.216137][ T9288]  ? __alloc_skb+0x112/0x2d0
[  465.216170][ T9288]  __alloc_skb+0x112/0x2d0
[  465.216200][ T9288]  tcp_send_active_reset+0x8c/0x6d0
[  465.216228][ T9288]  __tcp_close+0x432/0xde0
[  465.216266][ T9288]  tcp_close+0x28/0x110
[  465.216291][ T9288]  inet_release+0x141/0x190
[  465.216310][ T9288]  sock_close+0xc3/0x240
[  465.216324][ T9288]  ? __pfx_sock_close+0x10/0x10
[  465.216337][ T9288]  __fput+0x449/0xa70
[  465.216360][ T9288]  fput_close_sync+0x119/0x200
[  465.216377][ T9288]  ? __pfx_fput_close_sync+0x10/0x10
[  465.216401][ T9288]  __x64_sys_close+0x7f/0x110
[  465.216418][ T9288]  do_syscall_64+0xfa/0x3b0
[  465.216431][ T9288]  ? lockdep_hardirqs_on+0x9c/0x150
[  465.216443][ T9288]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.216455][ T9288]  ? clear_bhb_loop+0x60/0xb0
[  465.216470][ T9288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.216481][ T9288] RIP: 0033:0x7ff15358eb69
[  465.216494][ T9288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  465.216505][ T9288] RSP: 002b:00007ff15444b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  465.216519][ T9288] RAX: ffffffffffffffda RBX: 00007ff1537b5fa0 RCX: 00007ff15358eb69
[  465.216528][ T9288] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  465.216535][ T9288] RBP: 00007ff15444b090 R08: 0000000000000000 R09: 0000000000000000
[  465.216543][ T9288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  465.216550][ T9288] R13: 0000000000000000 R14: 00007ff1537b5fa0 R15: 00007ffe73127598
[  465.216570][ T9288]  </TASK>
[  465.448109][ T9285] netlink: 72 bytes leftover after parsing attributes in process `syz.0.808'.
[  465.457113][ T9285] tc_dump_action: action bad kind
[  466.937798][ T9307] FAULT_INJECTION: forcing a failure.
[  466.937798][ T9307] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  467.022089][ T9307] CPU: 0 UID: 0 PID: 9307 Comm: syz.2.815 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  467.022122][ T9307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  467.022134][ T9307] Call Trace:
[  467.022144][ T9307]  <TASK>
[  467.022153][ T9307]  dump_stack_lvl+0x189/0x250
[  467.022183][ T9307]  ? __pfx____ratelimit+0x10/0x10
[  467.022205][ T9307]  ? __pfx_dump_stack_lvl+0x10/0x10
[  467.022229][ T9307]  ? __pfx__printk+0x10/0x10
[  467.022272][ T9307]  should_fail_ex+0x414/0x560
[  467.022300][ T9307]  strncpy_from_user+0x36/0x290
[  467.022337][ T9307]  do_tcp_setsockopt+0x157/0x1f10
[  467.022375][ T9307]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  467.022415][ T9307]  ? __fget_files+0x2a/0x420
[  467.022444][ T9307]  ? sock_common_setsockopt+0x36/0xc0
[  467.022468][ T9307]  ? tcp_setsockopt+0x3d/0xe0
[  467.022493][ T9307]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  467.022522][ T9307]  do_sock_setsockopt+0x179/0x1b0
[  467.022558][ T9307]  __x64_sys_setsockopt+0x13f/0x1b0
[  467.022594][ T9307]  do_syscall_64+0xfa/0x3b0
[  467.022616][ T9307]  ? lockdep_hardirqs_on+0x9c/0x150
[  467.022638][ T9307]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.022658][ T9307]  ? clear_bhb_loop+0x60/0xb0
[  467.022685][ T9307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.022706][ T9307] RIP: 0033:0x7f992478eb69
[  467.022725][ T9307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  467.022743][ T9307] RSP: 002b:00007f992566c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  467.022776][ T9307] RAX: ffffffffffffffda RBX: 00007f99249b6080 RCX: 00007f992478eb69
[  467.022791][ T9307] RDX: 000000000000000d RSI: 0000000000000006 RDI: 0000000000000003
[  467.022803][ T9307] RBP: 00007f992566c090 R08: 0000000000000005 R09: 0000000000000000
[  467.022817][ T9307] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  467.022830][ T9307] R13: 0000000000000000 R14: 00007f99249b6080 R15: 00007ffe0196dec8
[  467.022861][ T9307]  </TASK>
[  468.212810][ T9321] netlink: 8 bytes leftover after parsing attributes in process `syz.2.820'.
[  468.281201][ T9321] netlink: 4 bytes leftover after parsing attributes in process `syz.2.820'.
[  469.275480][ T9333] netlink: 108 bytes leftover after parsing attributes in process `syz.4.822'.
[  469.285148][ T9333] netlink: 108 bytes leftover after parsing attributes in process `syz.4.822'.
[  469.294684][ T9333] netlink: 108 bytes leftover after parsing attributes in process `syz.4.822'.
[  470.528554][ T9341] dlm: non-version read from control device 0
[  471.424250][ T6092] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  471.622092][ T6092] usb 1-1: Using ep0 maxpacket: 8
[  471.643874][ T6092] usb 1-1: config index 0 descriptor too short (expected 28277, got 36)
[  471.654740][ T6092] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  471.698574][ T6092] usb 1-1: config 0 has no interfaces?
[  471.720068][ T6092] usb 1-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  471.771953][ T6092] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  471.806078][ T6092] usb 1-1: config 0 descriptor??
[  472.505066][ T9359] netlink: 8 bytes leftover after parsing attributes in process `syz.2.828'.
[  472.515835][ T9359] netlink: 4 bytes leftover after parsing attributes in process `syz.2.828'.
[  473.091642][ T9361] FAULT_INJECTION: forcing a failure.
[  473.091642][ T9361] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  473.105871][ T9361] CPU: 1 UID: 0 PID: 9361 Comm: syz.4.829 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  473.105899][ T9361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  473.105911][ T9361] Call Trace:
[  473.105920][ T9361]  <TASK>
[  473.105929][ T9361]  dump_stack_lvl+0x189/0x250
[  473.105960][ T9361]  ? __pfx____ratelimit+0x10/0x10
[  473.105984][ T9361]  ? __pfx_dump_stack_lvl+0x10/0x10
[  473.106008][ T9361]  ? __pfx__printk+0x10/0x10
[  473.106032][ T9361]  ? __might_fault+0xb0/0x130
[  473.106068][ T9361]  should_fail_ex+0x414/0x560
[  473.106096][ T9361]  _copy_from_user+0x2d/0xb0
[  473.106127][ T9361]  do_sock_getsockopt+0x17d/0x450
[  473.106163][ T9361]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  473.106194][ T9361]  ? do_syscall_64+0x20/0x3b0
[  473.106217][ T9361]  ? __fget_files+0x3a0/0x420
[  473.106241][ T9361]  ? __fget_files+0x2a/0x420
[  473.106273][ T9361]  __x64_sys_getsockopt+0x1a5/0x250
[  473.106309][ T9361]  ? do_syscall_64+0x20/0x3b0
[  473.106333][ T9361]  ? do_syscall_64+0x20/0x3b0
[  473.106361][ T9361]  do_syscall_64+0xfa/0x3b0
[  473.106383][ T9361]  ? lockdep_hardirqs_on+0x9c/0x150
[  473.106404][ T9361]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.106425][ T9361]  ? clear_bhb_loop+0x60/0xb0
[  473.106451][ T9361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.106472][ T9361] RIP: 0033:0x7fae4818eb69
[  473.106491][ T9361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  473.106510][ T9361] RSP: 002b:00007fae4900e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  473.106532][ T9361] RAX: ffffffffffffffda RBX: 00007fae483b5fa0 RCX: 00007fae4818eb69
[  473.106548][ T9361] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000003
[  473.106560][ T9361] RBP: 00007fae4900e090 R08: 0000200000000180 R09: 0000000000000000
[  473.106575][ T9361] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[  473.106589][ T9361] R13: 0000000000000000 R14: 00007fae483b5fa0 R15: 00007ffd771fe768
[  473.106622][ T9361]  </TASK>
[  475.208118][ T9377] netlink: 8 bytes leftover after parsing attributes in process `syz.3.834'.
[  475.667070][ T9377] netlink: 4 bytes leftover after parsing attributes in process `syz.3.834'.
[  475.844840][ T6092] usb 1-1: USB disconnect, device number 19
[  477.827843][ T9408] dlm: non-version read from control device 0
[  478.520556][ T6092] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  478.577685][ T6092] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  481.861686][ T9455] netlink: 8 bytes leftover after parsing attributes in process `syz.0.851'.
[  481.903348][ T9455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.851'.
[  482.663190][ T9466] netlink: 12 bytes leftover after parsing attributes in process `syz.4.854'.
[  485.356176][ T9483] dlm: non-version read from control device 0
[  489.033262][ T9512] netlink: 3 bytes leftover after parsing attributes in process `syz.3.869'.
[  489.229770][ T9512] batadv1: entered promiscuous mode
[  489.237217][ T9512] batadv1: entered allmulticast mode
[  489.366059][ T9514] netlink: 72 bytes leftover after parsing attributes in process `syz.3.869'.
[  489.586357][ T9514] tc_dump_action: action bad kind
[  490.507581][   T13] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1
[  491.271430][ T9526] tipc: Started in network mode
[  491.295963][ T9526] tipc: Node identity 5e84525c90e7, cluster identity 4711
[  491.345309][ T9526] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  492.468419][ T6092] tipc: Node number set to 3462615644
[  492.551992][ T9558] netlink: 'syz.1.879': attribute type 13 has an invalid length.
[  492.582678][ T9558] netlink: 'syz.1.879': attribute type 17 has an invalid length.
[  492.694088][ T9558] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  492.792944][ T9516] tipc: Disabling bearer <eth:syzkaller0>
[  493.199497][ T9569] netlink: 12 bytes leftover after parsing attributes in process `syz.0.880'.
[  496.532223][ T9585] usb usb8: usbfs: process 9585 (syz.4.885) did not claim interface 0 before use
[  501.683296][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  501.690004][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  502.660363][ T5851] Bluetooth: hci1: connection err: -111
[  506.392872][ T7599] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  506.407151][ T9643] netlink: 'syz.1.900': attribute type 13 has an invalid length.
[  506.442275][ T7599] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  506.460206][ T9643] netlink: 'syz.1.900': attribute type 17 has an invalid length.
[  506.585531][ T9643] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  509.406393][ T9670] dlm: non-version read from control device 0
[  510.106374][ T9684] netlink: 12 bytes leftover after parsing attributes in process `syz.1.908'.
[  513.342109][ T9709] syz_tun: entered allmulticast mode
[  513.402084][ T9707] syz_tun: left allmulticast mode
[  513.418375][ T9713] netlink: 'syz.4.915': attribute type 13 has an invalid length.
[  513.468321][ T9713] netlink: 'syz.4.915': attribute type 17 has an invalid length.
[  513.540347][ T9713] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  514.035956][ T9720] binder: 9714:9720 ioctl c0306201 200000000080 returned -14
[  515.338106][ T9734] netlink: 'syz.4.921': attribute type 13 has an invalid length.
[  515.352276][ T9734] netlink: 'syz.4.921': attribute type 17 has an invalid length.
[  515.584568][ T9734] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  516.907600][ T9758] usb usb8: usbfs: process 9758 (syz.1.930) did not claim interface 0 before use
[  516.998919][ T9762] netlink: 'syz.2.928': attribute type 13 has an invalid length.
[  517.007662][ T9762] netlink: 'syz.2.928': attribute type 17 has an invalid length.
[  517.075429][ T9762] 8021q: adding VLAN 0 to HW filter on device bond0
[  517.084177][ T9762] 8021q: adding VLAN 0 to HW filter on device team0
[  517.172161][ T9762] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  517.207403][   T43] lo speed is unknown, defaulting to 1000
[  517.218689][   T43] syz0: Port: 1 Link ACTIVE
[  519.300723][ T9779] netlink: 28 bytes leftover after parsing attributes in process `syz.0.933'.
[  519.311512][ T9779] netlink: 28 bytes leftover after parsing attributes in process `syz.0.933'.
[  519.367940][ T9779] team0: entered promiscuous mode
[  519.406789][ T9779] team_slave_0: entered promiscuous mode
[  519.439181][ T9779] team_slave_1: entered promiscuous mode
[  519.484532][ T9779] bond0: entered promiscuous mode
[  519.502621][ T9779] bond_slave_0: entered promiscuous mode
[  519.508556][ T9779] bond_slave_1: entered promiscuous mode
[  519.557871][ T9779] hsr1: Slave A (team0) is not up; please bring it up to get a fully working HSR network
[  519.739116][ T9779] 8021q: adding VLAN 0 to HW filter on device hsr1
[  521.042054][ T9171] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  521.721974][ T9171] usb 5-1: Using ep0 maxpacket: 32
[  521.809207][   T59] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 0
[  521.821700][ T9171] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  521.831113][ T9171] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  521.842285][ T9171] usb 5-1: Product: syz
[  521.846465][ T9171] usb 5-1: Manufacturer: syz
[  521.851256][ T9171] usb 5-1: SerialNumber: syz
[  521.893579][ T9171] usb 5-1: config 0 descriptor??
[  521.901472][   T59] Bluetooth: hci5: Frame reassembly failed (-84)
[  522.118225][ T9788] netlink: 12 bytes leftover after parsing attributes in process `syz.4.938'.
[  522.127833][ T9788] 8021q: VLANs not supported on caif0
[  522.138033][ T9171] airspy 5-1:0.0: usb_control_msg() failed -71 request 09
[  522.145453][ T9171] airspy 5-1:0.0: Could not detect board
[  522.189277][ T9171] airspy 5-1:0.0: probe with driver airspy failed with error -71
[  522.233616][ T9171] usb 5-1: USB disconnect, device number 16
[  523.686655][ T9807] FAULT_INJECTION: forcing a failure.
