last executing test programs:

3m42.08991639s ago: executing program 3 (id=146):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000001c0), 0x20800, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x129c81, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0x8)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_udp_int(r4, 0x11, 0xa, 0x0, &(0x7f00000025c0))
write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0xff2e)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x403, 0x10000, 0x8000000, {0x0, 0x0, 0x0, 0x0, 0x215, 0x5}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PMTUDISC={0x5, 0xa, 0x1}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x1b}]}}}]}, 0x40}, 0x1, 0xba01, 0x0, 0x4000080}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000400)={'ip_vti0\x00', &(0x7f00000005c0)={'syztnl0\x00', <r6=>0x0, 0x700, 0x80, 0x2, 0x7, {{0x25, 0x4, 0x2, 0x3, 0x94, 0x64, 0x0, 0x0, 0x4, 0x0, @remote, @loopback, {[@timestamp={0x44, 0x10, 0xd7, 0x0, 0xb, [0x8, 0x6, 0x2e]}, @ssrr={0x89, 0x13, 0xd1, [@private=0xa010101, @rand_addr=0x64010102, @private=0xa010102, @multicast2]}, @generic={0x7, 0x4, "60ac"}, @ssrr={0x89, 0x17, 0x48, [@remote, @local, @local, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0xf}]}, @rr={0x7, 0x27, 0x8c, [@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @multicast1, @rand_addr=0x64010101, @local, @private=0xa010100, @dev={0xac, 0x14, 0x14, 0x44}, @broadcast, @dev={0xac, 0x14, 0x14, 0x35}]}, @timestamp_prespec={0x44, 0x14, 0xa6, 0x3, 0x3, [{@loopback, 0x10}, {@loopback, 0x3}]}, @ra={0x94, 0x4}]}}}}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0x2, &(0x7f0000000380)=@raw=[@map_idx={0x18, 0x2, 0x5, 0x0, 0xb}], &(0x7f00000003c0)='GPL\x00', 0x34e, 0xec, &(0x7f0000000480)=""/236, 0x41100, 0x21, '\x00', r6, 0x0, r1, 0x8, &(0x7f0000000680)={0xa, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x1, 0xc, 0x43, 0x9}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000700)=[r1], &(0x7f0000000740)=[{0x0, 0x3, 0x0, 0x5}, {0x1, 0x3, 0x3, 0x8}]}, 0x94)
dup(r5)
ioctl$TCSETS(r3, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x7f, 0x4000006, 0x3, "42341f9b1000007e4f00"})
r7 = syz_open_pts(r3, 0x103100)
dup3(r7, r3, 0x0)
splice(r3, 0x0, r2, 0x0, 0x7ffff000, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r0, 0x4018aebd, &(0x7f0000000200)={0x0, r2})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
fchdir(r8)
r9 = eventfd(0x0)
io_submit(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xc2, r9, &(0x7f0000000080)="0100fd6410000000", 0x8, 0x38, 0x0, 0x0, r9}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x1, r9, 0x0, 0x0, 0x0, 0x0, 0x1, r9}])
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$kcm(0x11, 0xa, 0x300)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000007000000000000"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
r11 = socket$phonet(0x23, 0x2, 0x1)
ioctl$sock_TIOCINQ(r11, 0x541b, &(0x7f0000000140))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sock_rcvqueue_full\x00', r10}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)

3m41.365885352s ago: executing program 3 (id=152):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x80080)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000004500090000000000000000000300000008000200"], 0x1c}}, 0x0)

3m40.197073462s ago: executing program 3 (id=155):
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x458, 0x5019, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x4, 0x4, 0x4}}]}}}]}}]}}, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCFLSH(r1, 0x80045430, 0x7ffffffffffffffe)
r2 = socket(0x2, 0x80805, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x400, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x4)
r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x62941, 0x40, 0x10}, 0x18)
close(0x3)
accept4$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14, 0x800)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={<r6=>0x0, 0x10, &(0x7f00000005c0)=[@in={0x2, 0x4e22, @rand_addr=0x64010102}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000340)={r6, @in6={{0xa, 0x7, 0x4, @loopback}}}, &(0x7f0000000040)=0x84)
poll(&(0x7f0000000180)=[{r5, 0x4}, {r3, 0x4100}, {r4, 0x4044}, {r2, 0x100}], 0x4, 0x3)
sendmmsg$inet_sctp(r2, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000100)={0x0, 0x1}, 0x8)
r7 = syz_usb_connect$hid(0x2, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYRES8=r0, @ANYRES32=r7, @ANYRES16=0x0, @ANYRESOCT=r0, @ANYBLOB="ccd1300643b44a09f88fe2b6ee2073596c88506ced782d585ac4b47f0e1831dc98fd9d05b3c4f5027b24915cd3dde53ea9f335b02a16b3f91b5cf6061e3ee7215cfb31db1507a1c7a624f4917a28db2ddf8ac47ceaeae234315d5e657e44e7c3d8667b3aaaded8202ba9855e0ea8cac59976700bcde11fca009b0da0eeccbef67743a39029630032c23b3e5aa7ebc49cd41b344434553b134c7d0fd5e93b619ad46de7824d52f2c9c9738a9e8132", @ANYRES64, @ANYRES8=r7, @ANYBLOB="f1c96e40617767b02bf8ca742547060008e8664bb8e520d7892306"], 0x0}, 0x0)

3m37.096288861s ago: executing program 3 (id=167):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.sectors\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x2, '\x00', 0x0, r1, 0x3, 0x2, 0x3}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r4, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r3], 0x38}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r2, 0x0, 0x5}, 0x18)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000780)={{0x12, 0x1, 0x0, 0xc9, 0x66, 0x7c, 0x40, 0x1d50, 0x60c6, 0xafe7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x58, 0x77, 0x1, 0x25, 0x84, 0x53, 0x0, [], [{{0x9, 0x5, 0xb, 0x0, 0x10, 0x1, 0x2, 0x2}}]}}]}}]}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r1)
sendmsg$TIPC_NL_MEDIA_SET(r6, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f00000007c0)={0x244, r7, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xe}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x694e812c}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5000}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xb5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_BEARER={0x10c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x0, @empty}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @local}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}}}}, @TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x88}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc44}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'macvlan0\x00'}}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb0}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4a1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x64}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffe}]}, @TIPC_NLA_SOCK={0x90, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xc}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7e5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xa}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1000}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x244}, 0x1, 0x0, 0x0, 0x40}, 0x14)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50)
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r10, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r10, &(0x7f0000000000), 0xd)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

3m