[  523.686655][ T9807] name failslab, interval 1, probability 0, space 0, times 0
[  523.699487][ T9807] CPU: 1 UID: 0 PID: 9807 Comm: syz.2.942 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  523.699513][ T9807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  523.699526][ T9807] Call Trace:
[  523.699535][ T9807]  <TASK>
[  523.699544][ T9807]  dump_stack_lvl+0x189/0x250
[  523.699572][ T9807]  ? __pfx____ratelimit+0x10/0x10
[  523.699595][ T9807]  ? __pfx_dump_stack_lvl+0x10/0x10
[  523.699618][ T9807]  ? __pfx__printk+0x10/0x10
[  523.699652][ T9807]  ? __pfx___might_resched+0x10/0x10
[  523.699673][ T9807]  ? fs_reclaim_acquire+0x7d/0x100
[  523.699704][ T9807]  should_fail_ex+0x414/0x560
[  523.699731][ T9807]  should_failslab+0xa8/0x100
[  523.699756][ T9807]  kmem_cache_alloc_noprof+0x73/0x3c0
[  523.699776][ T9807]  ? getname_flags+0xb8/0x540
[  523.699805][ T9807]  getname_flags+0xb8/0x540
[  523.699834][ T9807]  do_sys_openat2+0xbc/0x1c0
[  523.699864][ T9807]  ? __pfx_do_sys_openat2+0x10/0x10
[  523.699888][ T9807]  ? irqentry_exit+0x74/0x90
[  523.699926][ T9807]  __x64_sys_openat+0x138/0x170
[  523.699959][ T9807]  do_syscall_64+0xfa/0x3b0
[  523.699983][ T9807]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.700002][ T9807]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  523.700021][ T9807]  ? clear_bhb_loop+0x60/0xb0
[  523.700046][ T9807]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.700066][ T9807] RIP: 0033:0x7f992478d4d0
[  523.700084][ T9807] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  523.700102][ T9807] RSP: 002b:00007f992564af10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  523.700124][ T9807] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f992478d4d0
[  523.700138][ T9807] RDX: 0000000000000002 RSI: 00007f992564afa0 RDI: 00000000ffffff9c
[  523.700151][ T9807] RBP: 00007f992564afa0 R08: 0000000000000000 R09: 0000000000000000
[  523.700164][ T9807] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  523.700175][ T9807] R13: 0000000000000000 R14: 00007f99249b6160 R15: 00007ffe0196dec8
[  523.700208][ T9807]  </TASK>
[  523.902855][    C1] vkms_vblank_simulate: vblank timer overrun
[  523.911406][ T9799] Bluetooth: hci5: command 0x1003 tx timeout
[  524.014096][ T5851] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  526.423315][ T9823] FAULT_INJECTION: forcing a failure.
[  526.423315][ T9823] name failslab, interval 1, probability 0, space 0, times 0
[  526.445965][ T9823] CPU: 0 UID: 0 PID: 9823 Comm: syz.2.947 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  526.445998][ T9823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  526.446010][ T9823] Call Trace:
[  526.446019][ T9823]  <TASK>
[  526.446028][ T9823]  dump_stack_lvl+0x189/0x250
[  526.446066][ T9823]  ? __pfx____ratelimit+0x10/0x10
[  526.446089][ T9823]  ? __pfx_dump_stack_lvl+0x10/0x10
[  526.446111][ T9823]  ? __pfx__printk+0x10/0x10
[  526.446145][ T9823]  ? __pfx___might_resched+0x10/0x10
[  526.446166][ T9823]  ? fs_reclaim_acquire+0x7d/0x100
[  526.446196][ T9823]  should_fail_ex+0x414/0x560
[  526.446224][ T9823]  should_failslab+0xa8/0x100
[  526.446249][ T9823]  __kmalloc_noprof+0xcb/0x4f0
[  526.446266][ T9823]  ? kfree+0x4d/0x440
[  526.446291][ T9823]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  526.446323][ T9823]  tomoyo_realpath_from_path+0xe3/0x5d0
[  526.446351][ T9823]  ? tomoyo_domain+0xda/0x130
[  526.446382][ T9823]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  526.446403][ T9823]  tomoyo_path_number_perm+0x1e8/0x5a0
[  526.446429][ T9823]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  526.446470][ T9823]  ? __lock_acquire+0xab9/0xd20
[  526.446513][ T9823]  ? __fget_files+0x2a/0x420
[  526.446539][ T9823]  ? __fget_files+0x2a/0x420
[  526.446559][ T9823]  ? __fget_files+0x3a0/0x420
[  526.446579][ T9823]  ? __fget_files+0x2a/0x420
[  526.446606][ T9823]  security_file_ioctl+0xcb/0x2d0
[  526.446632][ T9823]  __se_sys_ioctl+0x47/0x170
[  526.446664][ T9823]  do_syscall_64+0xfa/0x3b0
[  526.446685][ T9823]  ? lockdep_hardirqs_on+0x9c/0x150
[  526.446706][ T9823]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  526.446726][ T9823]  ? clear_bhb_loop+0x60/0xb0
[  526.446751][ T9823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  526.446771][ T9823] RIP: 0033:0x7f992478eb69
[  526.446789][ T9823] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  526.446807][ T9823] RSP: 002b:00007f992568d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  526.446830][ T9823] RAX: ffffffffffffffda RBX: 00007f99249b5fa0 RCX: 00007f992478eb69
[  526.446844][ T9823] RDX: 00002000000003c0 RSI: 00000000c0e85667 RDI: 0000000000000003
[  526.446858][ T9823] RBP: 00007f992568d090 R08: 0000000000000000 R09: 0000000000000000
[  526.446870][ T9823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  526.446881][ T9823] R13: 0000000000000000 R14: 00007f99249b5fa0 R15: 00007ffe0196dec8
[  526.446915][ T9823]  </TASK>
[  526.448299][ T9823] ERROR: Out of memory at tomoyo_realpath_from_path.
[  527.766987][ T9836] FAULT_INJECTION: forcing a failure.
[  527.766987][ T9836] name failslab, interval 1, probability 0, space 0, times 0
[  527.841989][ T9836] CPU: 0 UID: 0 PID: 9836 Comm: syz.2.949 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  527.842031][ T9836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  527.842044][ T9836] Call Trace:
[  527.842053][ T9836]  <TASK>
[  527.842067][ T9836]  dump_stack_lvl+0x189/0x250
[  527.842096][ T9836]  ? __pfx____ratelimit+0x10/0x10
[  527.842120][ T9836]  ? __pfx_dump_stack_lvl+0x10/0x10
[  527.842144][ T9836]  ? __pfx__printk+0x10/0x10
[  527.842177][ T9836]  ? __pfx___might_resched+0x10/0x10
[  527.842207][ T9836]  should_fail_ex+0x414/0x560
[  527.842236][ T9836]  should_failslab+0xa8/0x100
[  527.842260][ T9836]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  527.842282][ T9836]  ? __alloc_skb+0x112/0x2d0
[  527.842308][ T9836]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  527.842335][ T9836]  __alloc_skb+0x112/0x2d0
[  527.842369][ T9836]  kcm_sendmsg+0x25ea/0x2a70
[  527.842393][ T9836]  ? bpf_bprintf_cleanup+0x9f/0xd0
[  527.842431][ T9836]  ? smack_socket_sendmsg+0x1a7/0x520
[  527.842461][ T9836]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[  527.842495][ T9836]  ? __might_fault+0xb0/0x130
[  527.842517][ T9836]  ? _parse_integer_limit+0x1ae/0x1f0
[  527.842546][ T9836]  ? __pfx_kcm_sendmsg+0x10/0x10
[  527.842568][ T9836]  ? __lock_acquire+0xab9/0xd20
[  527.842591][ T9836]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  527.842612][ T9836]  ? __pfx_kcm_sendmsg+0x10/0x10
[  527.842633][ T9836]  __sock_sendmsg+0x21c/0x270
[  527.842661][ T9836]  sock_write_iter+0x258/0x330
[  527.842687][ T9836]  ? __pfx_sock_write_iter+0x10/0x10
[  527.842724][ T9836]  ? bpf_lsm_file_permission+0x9/0x20
[  527.842745][ T9836]  ? security_file_permission+0x75/0x290
[  527.842778][ T9836]  vfs_write+0x54b/0xa90
[  527.842806][ T9836]  ? __pfx_sock_write_iter+0x10/0x10
[  527.842828][ T9836]  ? __pfx_vfs_write+0x10/0x10
[  527.842861][ T9836]  ? __fget_files+0x2a/0x420
[  527.842896][ T9836]  ksys_write+0x145/0x250
[  527.842918][ T9836]  ? __pfx_ksys_write+0x10/0x10
[  527.842933][ T9836]  ? rcu_is_watching+0x15/0xb0
[  527.842963][ T9836]  ? do_syscall_64+0xbe/0x3b0
[  527.842990][ T9836]  do_syscall_64+0xfa/0x3b0
[  527.843020][ T9836]  ? lockdep_hardirqs_on+0x9c/0x150
[  527.843042][ T9836]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  527.843062][ T9836]  ? clear_bhb_loop+0x60/0xb0
[  527.843086][ T9836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  527.843106][ T9836] RIP: 0033:0x7f992478eb69
[  527.843127][ T9836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  527.843144][ T9836] RSP: 002b:00007f992564b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  527.843165][ T9836] RAX: ffffffffffffffda RBX: 00007f99249b6160 RCX: 00007f992478eb69
[  527.843179][ T9836] RDX: 00000000fffffdef RSI: 0000200000000140 RDI: 0000000000000006
[  527.843193][ T9836] RBP: 00007f992564b090 R08: 0000000000000000 R09: 0000000000000000
[  527.843206][ T9836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  527.843218][ T9836] R13: 0000000000000000 R14: 00007f99249b6160 R15: 00007ffe0196dec8
[  527.843252][ T9836]  </TASK>
[  530.768608][ T6092] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  531.098290][ T6092] usb 4-1: Using ep0 maxpacket: 32
[  532.480194][ T6092] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  532.489592][ T6092] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.497728][ T6092] usb 4-1: Product: syz
[  532.502095][ T6092] usb 4-1: Manufacturer: syz
[  532.506694][ T6092] usb 4-1: SerialNumber: syz
[  532.682937][ T6092] usb 4-1: config 0 descriptor??
[  532.898652][ T9850] netlink: 12 bytes leftover after parsing attributes in process `syz.3.954'.
[  532.907862][ T9850] 8021q: VLANs not supported on caif0
[  532.922144][ T6092] airspy 4-1:0.0: usb_control_msg() failed -71 request 09
[  532.931269][ T6092] airspy 4-1:0.0: Could not detect board
[  532.962129][ T6092] airspy 4-1:0.0: probe with driver airspy failed with error -71
[  533.026068][ T6092] usb 4-1: USB disconnect, device number 14
[  533.728019][ T9874] netlink: 'syz.0.957': attribute type 13 has an invalid length.
[  533.774434][ T9870] netlink: 8 bytes leftover after parsing attributes in process `syz.4.959'.
[  533.783920][ T9870] netlink: 4 bytes leftover after parsing attributes in process `syz.4.959'.
[  534.048114][ T9874] netlink: 'syz.0.957': attribute type 17 has an invalid length.
[  534.130998][ T9874] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  534.355467][ T9888] FAULT_INJECTION: forcing a failure.
[  534.355467][ T9888] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  534.368667][ T9888] CPU: 1 UID: 0 PID: 9888 Comm: syz.1.963 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  534.368695][ T9888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  534.368706][ T9888] Call Trace:
[  534.368717][ T9888]  <TASK>
[  534.368727][ T9888]  dump_stack_lvl+0x189/0x250
[  534.368755][ T9888]  ? __pfx____ratelimit+0x10/0x10
[  534.368778][ T9888]  ? __pfx_dump_stack_lvl+0x10/0x10
[  534.368802][ T9888]  ? __pfx__printk+0x10/0x10
[  534.368828][ T9888]  ? __might_fault+0xb0/0x130
[  534.368863][ T9888]  should_fail_ex+0x414/0x560
[  534.368891][ T9888]  _copy_from_user+0x2d/0xb0
[  534.368921][ T9888]  ___sys_sendmsg+0x158/0x2a0
[  534.368955][ T9888]  ? __pfx____sys_sendmsg+0x10/0x10
[  534.369029][ T9888]  ? __fget_files+0x2a/0x420
[  534.369052][ T9888]  ? __fget_files+0x3a0/0x420
[  534.369085][ T9888]  __x64_sys_sendmsg+0x19b/0x260
[  534.369120][ T9888]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  534.369162][ T9888]  ? __pfx_ksys_write+0x10/0x10
[  534.369189][ T9888]  ? rcu_is_watching+0x15/0xb0
[  534.369217][ T9888]  ? do_syscall_64+0xbe/0x3b0
[  534.369244][ T9888]  do_syscall_64+0xfa/0x3b0
[  534.369268][ T9888]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  534.369288][ T9888]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  534.369307][ T9888]  ? clear_bhb_loop+0x60/0xb0
[  534.369333][ T9888]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  534.369353][ T9888] RIP: 0033:0x7ff15358eb69
[  534.369371][ T9888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  534.369389][ T9888] RSP: 002b:00007ff15442a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  534.369411][ T9888] RAX: ffffffffffffffda RBX: 00007ff1537b6080 RCX: 00007ff15358eb69
[  534.369426][ T9888] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000006
[  534.369439][ T9888] RBP: 00007ff15442a090 R08: 0000000000000000 R09: 0000000000000000
[  534.369452][ T9888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  534.369465][ T9888] R13: 0000000000000000 R14: 00007ff1537b6080 R15: 00007ffe73127598
[  534.369498][ T9888]  </TASK>
[  535.318740][ T9891] netlink: 72 bytes leftover after parsing attributes in process `syz.3.966'.
[  535.329277][ T9891] tc_dump_action: action bad kind
[  535.534484][ T9171] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  535.766227][ T9171] usb 3-1: Using ep0 maxpacket: 16
[  535.783093][ T9171] usb 3-1: config 0 has an invalid interface number: 32 but max is 0
[  536.209161][ T9171] usb 3-1: config 0 has no interface number 0
[  536.718770][ T9171] usb 3-1: config 0 interface 32 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 64
[  536.732409][ T9171] usb 3-1: New USB device found, idVendor=1943, idProduct=2255, bcdDevice=15.e8
[  536.743845][ T9171] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  536.792312][ T9171] usb 3-1: Product: syz
[  536.801028][ T9171] usb 3-1: Manufacturer: syz
[  536.811860][ T9171] usb 3-1: SerialNumber: syz
[  536.856114][ T9171] usb 3-1: config 0 descriptor??
[  536.897398][ T9885] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  536.911688][ T9171] s2255 3-1:0.32: Could not find bulk-in endpoint
[  536.979962][ T9171] Sensoray 2255 driver load failed: 0xfffffff4
[  537.045102][ T9171] s2255 3-1:0.32: probe with driver s2255 failed with error -12
[  537.168457][ T6094] usb 3-1: USB disconnect, device number 11
[  537.262234][ T6092] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  537.565637][ T6092] usb 4-1: Using ep0 maxpacket: 32
[  537.584644][ T6092] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  537.602178][ T6092] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.622753][ T6092] usb 4-1: Product: syz
[  537.627403][ T6092] usb 4-1: Manufacturer: syz
[  537.636301][ T6092] usb 4-1: SerialNumber: syz
[  537.901955][ T9919] netlink: 8 bytes leftover after parsing attributes in process `syz.0.973'.
[  537.927696][ T6092] usb 4-1: config 0 descriptor??
[  537.928043][ T9919] netlink: 4 bytes leftover after parsing attributes in process `syz.0.973'.
[  539.613612][ T6092] airspy 4-1:0.0: usb_control_msg() failed -110 request 09
[  539.620988][ T6092] airspy 4-1:0.0: Could not detect board
[  539.626865][ T6092] airspy 4-1:0.0: probe with driver airspy failed with error -110
[  539.645452][ T9909] netlink: 12 bytes leftover after parsing attributes in process `syz.3.971'.
[  539.726408][ T9909] 8021q: VLANs not supported on caif0
[  539.854462][ T9171] usb 4-1: USB disconnect, device number 15
[  539.871448][ T9936] netlink: 72 bytes leftover after parsing attributes in process `syz.2.979'.
[  539.887403][ T9936] tc_dump_action: action bad kind
[  540.971981][ T9171] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  541.294824][ T9961] netlink: 20 bytes leftover after parsing attributes in process `syz.1.987'.
[  541.332173][ T9171] usb 1-1: Using ep0 maxpacket: 16
[  542.293329][ T9171] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  542.369964][ T9171] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  542.380779][ T9171] usb 1-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  542.402088][ T9171] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.368000][ T9171] usb 1-1: config 0 descriptor??
[  543.541987][ T9171] usb 1-1: can't set config #0, error -71
[  543.709318][ T9171] usb 1-1: USB disconnect, device number 20
[  544.467819][ T9976] netlink: 72 bytes leftover after parsing attributes in process `syz.3.992'.
[  544.510037][ T9976] tc_dump_action: action bad kind
[  545.161994][ T9171] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  545.321939][ T9171] usb 1-1: device descriptor read/64, error -71
[  545.572163][ T9171] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  545.711917][ T9171] usb 1-1: device descriptor read/64, error -71
[  545.842611][ T9171] usb usb1-port1: attempt power cycle
[  546.008410][T10008] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1000'.
[  546.017759][T10008] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1000'.
[  546.036589][T10008] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  546.045809][T10008] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  546.056229][T10008] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  546.066020][T10008] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  546.075089][T10008] geneve2: entered promiscuous mode
[  546.080377][T10008] geneve2: entered allmulticast mode
[  546.223662][ T9171] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  546.252795][ T9171] usb 1-1: device descriptor read/8, error -71
[  546.512160][ T9171] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  546.554150][ T9171] usb 1-1: device descriptor read/8, error -71
[  546.688532][ T9171] usb usb1-port1: unable to enumerate USB device
[  549.574068][T10035] netlink: 'syz.1.1007': attribute type 13 has an invalid length.
[  549.671346][T10038] FAULT_INJECTION: forcing a failure.
[  549.671346][T10038] name failslab, interval 1, probability 0, space 0, times 0
[  549.684444][T10038] CPU: 0 UID: 0 PID: 10038 Comm: syz.0.1008 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  549.684473][T10038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  549.684485][T10038] Call Trace:
[  549.684494][T10038]  <TASK>
[  549.684504][T10038]  dump_stack_lvl+0x189/0x250
[  549.684534][T10038]  ? __pfx____ratelimit+0x10/0x10
[  549.684557][T10038]  ? __pfx_dump_stack_lvl+0x10/0x10
[  549.684581][T10038]  ? __pfx__printk+0x10/0x10
[  549.684615][T10038]  ? __pfx___might_resched+0x10/0x10
[  549.684638][T10038]  ? fs_reclaim_acquire+0x7d/0x100
[  549.684668][T10038]  should_fail_ex+0x414/0x560
[  549.684697][T10038]  should_failslab+0xa8/0x100
[  549.684721][T10038]  __kmalloc_noprof+0xcb/0x4f0
[  549.684738][T10038]  ? kfree+0x4d/0x440
[  549.684764][T10038]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  549.684798][T10038]  tomoyo_realpath_from_path+0xe3/0x5d0
[  549.684827][T10038]  ? tomoyo_domain+0xda/0x130
[  549.684861][T10038]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  549.684883][T10038]  tomoyo_path_number_perm+0x1e8/0x5a0
[  549.684909][T10038]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  549.684929][T10038]  ? rcu_is_watching+0x15/0xb0
[  549.684953][T10038]  ? trace_sched_exit_tp+0x38/0x120
[  549.684993][T10038]  ? __schedule+0x16c8/0x4c90
[  549.685026][T10038]  ? __lock_acquire+0xab9/0xd20
[  549.685072][T10038]  ? __fget_files+0x2a/0x420
[  549.685099][T10038]  ? __fget_files+0x2a/0x420
[  549.685120][T10038]  ? __fget_files+0x3a0/0x420
[  549.685141][T10038]  ? __fget_files+0x2a/0x420
[  549.685170][T10038]  security_file_ioctl+0xcb/0x2d0
[  549.685196][T10038]  __se_sys_ioctl+0x47/0x170
[  549.685229][T10038]  do_syscall_64+0xfa/0x3b0
[  549.685253][T10038]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.685273][T10038]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  549.685292][T10038]  ? clear_bhb_loop+0x60/0xb0
[  549.685317][T10038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  549.685337][T10038] RIP: 0033:0x7f75dcb8eb69
[  549.685356][T10038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  549.685373][T10038] RSP: 002b:00007f75dd986038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  549.685395][T10038] RAX: ffffffffffffffda RBX: 00007f75dcdb6160 RCX: 00007f75dcb8eb69
[  549.685410][T10038] RDX: 0000200000000000 RSI: 0000000000008b26 RDI: 0000000000000005
[  549.685424][T10038] RBP: 00007f75dd986090 R08: 0000000000000000 R09: 0000000000000000
[  549.685436][T10038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  549.685448][T10038] R13: 0000000000000000 R14: 00007f75dcdb6160 R15: 00007fff1b1fcf18
[  549.685483][T10038]  </TASK>
[  549.685544][T10038] ERROR: Out of memory at tomoyo_realpath_from_path.
[  549.953639][T10038] warning: `syz.0.1008' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  549.965633][T10035] netlink: 'syz.1.1007': attribute type 17 has an invalid length.
[  550.034294][T10035] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  550.574429][T10048] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  550.631473][T10048] FAULT_INJECTION: forcing a failure.
[  550.631473][T10048] name failslab, interval 1, probability 0, space 0, times 0
[  550.670160][T10052] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1012'.
[  550.890357][T10048] CPU: 1 UID: 0 PID: 10048 Comm: syz.0.1014 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  550.890389][T10048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  550.890401][T10048] Call Trace:
[  550.890410][T10048]  <TASK>
[  550.890419][T10048]  dump_stack_lvl+0x189/0x250
[  550.890450][T10048]  ? __pfx____ratelimit+0x10/0x10
[  550.890473][T10048]  ? __pfx_dump_stack_lvl+0x10/0x10
[  550.890496][T10048]  ? __pfx__printk+0x10/0x10
[  550.890528][T10048]  ? fs_reclaim_acquire+0x7d/0x100
[  550.890564][T10048]  should_fail_ex+0x414/0x560
[  550.890592][T10048]  should_failslab+0xa8/0x100
[  550.890617][T10048]  __kmalloc_noprof+0xcb/0x4f0
[  550.890635][T10048]  ? kfree+0x4d/0x440
[  550.890662][T10048]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  550.890695][T10048]  tomoyo_realpath_from_path+0xe3/0x5d0
[  550.890723][T10048]  ? tomoyo_domain+0xda/0x130
[  550.890756][T10048]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  550.890778][T10048]  tomoyo_path_number_perm+0x1e8/0x5a0
[  550.890804][T10048]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  550.890837][T10048]  ? __pfx___schedule+0x10/0x10
[  550.890870][T10048]  ? __lock_acquire+0xab9/0xd20
[  550.890916][T10048]  ? __fget_files+0x2a/0x420
[  550.890943][T10048]  ? __fget_files+0x2a/0x420
[  550.890964][T10048]  ? __fget_files+0x3a0/0x420
[  550.890993][T10048]  ? __fget_files+0x2a/0x420
[  550.891022][T10048]  security_file_ioctl+0xcb/0x2d0
[  550.891049][T10048]  __se_sys_ioctl+0x47/0x170
[  550.891082][T10048]  do_syscall_64+0xfa/0x3b0
[  550.891107][T10048]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.891126][T10048]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  550.891145][T10048]  ? clear_bhb_loop+0x60/0xb0
[  550.891171][T10048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  550.891191][T10048] RIP: 0033:0x7f75dcb8eb69
[  550.891210][T10048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  550.891227][T10048] RSP: 002b:00007f75dd9c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  550.891250][T10048] RAX: ffffffffffffffda RBX: 00007f75dcdb5fa0 RCX: 00007f75dcb8eb69
[  550.891266][T10048] RDX: 0000200000000140 RSI: 0000000000003b8b RDI: 0000000000000003
[  550.891279][T10048] RBP: 00007f75dd9c8090 R08: 0000000000000000 R09: 0000000000000000
[  550.891292][T10048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  550.891304][T10048] R13: 0000000000000000 R14: 00007f75dcdb5fa0 R15: 00007fff1b1fcf18
[  550.891338][T10048]  </TASK>
[  551.269952][T10048] ERROR: Out of memory at tomoyo_realpath_from_path.
[  552.219619][T10068] FAULT_INJECTION: forcing a failure.
[  552.219619][T10068] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  552.252012][T10068] CPU: 0 UID: 0 PID: 10068 Comm: syz.4.1016 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  552.252043][T10068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  552.252055][T10068] Call Trace:
[  552.252063][T10068]  <TASK>
[  552.252073][T10068]  dump_stack_lvl+0x189/0x250
[  552.252102][T10068]  ? __pfx____ratelimit+0x10/0x10
[  552.252125][T10068]  ? __pfx_dump_stack_lvl+0x10/0x10
[  552.252148][T10068]  ? __pfx__printk+0x10/0x10
[  552.252176][T10068]  ? __might_fault+0xb0/0x130
[  552.252211][T10068]  should_fail_ex+0x414/0x560
[  552.252240][T10068]  _copy_from_user+0x2d/0xb0
[  552.252270][T10068]  ___sys_sendmsg+0x158/0x2a0
[  552.252306][T10068]  ? __pfx____sys_sendmsg+0x10/0x10
[  552.252380][T10068]  ? __fget_files+0x2a/0x420
[  552.252403][T10068]  ? __fget_files+0x3a0/0x420
[  552.252439][T10068]  __sys_sendmmsg+0x227/0x430
[  552.252477][T10068]  ? __pfx___sys_sendmmsg+0x10/0x10
[  552.252505][T10068]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  552.252560][T10068]  ? ksys_write+0x22a/0x250
[  552.252584][T10068]  ? __pfx_ksys_write+0x10/0x10
[  552.252601][T10068]  ? rcu_is_watching+0x15/0xb0
[  552.252632][T10068]  __x64_sys_sendmmsg+0xa0/0xc0
[  552.252667][T10068]  do_syscall_64+0xfa/0x3b0
[  552.252688][T10068]  ? lockdep_hardirqs_on+0x9c/0x150
[  552.252709][T10068]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.252739][T10068]  ? clear_bhb_loop+0x60/0xb0
[  552.252765][T10068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.252786][T10068] RIP: 0033:0x7fae4818eb69
[  552.252805][T10068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  552.252824][T10068] RSP: 002b:00007fae48fcc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  552.252847][T10068] RAX: ffffffffffffffda RBX: 00007fae483b6160 RCX: 00007fae4818eb69
[  552.252862][T10068] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000009
[  552.252877][T10068] RBP: 00007fae48fcc090 R08: 0000000000000000 R09: 0000000000000000
[  552.252890][T10068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  552.252902][T10068] R13: 0000000000000000 R14: 00007fae483b6160 R15: 00007ffd771fe768
[  552.252937][T10068]  </TASK>
[  552.477859][    C0] vkms_vblank_simulate: vblank timer overrun
[  552.500063][T10067] kvm: kvm [10064]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  552.522569][T10067] kvm: kvm [10064]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  552.535165][T10067] kvm: kvm [10064]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[  552.552193][T10067] kvm: kvm [10064]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[  555.814342][T10089] netlink: 'syz.0.1021': attribute type 13 has an invalid length.
[  555.841632][T10089] netlink: 'syz.0.1021': attribute type 17 has an invalid length.
[  555.895598][T10089] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  556.198383][T10093] input: syz1 as /devices/virtual/input/input13
[  556.579699][   T43] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  557.137538][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  557.266951][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  557.397838][   T43] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  557.540022][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  557.852428][   T43] usb 1-1: config 0 descriptor??
[  560.594101][   T43] usbhid 1-1:0.0: can't add hid device: -71
[  560.600174][   T43] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  560.677580][T10110] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1029'.
[  560.688723][T10110] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1029'.
[  560.757694][   T43] usb 1-1: USB disconnect, device number 25
[  561.123690][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  561.186091][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.387214][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  561.406746][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.437462][T10115] kvm: kvm [10114]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  561.463752][T10115] kvm: kvm [10114]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  561.477684][T10115] kvm: kvm [10114]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[  561.518891][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  561.540249][T10115] kvm: kvm [10114]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[  561.677669][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.732931][T10122] overlayfs: workdir and upperdir must be separate subtrees
[  561.830014][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  561.974696][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  563.108177][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  563.135559][T10127] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1037'.
[  563.136199][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  563.164604][   T13] bridge_slave_1: left allmulticast mode
[  563.170727][   T13] bridge_slave_1: left promiscuous mode
[  563.179396][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  563.277422][T10137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1039'.
[  563.287673][T10137] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1039'.
[  563.373328][   T13] bridge_slave_0: left allmulticast mode
[  563.443163][   T13] bridge_slave_0: left promiscuous mode
[  563.549161][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  563.936021][T10142] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1040'.
[  564.032487][ T9799] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  564.286796][ T9799] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  564.297415][ T9799] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  564.306707][ T9799] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  564.315028][ T9799] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  565.297882][   T51] Bluetooth: hci0: connection err: -111
[  567.250415][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  567.266603][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  567.282760][   T13] bond0 (unregistering): Released all slaves
[  567.305806][T10140] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1040'.
[  567.317024][T10140] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1040'.
[  567.326218][T10140] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1040'.
[  567.489444][T10166] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1044'.
[  567.531811][T10166] tc_dump_action: action bad kind
[  567.659740][T10146] lo speed is unknown, defaulting to 1000
[  567.682777][T10181] FAULT_INJECTION: forcing a failure.
[  567.682777][T10181] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  567.696352][T10181] CPU: 1 UID: 0 PID: 10181 Comm: syz.0.1045 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  567.696379][T10181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  567.696391][T10181] Call Trace:
[  567.696399][T10181]  <TASK>
[  567.696407][T10181]  dump_stack_lvl+0x189/0x250
[  567.696437][T10181]  ? __pfx____ratelimit+0x10/0x10
[  567.696460][T10181]  ? __pfx_dump_stack_lvl+0x10/0x10
[  567.696482][T10181]  ? __pfx__printk+0x10/0x10
[  567.696508][T10181]  ? __might_fault+0xb0/0x130
[  567.696542][T10181]  should_fail_ex+0x414/0x560
[  567.696571][T10181]  _copy_from_user+0x2d/0xb0
[  567.696600][T10181]  rds_setsockopt+0x468/0xc40
[  567.696633][T10181]  ? __pfx_rds_setsockopt+0x10/0x10
[  567.696674][T10181]  ? __fget_files+0x2a/0x420
[  567.696698][T10181]  ? __fget_files+0x2a/0x420
[  567.696717][T10181]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  567.696736][T10181]  ? __pfx_rds_setsockopt+0x10/0x10
[  567.696766][T10181]  do_sock_setsockopt+0x179/0x1b0
[  567.696800][T10181]  __x64_sys_setsockopt+0x13f/0x1b0
[  567.696835][T10181]  do_syscall_64+0xfa/0x3b0
[  567.696867][T10181]  ? lockdep_hardirqs_on+0x9c/0x150
[  567.696888][T10181]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.696906][T10181]  ? clear_bhb_loop+0x60/0xb0
[  567.696929][T10181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.696946][T10181] RIP: 0033:0x7f75dcb8eb69
[  567.696962][T10181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  567.696979][T10181] RSP: 002b:00007f75dd9c8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  567.697001][T10181] RAX: ffffffffffffffda RBX: 00007f75dcdb5fa0 RCX: 00007f75dcb8eb69
[  567.697016][T10181] RDX: 000000000000003f RSI: 0000000000000114 RDI: 0000000000000003
[  567.697028][T10181] RBP: 00007f75dd9c8090 R08: 0000000000000004 R09: 0000000000000000
[  567.697040][T10181] R10: 0000200000000380 R11: 0000000000000246 R12: 0000000000000001
[  567.697051][T10181] R13: 0000000000000000 R14: 00007f75dcdb5fa0 R15: 00007fff1b1fcf18
[  567.697084][T10181]  </TASK>
[  567.992705][ T5851] Bluetooth: hci4: command tx timeout
[  568.090422][   T13] tipc: Left network mode
[  570.065745][ T5851] Bluetooth: hci4: command tx timeout
[  570.812566][T10191] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1049'.
[  570.822335][T10191] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1049'.
[  571.416723][T10196] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1051'.
[  571.427124][T10196] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1051'.
[  572.142565][ T5851] Bluetooth: hci4: command tx timeout
[  572.415696][ T5851] Bluetooth: hci2: connection err: -111
[  573.373080][T10214] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1057'.
[  573.428025][T10214] tc_dump_action: action bad kind
[  573.482033][   T43] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  573.576169][   T13] hsr_slave_0: left promiscuous mode
[  573.626591][   T13] hsr_slave_1: left promiscuous mode
[  573.667201][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  573.821835][   T43] usb 2-1: Using ep0 maxpacket: 32
[  573.831196][   T43] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  573.840326][   T43] usb 2-1: config 0 has no interface number 0
[  573.861427][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  573.873323][   T43] usb 2-1: config 0 interface 12 has no altsetting 0
[  573.907142][   T43] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  573.933317][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.969248][   T43] usb 2-1: Product: syz
[  574.004098][   T43] usb 2-1: Manufacturer: syz
[  574.039497][   T43] usb 2-1: SerialNumber: syz
[  574.202282][   T43] usb 2-1: config 0 descriptor??
[  574.226796][ T5851] Bluetooth: hci4: command tx timeout
[  575.379011][   T43] f81534 2-1:0.12: f81534_set_register: reg: 1003 data: b0 failed: -71
[  575.425313][   T43] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[  575.454512][   T43] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  575.472165][   T43] f81534 2-1:0.12: probe with driver f81534 failed with error -71
[  575.499921][   T43] usb 2-1: USB disconnect, device number 14
[  576.322006][T10253] kvm: kvm [10251]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  576.365576][T10253] kvm: kvm [10251]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  576.386291][T10253] kvm: kvm [10251]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[  576.420381][T10253] kvm: kvm [10251]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[  576.505242][   T13] team0 (unregistering): Port device team_slave_1 removed
[  576.566799][   T13] team0 (unregistering): Port device team_slave_0 removed
[  577.314402][T10263] netlink: 'syz.2.1062': attribute type 13 has an invalid length.
[  577.325868][T10263] netlink: 'syz.2.1062': attribute type 17 has an invalid length.
[  577.334826][T10263] netlink: 'syz.2.1062': attribute type 27 has an invalid length.
[  581.206048][ T6092] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  581.462184][ T6092] usb 2-1: device descriptor read/64, error -71
[  581.540830][T10146] chnl_net:caif_netlink_parms(): no params data found
[  581.721862][ T6092] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  581.996227][ T6092] usb 2-1: device descriptor read/64, error -71
[  582.134049][ T6092] usb usb2-port1: attempt power cycle
[  582.263827][T10146] bridge0: port 1(bridge_slave_0) entered blocking state
[  582.281633][T10146] bridge0: port 1(bridge_slave_0) entered disabled state
[  582.306779][T10146] bridge_slave_0: entered allmulticast mode
[  582.334659][T10146] bridge_slave_0: entered promiscuous mode
[  582.356121][T10146] bridge0: port 2(bridge_slave_1) entered blocking state
[  582.376520][T10146] bridge0: port 2(bridge_slave_1) entered disabled state
[  582.432549][T10146] bridge_slave_1: entered allmulticast mode
[  582.493803][T10146] bridge_slave_1: entered promiscuous mode
[  582.560531][ T6092] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  582.612495][ T6092] usb 2-1: device descriptor read/8, error -71
[  583.751830][ T6092] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  583.771015][T10146] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  583.846803][ T6092] usb 2-1: device descriptor read/8, error -71
[  583.965830][T10146] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  584.753461][ T6092] usb usb2-port1: unable to enumerate USB device
[  585.091001][T10146] team0: Port device team_slave_0 added
[  586.051485][T10324] netlink: 'syz.1.1073': attribute type 1 has an invalid length.
[  586.054169][T10146] team0: Port device team_slave_1 added
[  586.833550][T10327] 8021q: adding VLAN 0 to HW filter on device bond2
[  587.794714][T10329] veth5: entered promiscuous mode
[  587.835620][T10329] bond2: (slave veth5): Enslaving as a backup interface with a down link
[  587.982713][T10146] batman_adv: batadv0: Adding interface: batadv_slave_0
[  588.020244][T10146] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  588.092679][T10146] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  588.143517][T10146] batman_adv: batadv0: Adding interface: batadv_slave_1
[  588.160984][T10146] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  588.382726][T10356] FAULT_INJECTION: forcing a failure.
[  588.382726][T10356] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  588.396133][T10356] CPU: 0 UID: 0 PID: 10356 Comm: syz.4.1080 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  588.396169][T10356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  588.396180][T10356] Call Trace:
[  588.396187][T10356]  <TASK>
[  588.396194][T10356]  dump_stack_lvl+0x189/0x250
[  588.396224][T10356]  ? __pfx____ratelimit+0x10/0x10
[  588.396246][T10356]  ? __pfx_dump_stack_lvl+0x10/0x10
[  588.396275][T10356]  ? __pfx__printk+0x10/0x10
[  588.396291][T10356]  ? __might_fault+0xb0/0x130
[  588.396311][T10356]  should_fail_ex+0x414/0x560
[  588.396327][T10356]  _copy_from_user+0x2d/0xb0
[  588.396344][T10356]  __sys_bpf+0x1ed/0x860
[  588.396363][T10356]  ? __pfx___sys_bpf+0x10/0x10
[  588.396388][T10356]  ? ksys_write+0x22a/0x250
[  588.396400][T10356]  ? __pfx_ksys_write+0x10/0x10
[  588.396410][T10356]  ? rcu_is_watching+0x15/0xb0
[  588.396428][T10356]  __x64_sys_bpf+0x7c/0x90
[  588.396444][T10356]  do_syscall_64+0xfa/0x3b0
[  588.396456][T10356]  ? lockdep_hardirqs_on+0x9c/0x150
[  588.396469][T10356]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.396480][T10356]  ? clear_bhb_loop+0x60/0xb0
[  588.396495][T10356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  588.396506][T10356] RIP: 0033:0x7fae4818eb69
[  588.396518][T10356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  588.396529][T10356] RSP: 002b:00007fae48fed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  588.396543][T10356] RAX: ffffffffffffffda RBX: 00007fae483b6080 RCX: 00007fae4818eb69
[  588.396552][T10356] RDX: 0000000000000020 RSI: 00002000000002c0 RDI: 0000000000000003
[  588.396560][T10356] RBP: 00007fae48fed090 R08: 0000000000000000 R09: 0000000000000000
[  588.396567][T10356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  588.396574][T10356] R13: 0000000000000000 R14: 00007fae483b6080 R15: 00007ffd771fe768
[  588.396592][T10356]  </TASK>
[  588.409308][T10146] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  588.482244][T10357] netlink: 'syz.2.1078': attribute type 13 has an invalid length.
[  588.482272][T10357] netlink: 'syz.2.1078': attribute type 17 has an invalid length.
[  590.084229][T10357] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  590.104566][T10146] hsr_slave_0: entered promiscuous mode
[  590.107323][T10146] hsr_slave_1: entered promiscuous mode
[  590.114833][T10146] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  590.114880][T10146] Cannot create hsr debugfs directory
[  590.950693][T10372] netlink: 'syz.4.1082': attribute type 13 has an invalid length.
[  590.950714][T10372] netlink: 'syz.4.1082': attribute type 17 has an invalid length.
[  591.192393][T10372] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  592.556191][T10393] FAULT_INJECTION: forcing a failure.
[  592.556191][T10393] name failslab, interval 1, probability 0, space 0, times 0
[  592.599439][T10393] CPU: 1 UID: 0 PID: 10393 Comm: syz.2.1088 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  592.599469][T10393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  592.599481][T10393] Call Trace:
[  592.599489][T10393]  <TASK>
[  592.599497][T10393]  dump_stack_lvl+0x189/0x250
[  592.599526][T10393]  ? __pfx____ratelimit+0x10/0x10
[  592.599549][T10393]  ? __pfx_dump_stack_lvl+0x10/0x10
[  592.599571][T10393]  ? __pfx__printk+0x10/0x10
[  592.599603][T10393]  ? __pfx___might_resched+0x10/0x10
[  592.599624][T10393]  ? fs_reclaim_acquire+0x7d/0x100
[  592.599653][T10393]  should_fail_ex+0x414/0x560
[  592.599679][T10393]  should_failslab+0xa8/0x100
[  592.599703][T10393]  kmem_cache_alloc_noprof+0x73/0x3c0
[  592.599722][T10393]  ? create_new_namespaces+0x31/0x720
[  592.599746][T10393]  create_new_namespaces+0x31/0x720
[  592.599766][T10393]  ? safesetid_security_capable+0xa9/0x1a0
[  592.599789][T10393]  ? bpf_lsm_capable+0x9/0x20
[  592.599813][T10393]  ? security_capable+0x7e/0x2e0
[  592.599845][T10393]  unshare_nsproxy_namespaces+0x11c/0x170
[  592.599869][T10393]  ksys_unshare+0x4c8/0x8c0
[  592.599903][T10393]  ? __pfx_ksys_unshare+0x10/0x10
[  592.599929][T10393]  ? __pfx_ksys_write+0x10/0x10
[  592.599959][T10393]  __x64_sys_unshare+0x38/0x50
[  592.599984][T10393]  do_syscall_64+0xfa/0x3b0
[  592.600005][T10393]  ? lockdep_hardirqs_on+0x9c/0x150
[  592.600025][T10393]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.600045][T10393]  ? clear_bhb_loop+0x60/0xb0
[  592.600070][T10393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  592.600090][T10393] RIP: 0033:0x7f992478eb69
[  592.600108][T10393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  592.600125][T10393] RSP: 002b:00007f992568d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  592.600146][T10393] RAX: ffffffffffffffda RBX: 00007f99249b5fa0 RCX: 00007f992478eb69
[  592.600160][T10393] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[  592.600173][T10393] RBP: 00007f992568d090 R08: 0000000000000000 R09: 0000000000000000
[  592.600186][T10393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  592.600197][T10393] R13: 0000000000000001 R14: 00007f99249b5fa0 R15: 00007ffe0196dec8
[  592.600229][T10393]  </TASK>
[  592.830201][T10146] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  593.017508][T10146] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  593.116472][T10146] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  593.150865][T10404] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1090'.
[  593.172033][T10404] tc_dump_action: action bad kind
[  593.215491][T10146] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  594.186966][T10146] 8021q: adding VLAN 0 to HW filter on device bond0
[  594.337296][T10146] 8021q: adding VLAN 0 to HW filter on device team0
[  594.434860][ T1012] bridge0: port 1(bridge_slave_0) entered blocking state
[  594.442126][ T1012] bridge0: port 1(bridge_slave_0) entered forwarding state
[  594.526983][ T1012] bridge0: port 2(bridge_slave_1) entered blocking state
[  594.534343][ T1012] bridge0: port 2(bridge_slave_1) entered forwarding state
[  596.226435][T10437] netlink: 'syz.1.1096': attribute type 1 has an invalid length.
[  596.377915][T10440] veth7: entered promiscuous mode
[  598.141329][T10465] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[10465]
[  598.252110][ T5850] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  598.366189][T10146] 8021q: adding VLAN 0 to HW filter on device batadv0
[  598.509330][ T5850] usb 1-1: no configurations
[  598.516570][ T5850] usb 1-1: can't read configurations, error -22
[  598.772094][ T5850] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  598.992042][ T5850] usb 1-1: no configurations
[  598.996679][ T5850] usb 1-1: can't read configurations, error -22
[  599.022570][ T5850] usb usb1-port1: attempt power cycle
[  600.042141][ T5850] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  600.099351][ T5850] usb 1-1: no configurations
[  600.104141][ T5850] usb 1-1: can't read configurations, error -22
[  600.450975][ T5850] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  600.481402][T10480] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  600.540293][ T5850] usb 1-1: no configurations
[  600.546166][ T5850] usb 1-1: can't read configurations, error -22
[  600.565893][ T5850] usb usb1-port1: unable to enumerate USB device
[  600.769332][T10146] veth0_vlan: entered promiscuous mode
[  600.807610][T10146] veth1_vlan: entered promiscuous mode
[  600.897488][T10146] veth0_macvtap: entered promiscuous mode
[  600.955928][T10146] veth1_macvtap: entered promiscuous mode
[  601.032787][T10146] batman_adv: batadv0: Interface activated: batadv_slave_0
[  601.066853][T10146] batman_adv: batadv0: Interface activated: batadv_slave_1
[  601.123719][T10146] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  601.165065][T10146] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  601.180599][T10496] FAULT_INJECTION: forcing a failure.
[  601.180599][T10496] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  601.193893][T10146] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  601.204204][T10496] CPU: 1 UID: 0 PID: 10496 Comm: syz.4.1105 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  601.204231][T10496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  601.204243][T10496] Call Trace:
[  601.204252][T10496]  <TASK>
[  601.204261][T10496]  dump_stack_lvl+0x189/0x250
[  601.204292][T10496]  ? __pfx____ratelimit+0x10/0x10
[  601.204315][T10496]  ? __pfx_dump_stack_lvl+0x10/0x10
[  601.204339][T10496]  ? __pfx__printk+0x10/0x10
[  601.204365][T10496]  ? __might_fault+0xb0/0x130
[  601.204401][T10496]  should_fail_ex+0x414/0x560
[  601.204428][T10496]  _copy_from_user+0x2d/0xb0
[  601.204469][T10496]  __sys_bpf+0x1ed/0x860
[  601.204502][T10496]  ? __pfx___sys_bpf+0x10/0x10
[  601.204547][T10496]  ? ksys_write+0x22a/0x250
[  601.204571][T10496]  ? __pfx_ksys_write+0x10/0x10
[  601.204587][T10496]  ? rcu_is_watching+0x15/0xb0
[  601.204619][T10496]  __x64_sys_bpf+0x7c/0x90
[  601.204648][T10496]  do_syscall_64+0xfa/0x3b0
[  601.204670][T10496]  ? lockdep_hardirqs_on+0x9c/0x150
[  601.204692][T10496]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.204713][T10496]  ? clear_bhb_loop+0x60/0xb0
[  601.204738][T10496]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.204759][T10496] RIP: 0033:0x7fae4818eb69
[  601.204779][T10496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  601.204796][T10496] RSP: 002b:00007fae48fcc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  601.204819][T10496] RAX: ffffffffffffffda RBX: 00007fae483b6160 RCX: 00007fae4818eb69
[  601.204834][T10496] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005
[  601.204847][T10496] RBP: 00007fae48fcc090 R08: 0000000000000000 R09: 0000000000000000
[  601.204859][T10496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  601.204871][T10496] R13: 0000000000000000 R14: 00007fae483b6160 R15: 00007ffd771fe768
[  601.204905][T10496]  </TASK>
[  601.468715][T10146] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  602.736886][T10507] netlink: 'syz.2.1108': attribute type 15 has an invalid length.
[  602.945313][ T7603] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  602.995034][ T7603] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  603.253523][T10518] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  604.252865][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  604.261105][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  604.694069][T10529] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  606.397063][ T9913] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  606.469167][T10542] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1114'.
[  606.480093][T10542] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1114'.
[  606.692162][   T43] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  606.982689][   T43] usb 5-1: no configurations
[  607.001876][ T9913] usb 6-1: Using ep0 maxpacket: 8
[  607.017312][   T43] usb 5-1: can't read configurations, error -22
[  607.030675][ T9913] usb 6-1: config index 0 descriptor too short (expected 28277, got 36)
[  607.050514][ T9913] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  607.105838][ T9913] usb 6-1: config 0 has no interfaces?
[  607.111412][ T9913] usb 6-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  607.169738][ T9913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  607.194276][   T43] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  607.356436][ T9913] usb 6-1: config 0 descriptor??
[  608.129816][T10550] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1116'.
[  608.202697][   T43] usb 5-1: no configurations
[  608.207377][   T43] usb 5-1: can't read configurations, error -22
[  608.213279][T10550] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1116'.
[  608.247218][   T43] usb usb5-port1: attempt power cycle
[  609.362442][   T43] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  609.427450][ T9913] usb 6-1: USB disconnect, device number 2
[  609.551616][ T6094] IPVS: starting estimator thread 0...
[  609.569791][   T43] usb 5-1: device descriptor read/8, error -71
[  609.681904][T10565] IPVS: using max 26 ests per chain, 62400 per kthread
[  609.827138][T10569] input: syz1 as /devices/virtual/input/input14
[  611.391853][   T43] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  611.632178][   T43] usb 5-1: Using ep0 maxpacket: 16
[  611.671465][   T43] usb 5-1: config 0 has no interfaces?
[  611.685226][   T43] usb 5-1: New USB device found, idVendor=05ac, idProduct=1226, bcdDevice=b2.89
[  611.719825][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  611.759743][   T43] usb 5-1: Product: syz
[  611.776046][   T43] usb 5-1: Manufacturer: syz
[  611.801455][   T43] usb 5-1: SerialNumber: syz
[  611.837513][   T43] apple-mfi-fastcharge 5-1: config 0 descriptor??
[  612.162181][T10595] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1127'.
[  612.564007][T10595] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1127'.
[  612.690909][T10598] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1126'.
[  612.701060][T10598] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1126'.
[  613.124775][T10582] ip6t_srh: unknown srh match flags  4000
[  614.700254][   T43] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  614.807746][T10599] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1128'.
[  614.811817][ T6094] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  614.849175][T10599] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1128'.
[  614.876326][ T9913] apple-mfi-fastcharge 5-1: USB disconnect, device number 21
[  614.892062][   T43] usb 6-1: Using ep0 maxpacket: 8
[  614.910097][   T43] usb 6-1: config index 0 descriptor too short (expected 28277, got 36)
[  614.948100][   T43] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  615.032377][ T6094] usb 3-1: no configurations
[  615.037062][ T6094] usb 3-1: can't read configurations, error -22
[  615.067342][T10599] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  615.070163][   T43] usb 6-1: config 0 has no interfaces?
[  615.086120][   T43] usb 6-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  615.121767][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  615.126707][T10599] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  615.152982][   T43] usb 6-1: config 0 descriptor??
[  615.201910][ T6094] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  615.216526][T10599] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  615.251269][T10599] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  615.326271][T10599] geneve2: entered promiscuous mode
[  615.331569][T10599] geneve2: entered allmulticast mode
[  615.368678][ T6094] usb 3-1: no configurations
[  615.376338][ T6094] usb 3-1: can't read configurations, error -22
[  615.403831][ T6094] usb usb3-port1: attempt power cycle
[  615.444123][T10629] input: syz1 as /devices/virtual/input/input15
[  615.772403][ T6094] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  616.556784][T10635] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1136'.
[  616.566349][T10635] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1136'.
[  616.627471][ T6094] usb 3-1: no configurations
[  616.658746][ T6094] usb 3-1: can't read configurations, error -22
[  617.262356][ T6094] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  617.314319][ T6094] usb 3-1: device descriptor read/8, error -71
[  617.454974][ T6094] usb usb3-port1: unable to enumerate USB device
[  617.553639][ T9913] usb 6-1: USB disconnect, device number 3
[  620.562506][T10674] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  620.588532][T10672] input: syz1 as /devices/virtual/input/input16
[  620.920487][T10681] dlm: non-version read from control device 0
[  621.283037][   T43] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  621.402210][ T6094] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  621.463464][   T43] usb 1-1: no configurations
[  621.471793][   T43] usb 1-1: can't read configurations, error -22
[  621.563036][ T6094] usb 3-1: Using ep0 maxpacket: 8
[  621.623778][   T43] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  621.634767][ T6094] usb 3-1: config index 0 descriptor too short (expected 28277, got 36)
[  621.652088][ T6094] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  621.701526][ T6094] usb 3-1: config 0 has no interfaces?
[  621.766931][ T6094] usb 3-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  621.797702][ T6094] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  621.851587][ T6094] usb 3-1: config 0 descriptor??
[  621.884259][   T43] usb 1-1: no configurations
[  621.902479][   T43] usb 1-1: can't read configurations, error -22
[  622.062496][   T43] usb usb1-port1: attempt power cycle
[  622.872132][   T43] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  622.947057][   T43] usb 1-1: no configurations
[  622.965994][   T43] usb 1-1: can't read configurations, error -22
[  623.094739][T10707] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1153'.
[  623.112055][   T43] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  623.152009][T10707] tc_dump_action: action bad kind
[  623.161173][   T43] usb 1-1: no configurations
[  623.177611][   T43] usb 1-1: can't read configurations, error -22
[  623.220666][   T43] usb usb1-port1: unable to enumerate USB device
[  624.298121][ T9913] usb 3-1: USB disconnect, device number 16
[  624.553218][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  624.559693][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  625.832165][T10730] binder: 10722:10730 ioctl c0306201 200000000080 returned -14
[  626.211859][   T43] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  626.233420][T10737] dlm: non-version read from control device 0
[  626.796740][T10740] input: syz1 as /devices/virtual/input/input17
[  626.821831][   T43] usb 3-1: Using ep0 maxpacket: 8
[  626.872790][T10736] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1154'.
[  626.897984][   T43] usb 3-1: config index 0 descriptor too short (expected 28277, got 36)
[  626.910548][   T43] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  626.920827][   T43] usb 3-1: config 0 has no interfaces?
[  626.933803][   T43] usb 3-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  626.988357][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.998739][T10736] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1154'.
[  627.058164][   T43] usb 3-1: config 0 descriptor??
[  627.180871][T10736] geneve2: entered promiscuous mode
[  627.772176][T10736] geneve2: entered allmulticast mode
[  627.952741][T10727] fuse: Bad value for 'user_id'
[  627.957670][T10727] fuse: Bad value for 'user_id'
[  628.167578][T10746] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1162'.
[  628.176809][T10746] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1162'.
[  629.174315][   T43] usb 3-1: USB disconnect, device number 17
[  631.823936][T10800] netlink: 'syz.5.1174': attribute type 13 has an invalid length.
[  631.832627][T10800] netlink: 'syz.5.1174': attribute type 17 has an invalid length.
[  631.985220][T10800] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  634.429480][T10823] fuse: Unknown parameter 'group_00000000000000000000'
[  637.301209][T10828] kvm: kvm [10827]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  640.397271][T10880] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1190'.
[  640.484611][T10886] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1191'.
[  641.162049][T10880] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1190'.
[  641.574473][T10891] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1193'.
[  641.728202][T10897] netlink: 'syz.5.1193': attribute type 10 has an invalid length.
[  641.803252][T10897] team0: Device ipvlan1 failed to register rx_handler
[  641.916591][ T5850] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  642.351866][ T5850] usb 2-1: Using ep0 maxpacket: 8
[  642.362713][ T5850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  642.491256][ T5850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  642.548710][ T5850] usb 2-1: New USB device found, idVendor=044f, idProduct=b654, bcdDevice= 0.00
[  642.596025][ T5850] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  642.703046][ T5850] usb 2-1: config 0 descriptor??
[  643.021078][T10905] kvm: kvm [10904]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  643.149527][T10905] kvm: kvm [10904]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  643.247663][T10905] kvm: kvm [10904]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  643.315393][T10905] kvm: kvm [10904]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000
[  643.463647][ T5850] thrustmaster 0003:044F:B654.0004: hidraw0: USB HID v0.00 Device [HID 044f:b654] on usb-dummy_hcd.1-1/input0
[  643.622072][ T5850] thrustmaster 0003:044F:B654.0004: no inputs found
[  643.736053][ T6092] usb 2-1: USB disconnect, device number 19
[  643.935334][T10919] fido_id[10919]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  645.397022][T10935] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1200'.
[  645.406669][T10935] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1200'.
[  647.021513][T10949] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1204'.
[  647.031435][T10949] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1204'.
[  647.401775][ T6094] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  647.582419][T10951] FAULT_INJECTION: forcing a failure.
[  647.582419][T10951] name failslab, interval 1, probability 0, space 0, times 0
[  647.626258][ T6094] usb 6-1: config 0 has an invalid interface number: 107 but max is 0
[  647.649937][T10951] CPU: 1 UID: 0 PID: 10951 Comm: syz.1.1205 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  647.649967][T10951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  647.649979][T10951] Call Trace:
[  647.649988][T10951]  <TASK>
[  647.649997][T10951]  dump_stack_lvl+0x189/0x250
[  647.650025][T10951]  ? __pfx____ratelimit+0x10/0x10
[  647.650048][T10951]  ? __pfx_dump_stack_lvl+0x10/0x10
[  647.650071][T10951]  ? __pfx__printk+0x10/0x10
[  647.650105][T10951]  ? __pfx___might_resched+0x10/0x10
[  647.650126][T10951]  ? fs_reclaim_acquire+0x7d/0x100
[  647.650157][T10951]  should_fail_ex+0x414/0x560
[  647.650186][T10951]  should_failslab+0xa8/0x100
[  647.650210][T10951]  __kmalloc_noprof+0xcb/0x4f0
[  647.650228][T10951]  ? kfree+0x4d/0x440
[  647.650253][T10951]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  647.650286][T10951]  tomoyo_realpath_from_path+0xe3/0x5d0
[  647.650316][T10951]  ? tomoyo_domain+0xda/0x130
[  647.650349][T10951]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  647.650372][T10951]  tomoyo_path_number_perm+0x1e8/0x5a0
[  647.650398][T10951]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  647.650441][T10951]  ? __lock_acquire+0xab9/0xd20
[  647.650486][T10951]  ? __fget_files+0x2a/0x420
[  647.650512][T10951]  ? __fget_files+0x2a/0x420
[  647.650533][T10951]  ? __fget_files+0x3a0/0x420
[  647.650554][T10951]  ? __fget_files+0x2a/0x420
[  647.650582][T10951]  security_file_ioctl+0xcb/0x2d0
[  647.650609][T10951]  __se_sys_ioctl+0x47/0x170
[  647.650643][T10951]  do_syscall_64+0xfa/0x3b0
[  647.650661][T10951]  ? lockdep_hardirqs_on+0x9c/0x150
[  647.650682][T10951]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.650702][T10951]  ? clear_bhb_loop+0x60/0xb0
[  647.650727][T10951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.650746][T10951] RIP: 0033:0x7ff15358eb69
[  647.650765][T10951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  647.650782][T10951] RSP: 002b:00007ff15444b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  647.650804][T10951] RAX: ffffffffffffffda RBX: 00007ff1537b5fa0 RCX: 00007ff15358eb69
[  647.650818][T10951] RDX: 0000200000003680 RSI: 000000004080aebf RDI: 0000000000000005
[  647.650832][T10951] RBP: 00007ff15444b090 R08: 0000000000000000 R09: 0000000000000000
[  647.650845][T10951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.650856][T10951] R13: 0000000000000000 R14: 00007ff1537b5fa0 R15: 00007ffe73127598
[  647.650917][T10951]  </TASK>
[  647.651415][T10951] ERROR: Out of memory at tomoyo_realpath_from_path.
[  647.657763][ T6094] usb 6-1: config 0 has no interface number 0
[  648.007002][ T6094] usb 6-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid maxpacket 65535, setting to 64
[  648.024647][ T6094] usb 6-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  648.034131][ T6094] usb 6-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  648.042507][ T6094] usb 6-1: Product: syz
[  648.046828][ T6094] usb 6-1: Manufacturer: syz
[  648.051463][ T6094] usb 6-1: SerialNumber: syz
[  648.205877][ T6094] usb 6-1: config 0 descriptor??
[  648.992355][T10948] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  649.009331][ T6094] keyspan 6-1:0.107: Keyspan 4 port adapter converter detected
[  649.035241][ T6094] keyspan 6-1:0.107: found no endpoint descriptor for endpoint 81
[  649.087613][ T6094] keyspan 6-1:0.107: found no endpoint descriptor for endpoint 1
[  649.123015][ T6094] usb 6-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  649.153899][ T6094] keyspan 6-1:0.107: found no endpoint descriptor for endpoint 2
[  649.302419][ T6094] usb 6-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  649.468007][ T6094] keyspan 6-1:0.107: found no endpoint descriptor for endpoint 4
[  649.503571][ T6094] usb 6-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  649.522554][ T6094] keyspan 6-1:0.107: found no endpoint descriptor for endpoint 6
[  649.553161][ T6094] usb 6-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  649.657865][ T6094] usb 6-1: USB disconnect, device number 4
[  649.721137][ T6094] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  649.915589][T10975] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1211'.
[  649.927790][T10975] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1211'.
[  650.246104][T10977] netlink: 'syz.0.1209': attribute type 13 has an invalid length.
[  650.254295][T10977] netlink: 'syz.0.1209': attribute type 17 has an invalid length.
[  650.774588][T10977] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  650.922770][ T6094] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  651.124224][ T6094] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  651.232556][ T6094] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  651.278076][ T6094] keyspan 6-1:0.107: device disconnected
[  651.411874][ T5850] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  651.592612][ T5850] usb 2-1: Using ep0 maxpacket: 8
[  651.611923][ T5850] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89
[  651.647370][ T5850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  651.665061][ T6094] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  651.687449][ T5850] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  651.711826][ T5850] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.724407][ T5850] usb 2-1: Product: syz
[  651.732204][ T5850] usb 2-1: Manufacturer: syz
[  651.745548][ T5850] usb 2-1: SerialNumber: syz
[  651.775732][ T5850] usb 2-1: config 0 descriptor??
[  651.793070][ T5850] streamzap 2-1:0.0: streamzap_probe: endpoint attributes don't match xfer 0200
[  651.834062][ T6094] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  651.858965][ T6094] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  651.920193][ T6094] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  652.654410][ T6094] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  652.700611][ T6094] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.732382][ T6092] usb 2-1: USB disconnect, device number 20
[  652.813524][ T6094] usb 6-1: config 0 descriptor??
[  653.281906][ T6094] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  653.454706][T10990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  653.488248][T10990] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  653.637720][ T6094] usb 6-1: USB disconnect, device number 5
[  654.796887][T11031] ubi: mtd0 is already attached to ubi31
[  656.222663][T11050] FAULT_INJECTION: forcing a failure.
[  656.222663][T11050] name failslab, interval 1, probability 0, space 0, times 0
[  656.235543][T11050] CPU: 1 UID: 0 PID: 11050 Comm: syz.1.1222 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  656.235570][T11050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  656.235583][T11050] Call Trace:
[  656.235592][T11050]  <TASK>
[  656.235601][T11050]  dump_stack_lvl+0x189/0x250
[  656.235630][T11050]  ? __pfx____ratelimit+0x10/0x10
[  656.235654][T11050]  ? __pfx_dump_stack_lvl+0x10/0x10
[  656.235677][T11050]  ? __pfx__printk+0x10/0x10
[  656.235711][T11050]  ? __pfx___might_resched+0x10/0x10
[  656.235741][T11050]  ? fs_reclaim_acquire+0x7d/0x100
[  656.235772][T11050]  should_fail_ex+0x414/0x560
[  656.235801][T11050]  should_failslab+0xa8/0x100
[  656.235826][T11050]  __kmalloc_noprof+0xcb/0x4f0
[  656.235845][T11050]  ? kfree+0x4d/0x440
[  656.235871][T11050]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  656.235906][T11050]  tomoyo_realpath_from_path+0xe3/0x5d0
[  656.235935][T11050]  ? tomoyo_domain+0xda/0x130
[  656.235969][T11050]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  656.235991][T11050]  tomoyo_path_number_perm+0x1e8/0x5a0
[  656.236019][T11050]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  656.236039][T11050]  ? rcu_is_watching+0x15/0xb0
[  656.236062][T11050]  ? trace_sched_exit_tp+0x38/0x120
[  656.236093][T11050]  ? __schedule+0x16c8/0x4c90
[  656.236126][T11050]  ? __lock_acquire+0xab9/0xd20
[  656.236172][T11050]  ? __fget_files+0x2a/0x420
[  656.236199][T11050]  ? __fget_files+0x2a/0x420
[  656.236221][T11050]  ? __fget_files+0x3a0/0x420
[  656.236241][T11050]  ? __fget_files+0x2a/0x420
[  656.236270][T11050]  security_file_ioctl+0xcb/0x2d0
[  656.236298][T11050]  __se_sys_ioctl+0x47/0x170
[  656.236331][T11050]  do_syscall_64+0xfa/0x3b0
[  656.236356][T11050]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.236376][T11050]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  656.236396][T11050]  ? clear_bhb_loop+0x60/0xb0
[  656.236421][T11050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.236442][T11050] RIP: 0033:0x7ff15358eb69
[  656.236461][T11050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  656.236478][T11050] RSP: 002b:00007ff154409038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  656.236505][T11050] RAX: ffffffffffffffda RBX: 00007ff1537b6160 RCX: 00007ff15358eb69
[  656.236520][T11050] RDX: 0000200000001440 RSI: 00000000000089ff RDI: 0000000000000005
[  656.236535][T11050] RBP: 00007ff154409090 R08: 0000000000000000 R09: 0000000000000000
[  656.236548][T11050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  656.236560][T11050] R13: 0000000000000000 R14: 00007ff1537b6160 R15: 00007ffe73127598
[  656.236595][T11050]  </TASK>
[  656.236690][T11050] ERROR: Out of memory at tomoyo_realpath_from_path.
[  657.319914][T11067] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  657.332185][T11067] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  657.357130][T11064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1224'.
[  657.366835][T11064] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1224'.
[  659.775605][T11085] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1228'.
[  659.785940][T11085] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1228'.
[  660.661980][ T9171] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  660.814780][T11100] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1233'.
[  660.838674][T11100] tc_dump_action: action bad kind
[  661.111886][ T9171] usb 6-1: Using ep0 maxpacket: 32
[  661.138832][ T9171] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  661.194592][ T9171] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  661.237984][ T9171] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  661.257471][ T9171] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  661.302997][ T9171] usb 6-1: config 0 descriptor??
[  663.047394][   T13] Bluetooth: hci5: Frame reassembly failed (-84)
[  663.233908][ T9171] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0
[  663.395082][ T9171] usb 6-1: USB disconnect, device number 6
[  664.478109][T11135] fido_id[11135]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  665.026329][ T5851] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  665.031782][ T9799] Bluetooth: hci5: command 0x1003 tx timeout
[  665.041852][T11146] futex_wake_op: syz.0.1241 tries to shift op by 144; fix this program
[  665.196534][T11162] kvm: kvm [11157]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x2459
[  665.371045][T11162] kvm: kvm [11157]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0xd50a
[  666.092291][T11172] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1246'.
[  666.149440][T11172] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  666.158253][T11172] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  666.167024][T11172] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  666.175779][T11172] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  667.322559][T11175] bridge0: port 2(bridge_slave_1) entered disabled state
[  667.330043][T11175] bridge0: port 1(bridge_slave_0) entered disabled state
[  669.677364][T11206] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  669.824964][T11210] netlink: 'syz.1.1252': attribute type 10 has an invalid length.
[  670.247890][T11206] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  670.453867][T11175] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  670.518066][T11175] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  671.117809][T11215] fido_id[11215]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  671.425759][T11231] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1256'.
[  671.435661][T11231] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1256'.
[  675.911937][T11175] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  675.921255][T11175] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  675.934546][T11175] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  675.945135][T11175] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  676.084456][   T30] audit: type=1326 audit(1754138594.489:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11239 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992478eb69 code=0x7ffc0000
[  676.675796][   T30] audit: type=1326 audit(1754138594.489:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11239 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992478eb69 code=0x7ffc0000
[  676.706019][T11198] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1252'.
[  676.884527][   T30] audit: type=1326 audit(1754138594.489:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11239 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7f992478eb69 code=0x7ffc0000
[  676.907801][T11210] team0: Device ipvlan1 failed to register rx_handler
[  676.922962][T11206] usb 1-1: new low-speed USB device number 34 using dummy_hcd
[  677.036555][   T30] audit: type=1326 audit(1754138594.509:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11239 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992478eb69 code=0x7ffc0000
[  677.185884][   T30] audit: type=1326 audit(1754138594.519:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11239 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f992478eb69 code=0x7ffc0000
[  677.220905][T11240] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[  677.365742][   T30] audit: type=1326 audit(1754138594.519:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11239 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992478eb69 code=0x7ffc0000
[  677.482821][T11206] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  677.511853][   T30] audit: type=1326 audit(1754138594.519:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11239 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992478eb69 code=0x7ffc0000
[  677.521738][T11206] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  677.616869][   T30] audit: type=1326 audit(1754138594.519:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11239 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f992478eb69 code=0x7ffc0000
[  677.654185][T11206] usb 1-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  677.717545][T11206] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.726999][   T30] audit: type=1326 audit(1754138594.519:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11239 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f992478eb69 code=0x7ffc0000
[  677.786228][T11206] usb 1-1: config 0 descriptor??
[  677.973926][   T30] audit: type=1326 audit(1754138594.529:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11239 comm="syz.2.1259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f992478d4d0 code=0x7ffc0000
[  680.135892][T11276] netlink: 'syz.4.1266': attribute type 13 has an invalid length.
[  680.145859][T11276] netlink: 'syz.4.1266': attribute type 17 has an invalid length.
[  680.385665][T11276] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  681.077486][T11206] usb 1-1: can't set config #0, error -71
[  681.170041][T11206] usb 1-1: USB disconnect, device number 34
[  683.458083][T11315] sch_fq: defrate 4294967295 ignored.
[  683.523846][T11315] input: syz0 as /devices/virtual/input/input19
[  684.409235][T11318] FAULT_INJECTION: forcing a failure.
[  684.409235][T11318] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  684.410474][T11318] 
[  684.410481][T11318] ======================================================
[  684.410486][T11318] WARNING: possible circular locking dependency detected
[  684.410491][T11318] 6.16.0-syzkaller #0 Not tainted
[  684.410498][T11318] ------------------------------------------------------
[  684.410502][T11318] syz.4.1276/11318 is trying to acquire lock:
[  684.410508][T11318] ffffffff8e133300 (console_owner){-...}-{0:0}, at: console_flush_all+0x13a/0xc40
[  684.410544][T11318] 
[  684.410544][T11318] but task is already holding lock:
[  684.410547][T11318] ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  684.410573][T11318] 
[  684.410573][T11318] which lock already depends on the new lock.
[  684.410573][T11318] 
[  684.410577][T11318] 
[  684.410577][T11318] the existing dependency chain (in reverse order) is:
[  684.410581][T11318] 
[  684.410581][T11318] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  684.410596][T11318]        lock_acquire+0x120/0x360
[  684.410606][T11318]        _raw_spin_lock_nested+0x32/0x50
[  684.410617][T11318]        raw_spin_rq_lock_nested+0x2a/0x140
[  684.410628][T11318]        task_rq_lock+0xbc/0x470
[  684.410638][T11318]        cgroup_move_task+0x9a/0x590
[  684.410650][T11318]        css_set_move_task+0x658/0x9e0
[  684.410663][T11318]        cgroup_post_fork+0x1ef/0x790
[  684.410675][T11318]        copy_process+0x37e6/0x3b80
[  684.410687][T11318]        kernel_clone+0x224/0x7f0
[  684.410699][T11318]        user_mode_thread+0xdd/0x140
[  684.410711][T11318]        rest_init+0x23/0x300
[  684.410724][T11318]        start_kernel+0x47d/0x500
[  684.410736][T11318]        x86_64_start_reservations+0x24/0x30
[  684.410751][T11318]        x86_64_start_kernel+0x143/0x1c0
[  684.410766][T11318]        common_startup_64+0x13e/0x147
[  684.410780][T11318] 
[  684.410780][T11318] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  684.410795][T11318]        lock_acquire+0x120/0x360
[  684.410804][T11318]        _raw_spin_lock_irqsave+0xa7/0xf0
[  684.410820][T11318]        try_to_wake_up+0x6e/0x1290
[  684.410833][T11318]        __wake_up_common_lock+0x137/0x1f0
[  684.410848][T11318]        tty_port_default_wakeup+0xa2/0xf0
[  684.410865][T11318]        serial8250_tx_chars+0x72e/0x970
[  684.410879][T11318]        serial8250_handle_irq+0x633/0xbb0
[  684.410893][T11318]        serial8250_default_handle_irq+0xbf/0x1b0
[  684.410904][T11318]        serial8250_interrupt+0xa2/0x1d0
[  684.410916][T11318]        __handle_irq_event_percpu+0x289/0x980
[  684.410930][T11318]        handle_irq_event+0x8b/0x1e0
[  684.410943][T11318]        handle_edge_irq+0x267/0x9c0
[  684.410955][T11318]        __common_interrupt+0x140/0x250
[  684.410970][T11318]        common_interrupt+0x5e/0xe0
[  684.410984][T11318]        asm_common_interrupt+0x26/0x40
[  684.410994][T11318]        sched_balance_rq+0x430a/0x57a0
[  684.411004][T11318]        sched_balance_domains+0x49f/0x9e0
[  684.411014][T11318]        handle_softirqs+0x283/0x870
[  684.411025][T11318]        __irq_exit_rcu+0xca/0x1f0
[  684.411035][T11318]        irq_exit_rcu+0x9/0x30
[  684.411044][T11318]        sysvec_apic_timer_interrupt+0xa6/0xc0
[  684.411055][T11318]        asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  684.411066][T11318]        pv_native_safe_halt+0x13/0x20
[  684.411076][T11318]        default_idle+0x13/0x20
[  684.411088][T11318]        default_idle_call+0x74/0xb0
[  684.411100][T11318]        do_idle+0x1e8/0x510
[  684.411111][T11318]        cpu_startup_entry+0x44/0x60
[  684.411122][T11318]        rest_init+0x2de/0x300
[  684.411138][T11318]        start_kernel+0x47d/0x500
[  684.411149][T11318]        x86_64_start_reservations+0x24/0x30
[  684.411164][T11318]        x86_64_start_kernel+0x143/0x1c0
[  684.411178][T11318]        common_startup_64+0x13e/0x147
[  684.411192][T11318] 
[  684.411192][T11318] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  684.411207][T11318]        lock_acquire+0x120/0x360
[  684.411216][T11318]        _raw_spin_lock_irqsave+0xa7/0xf0
[  684.411232][T11318]        __wake_up_common_lock+0x2f/0x1f0
[  684.411246][T11318]        tty_port_default_wakeup+0xa2/0xf0
[  684.411262][T11318]        serial8250_tx_chars+0x72e/0x970
[  684.411276][T11318]        serial8250_handle_irq+0x633/0xbb0
[  684.411290][T11318]        serial8250_default_handle_irq+0xbf/0x1b0
[  684.411301][T11318]        serial8250_interrupt+0xa2/0x1d0
[  684.411312][T11318]        __handle_irq_event_percpu+0x289/0x980
[  684.411326][T11318]        handle_irq_event+0x8b/0x1e0
[  684.411339][T11318]        handle_edge_irq+0x267/0x9c0
[  684.411351][T11318]        __common_interrupt+0x140/0x250
[  684.411366][T11318]        common_interrupt+0xb6/0xe0
[  684.411386][T11318]        asm_common_interrupt+0x26/0x40
[  684.411397][T11318]        _raw_spin_unlock_irqrestore+0xa8/0x110
[  684.411413][T11318]        uart_port_unlock_deref+0x111/0x2f0
[  684.411427][T11318]        uart_write+0xe8/0x130
[  684.411440][T11318]        n_tty_write+0xd35/0x11d0
[  684.411450][T11318]        file_tty_write+0x500/0x990
[  684.411463][T11318]        vfs_write+0x54b/0xa90
[  684.411473][T11318]        ksys_write+0x145/0x250
[  684.411481][T11318]        do_syscall_64+0xfa/0x3b0
[  684.411493][T11318]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.411504][T11318] 
[  684.411504][T11318] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  684.411519][T11318]        lock_acquire+0x120/0x360
[  684.411528][T11318]        _raw_spin_lock_irqsave+0xa7/0xf0
[  684.411544][T11318]        serial8250_console_write+0x17e/0x1ba0
[  684.411559][T11318]        console_flush_all+0x728/0xc40
[  684.411572][T11318]        console_unlock+0xc4/0x270
[  684.411584][T11318]        vprintk_emit+0x5b7/0x7a0
[  684.411595][T11318]        _printk+0xcf/0x120
[  684.411608][T11318]        register_console+0xa8b/0xf90
[  684.411621][T11318]        univ8250_console_init+0x52/0x90
[  684.411635][T11318]        console_init+0x1a1/0x670
[  684.411648][T11318]        start_kernel+0x2cc/0x500
[  684.411659][T11318]        x86_64_start_reservations+0x24/0x30
[  684.411679][T11318]        x86_64_start_kernel+0x143/0x1c0
[  684.411693][T11318]        common_startup_64+0x13e/0x147
[  684.411706][T11318] 
[  684.411706][T11318] -> #0 (console_owner){-...}-{0:0}:
[  684.411721][T11318]        validate_chain+0xb9b/0x2140
[  684.411733][T11318]        __lock_acquire+0xab9/0xd20
[  684.411742][T11318]        lock_acquire+0x120/0x360
[  684.411750][T11318]        console_flush_all+0x6d2/0xc40
[  684.411763][T11318]        console_unlock+0xc4/0x270
[  684.411774][T11318]        vprintk_emit+0x5b7/0x7a0
[  684.411785][T11318]        _printk+0xcf/0x120
[  684.411796][T11318]        should_fail_ex+0x3f5/0x560
[  684.411806][T11318]        strncpy_from_user+0x36/0x290
[  684.411822][T11318]        strncpy_from_user_nofault+0x72/0x150
[  684.411833][T11318]        bpf_probe_read_compat_str+0xe2/0x180
[  684.411844][T11318]        bpf_prog_c1796171ffc7efef+0x3e/0x44
[  684.411854][T11318]        bpf_trace_run4+0x28e/0x4a0
[  684.411867][T11318]        __bpf_trace_sched_switch+0x17a/0x1e0
[  684.411882][T11318]        __traceiter_sched_switch+0x9a/0xd0
[  684.411896][T11318]        __schedule+0x22ba/0x4c90
[  684.411905][T11318]        preempt_schedule_irq+0xb5/0x150
[  684.411915][T11318]        irqentry_exit+0x6f/0x90
[  684.411925][T11318]        asm_sysvec_reschedule_ipi+0x1a/0x20
[  684.411935][T11318]        do_syscall_64+0xc3/0x3b0
[  684.411947][T11318]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.411957][T11318] 
[  684.411957][T11318] other info that might help us debug this:
[  684.411957][T11318] 
[  684.411961][T11318] Chain exists of:
[  684.411961][T11318]   console_owner --> &p->pi_lock --> &rq->__lock
[  684.411961][T11318] 
[  684.411978][T11318]  Possible unsafe locking scenario:
[  684.411978][T11318] 
[  684.411982][T11318]        CPU0                    CPU1
[  684.411985][T11318]        ----                    ----
[  684.411989][T11318]   lock(&rq->__lock);
[  684.411996][T11318]                                lock(&p->pi_lock);
[  684.412004][T11318]                                lock(&rq->__lock);
[  684.412012][T11318]   lock(console_owner);
[  684.412019][T11318] 
[  684.412019][T11318]  *** DEADLOCK ***
[  684.412019][T11318] 
[  684.412022][T11318] 4 locks held by syz.4.1276/11318:
[  684.412029][T11318]  #0: ffff8880b8639e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  684.412056][T11318]  #1: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x19c/0x4a0
[  684.412086][T11318]  #2: ffffffff8e133360 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x120
[  684.412113][T11318]  #3: ffffffff8e01ac30 (console_srcu){....}-{0:0}, at: console_flush_all+0x13a/0xc40
[  684.412142][T11318] 
[  684.412142][T11318] stack backtrace:
[  684.412149][T11318] CPU: 1 UID: 0 PID: 11318 Comm: syz.4.1276 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  684.412162][T11318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  684.412170][T11318] Call Trace:
[  684.412174][T11318]  <TASK>
[  684.412180][T11318]  dump_stack_lvl+0x189/0x250
[  684.412194][T11318]  ? __pfx_dump_stack_lvl+0x10/0x10
[  684.412206][T11318]  ? __pfx__printk+0x10/0x10
[  684.412220][T11318]  ? print_lock_name+0xde/0x100
[  684.412234][T11318]  print_circular_bug+0x2ee/0x310
[  684.412248][T11318]  check_noncircular+0x134/0x160
[  684.412263][T11318]  validate_chain+0xb9b/0x2140
[  684.412281][T11318]  __lock_acquire+0xab9/0xd20
[  684.412292][T11318]  ? console_flush_all+0x13a/0xc40
[  684.412305][T11318]  lock_acquire+0x120/0x360
[  684.412315][T11318]  ? console_flush_all+0x13a/0xc40
[  684.412330][T11318]  ? do_raw_spin_unlock+0x122/0x240
[  684.412344][T11318]  ? console_flush_all+0x13a/0xc40
[  684.412358][T11318]  console_flush_all+0x6d2/0xc40
[  684.412372][T11318]  ? console_flush_all+0x13a/0xc40
[  684.412391][T11318]  ? console_flush_all+0x13a/0xc40
[  684.412406][T11318]  ? __pfx_console_flush_all+0x10/0x10
[  684.412423][T11318]  ? is_printk_cpu_sync_owner+0x32/0x40
[  684.412440][T11318]  console_unlock+0xc4/0x270
[  684.412453][T11318]  ? __pfx_console_unlock+0x10/0x10
[  684.412466][T11318]  ? is_printk_cpu_sync_owner+0x32/0x40
[  684.412482][T11318]  vprintk_emit+0x5b7/0x7a0
[  684.412495][T11318]  ? __pfx_vprintk_emit+0x10/0x10
[  684.412507][T11318]  ? __schedule+0x16c8/0x4c90
[  684.412521][T11318]  _printk+0xcf/0x120
[  684.412534][T11318]  ? __pfx____ratelimit+0x10/0x10
[  684.412546][T11318]  ? __pfx__printk+0x10/0x10
[  684.412560][T11318]  ? kernelmode_fixup_or_oops+0x7c/0xf0
[  684.412578][T11318]  should_fail_ex+0x3f5/0x560
[  684.412590][T11318]  strncpy_from_user+0x36/0x290
[  684.412607][T11318]  strncpy_from_user_nofault+0x72/0x150
[  684.412620][T11318]  bpf_probe_read_compat_str+0xe2/0x180
[  684.412632][T11318]  bpf_prog_c1796171ffc7efef+0x3e/0x44
[  684.412642][T11318]  bpf_trace_run4+0x28e/0x4a0
[  684.412656][T11318]  ? bpf_trace_run4+0x19c/0x4a0
[  684.412671][T11318]  ? __pfx_bpf_trace_run4+0x10/0x10
[  684.412684][T11318]  ? kvm_sched_clock_read+0x11/0x20
[  684.412695][T11318]  ? sched_clock_cpu+0x74/0x430
[  684.412707][T11318]  ? __bpf_trace_sched_switch+0x15f/0x1e0
[  684.412724][T11318]  __bpf_trace_sched_switch+0x17a/0x1e0
[  684.412739][T11318]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  684.412753][T11318]  ? psi_group_change+0xbc7/0x1210
[  684.412766][T11318]  ? rcu_read_lock_sched_held+0x89/0x100
[  684.412779][T11318]  ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[  684.412792][T11318]  ? psi_task_switch+0x318/0x6d0
[  684.412806][T11318]  ? tracing_record_taskinfo_sched_switch+0x7d/0x370
[  684.412820][T11318]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  684.412835][T11318]  __traceiter_sched_switch+0x9a/0xd0
[  684.412851][T11318]  __schedule+0x22ba/0x4c90
[  684.412864][T11318]  ? preempt_schedule_irq+0xb5/0x150
[  684.412875][T11318]  ? vfs_write+0x8d8/0xa90
[  684.412885][T11318]  ? __pfx___schedule+0x10/0x10
[  684.412896][T11318]  ? ksys_write+0x1cb/0x250
[  684.412908][T11318]  ? preempt_schedule_irq+0xaa/0x150
[  684.412920][T11318]  preempt_schedule_irq+0xb5/0x150
[  684.412931][T11318]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  684.412944][T11318]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  684.412957][T11318]  irqentry_exit+0x6f/0x90
[  684.412968][T11318]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  684.412980][T11318] RIP: 0010:do_syscall_64+0xc3/0x3b0
[  684.412993][T11318] Code: 00 48 8b 7d 08 48 89 7b 18 e8 49 5a 00 00 0f 1f 44 00 00 0f 1f 44 00 00 90 e8 99 81 61 f6 90 90 e8 42 81 61 f6 fb 49 8b 57 08 <f6> c2 3f 74 0e 4c 89 f7 4c 89 ee e8 fd da 44 f6 49 89 c4 90 90 41
[  684.413003][T11318] RSP: 0018:ffffc900045efef0 EFLAGS: 00000286
[  684.413013][T11318] RAX: a26e6745d801e300 RBX: ffffc900045efef0 RCX: a26e6745d801e300
[  684.413023][T11318] RDX: 0000000000000000 RSI: ffffffff8d982fba RDI: ffffffff8be1ba40
[  684.413031][T11318] RBP: ffffc900045eff48 R08: ffffffff8fa0b3f7 R09: 1ffffffff1f4167e
[  684.413040][T11318] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: 0000000000000010
[  684.413048][T11318] R13: 0000000000000010 R14: ffffc900045eff58 R15: ffff8880256a8000
[  684.413061][T11318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.413073][T11318]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  684.413083][T11318]  ? clear_bhb_loop+0x60/0xb0
[  684.413096][T11318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.413107][T11318] RIP: 0033:0x7fae4818eb69
[  684.413117][T11318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  684.413127][T11318] RSP: 002b:00007fae4900e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  684.413138][T11318] RAX: ffffffffffffffda RBX: 00007fae483b5fa0 RCX: 00007fae4818eb69
[  684.413147][T11318] RDX: 0000200000000700 RSI: 0000000000008914 RDI: 0000000000000008
[  684.413155][T11318] RBP: 00007fae4900e090 R08: 0000000000000000 R09: 0000000000000000
[  684.413162][T11318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  684.413169][T11318] R13: 0000000000000000 R14: 00007fae483b5fa0 R15: 00007ffd771fe768
[  684.413181][T11318]  </TASK>
[  685.733766][T11318] CPU: 1 UID: 0 PID: 11318 Comm: syz.4.1276 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  685.733784][T11318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  685.733792][T11318] Call Trace:
[  685.733799][T11318]  <TASK>
[  685.733805][T11318]  dump_stack_lvl+0x189/0x250
[  685.733823][T11318]  ? __pfx____ratelimit+0x10/0x10
[  685.733839][T11318]  ? __pfx_dump_stack_lvl+0x10/0x10
[  685.733851][T11318]  ? __pfx__printk+0x10/0x10
[  685.733867][T11318]  ? kernelmode_fixup_or_oops+0x7c/0xf0
[  685.733886][T11318]  should_fail_ex+0x414/0x560
[  685.733899][T11318]  strncpy_from_user+0x36/0x290
[  685.733918][T11318]  strncpy_from_user_nofault+0x72/0x150
[  685.733932][T11318]  bpf_probe_read_compat_str+0xe2/0x180
[  685.733946][T11318]  bpf_prog_c1796171ffc7efef+0x3e/0x44
[  685.733957][T11318]  bpf_trace_run4+0x28e/0x4a0
[  685.733972][T11318]  ? bpf_trace_run4+0x19c/0x4a0
[  685.733987][T11318]  ? __pfx_bpf_trace_run4+0x10/0x10
[  685.734001][T11318]  ? kvm_sched_clock_read+0x11/0x20
[  685.734013][T11318]  ? sched_clock_cpu+0x74/0x430
[  685.734026][T11318]  ? __bpf_trace_sched_switch+0x15f/0x1e0
[  685.734042][T11318]  __bpf_trace_sched_switch+0x17a/0x1e0
[  685.734058][T11318]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  685.734073][T11318]  ? psi_group_change+0xbc7/0x1210
[  685.734085][T11318]  ? rcu_read_lock_sched_held+0x89/0x100
[  685.734098][T11318]  ? __pfx_rcu_read_lock_sched_held+0x10/0x10
[  685.734111][T11318]  ? psi_task_switch+0x318/0x6d0
[  685.734125][T11318]  ? tracing_record_taskinfo_sched_switch+0x7d/0x370
[  685.734141][T11318]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  685.734156][T11318]  __traceiter_sched_switch+0x9a/0xd0
[  685.734188][T11318]  __schedule+0x22ba/0x4c90
[  685.734204][T11318]  ? preempt_schedule_irq+0xb5/0x150
[  685.734214][T11318]  ? vfs_write+0x8d8/0xa90
[  685.734225][T11318]  ? __pfx___schedule+0x10/0x10
[  685.734236][T11318]  ? ksys_write+0x1cb/0x250
[  685.734248][T11318]  ? preempt_schedule_irq+0xaa/0x150
[  685.734260][T11318]  preempt_schedule_irq+0xb5/0x150
[  685.734271][T11318]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  685.734284][T11318]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  685.734298][T11318]  irqentry_exit+0x6f/0x90
[  685.734310][T11318]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  685.734322][T11318] RIP: 0010:do_syscall_64+0xc3/0x3b0
[  685.734336][T11318] Code: 00 48 8b 7d 08 48 89 7b 18 e8 49 5a 00 00 0f 1f 44 00 00 0f 1f 44 00 00 90 e8 99 81 61 f6 90 90 e8 42 81 61 f6 fb 49 8b 57 08 <f6> c2 3f 74 0e 4c 89 f7 4c 89 ee e8 fd da 44 f6 49 89 c4 90 90 41
[  685.734347][T11318] RSP: 0018:ffffc900045efef0 EFLAGS: 00000286
[  685.734359][T11318] RAX: a26e6745d801e300 RBX: ffffc900045efef0 RCX: a26e6745d801e300
[  685.734368][T11318] RDX: 0000000000000000 RSI: ffffffff8d982fba RDI: ffffffff8be1ba40
[  685.734377][T11318] RBP: ffffc900045eff48 R08: ffffffff8fa0b3f7 R09: 1ffffffff1f4167e
[  685.734385][T11318] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: 0000000000000010
[  685.734394][T11318] R13: 0000000000000010 R14: ffffc900045eff58 R15: ffff8880256a8000
[  685.734407][T11318]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.734418][T11318]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  685.734430][T11318]  ? clear_bhb_loop+0x60/0xb0
[  685.734442][T11318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.734453][T11318] RIP: 0033:0x7fae4818eb69
[  685.734465][T11318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  685.734474][T11318] RSP: 002b:00007fae4900e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  685.734486][T11318] RAX: ffffffffffffffda RBX: 00007fae483b5fa0 RCX: 00007fae4818eb69
[  685.734494][T11318] RDX: 0000200000000700 RSI: 0000000000008914 RDI: 0000000000000008
[  685.734502][T11318] RBP: 00007fae4900e090 R08: 0000000000000000 R09: 0000000000000000
[  685.734509][T11318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  685.734516][T11318] R13: 0000000000000000 R14: 00007fae483b5fa0 R15: 00007ffd771fe768
[  685.734528][T11318]  </TASK>
[  686.026727][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  686.446720][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  687.553016][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  687.742711][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  687.873272][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  687.945205][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  688.046035][   T13] bridge_slave_1: left allmulticast mode
[  688.054513][   T13] bridge_slave_1: left promiscuous mode
[  688.060360][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  688.070241][   T13] bridge_slave_0: left allmulticast mode
[  688.078464][   T13] bridge_slave_0: left promiscuous mode
[  688.084597][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  688.450352][   T13] bond0 (unregistering): left promiscuous mode
[  688.456688][   T13] bond_slave_0: left promiscuous mode
[  688.464181][   T13] bond_slave_1: left promiscuous mode
[  688.471096][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  688.481429][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  688.493163][   T13] bond0 (unregistering): Released all slaves
[  688.556694][   T13] tipc: Left network mode
[  688.737521][   T13] team0: left promiscuous mode
[  688.743135][   T13] team_slave_0: left promiscuous mode
[  688.748729][   T13] team_slave_1: left promiscuous mode
[  688.759471][   T13] hsr_slave_0: left promiscuous mode
[  688.766768][   T13] hsr_slave_1: left promiscuous mode
[  688.773899][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  688.782197][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  689.084125][   T13] team0 (unregistering): Port device team_slave_1 removed
[  689.120259][   T13] team0 (unregistering): Port device team_slave_0 removed
[  689.690118][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  689.705023][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  689.787387][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  689.799229][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  689.909210][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  689.924147][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.004988][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  690.021740][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.165580][   T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  690.177325][   T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.227091][   T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  690.237611][   T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.306936][   T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  690.318672][   T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.375570][   T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  690.389605][   T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.515594][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  690.526124][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.584453][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  690.597503][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.647969][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  690.658451][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.695219][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  690.706872][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  690.840273][   T13] bridge_slave_1: left allmulticast mode
[  690.846091][   T13] bridge_slave_1: left promiscuous mode
[  690.851891][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  690.859860][   T13] bridge_slave_0: left allmulticast mode
[  690.866809][   T13] bridge_slave_0: left promiscuous mode
[  690.872651][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  690.881942][   T13] bridge_slave_1: left allmulticast mode
[  690.887634][   T13] bridge_slave_1: left promiscuous mode
[  690.893470][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  690.902353][   T13] bridge_slave_0: left allmulticast mode
[  690.908646][   T13] bridge_slave_0: left promiscuous mode
[  690.914849][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  690.924170][   T13] bridge_slave_1: left allmulticast mode
[  690.929836][   T13] bridge_slave_1: left promiscuous mode
[  690.935835][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  690.944110][   T13] bridge_slave_0: left allmulticast mode
[  690.949755][   T13] bridge_slave_0: left promiscuous mode
[  690.955737][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  691.301411][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  691.310950][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  691.320348][   T13] bond0 (unregistering): Released all slaves
[  691.583799][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  691.593458][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  691.603472][   T13] bond0 (unregistering): Released all slaves
[  691.631719][   T13] bond1 (unregistering): (slave ip6gretap1): Removing an active aggregator
[  691.640919][   T13] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[  691.649407][   T13] bond1 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - 02:30:cd:f3:b4:d9 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  691.885147][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  691.894824][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  691.905138][   T13] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  691.915653][   T13] bond0 (unregistering): Released all slaves
[  691.928298][   T13] bond1 (unregistering): (slave veth3): Releasing backup interface
[  691.937418][   T13] bond1 (unregistering): Released all slaves
[  692.036136][   T13] bond2 (unregistering): (slave veth5): Releasing backup interface
[  692.044975][   T13] bond2 (unregistering): Released all slaves
[  692.164954][   T13] tipc: Left network mode
[  692.178418][   T13] tipc: Left network mode
[  692.576185][   T13] hsr_slave_0: left promiscuous mode
[  692.584089][   T13] hsr_slave_1: left promiscuous mode
[  692.590086][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  692.606299][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  692.617640][   T13] hsr_slave_0: left promiscuous mode
[  692.625083][   T13] hsr_slave_1: left promiscuous mode
[  692.631195][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  692.639342][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  692.653092][   T13] hsr_slave_0: left promiscuous mode
[  692.659139][   T13] hsr_slave_1: left promiscuous mode
[  692.666539][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  692.677402][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  692.996512][   T13] team0 (unregistering): Port device team_slave_1 removed
[  693.032848][   T13] team0 (unregistering): Port device team_slave_0 removed
[  693.667595][   T13] team0 (unregistering): Port device team_slave_1 removed
[  693.703324][   T13] team0 (unregistering): Port device team_slave_0 removed
[  694.319472][   T13] team0 (unregistering): Port device team_slave_1 removed
[  694.357325][   T13] team0 (unregistering): Port device team_slave_0 removed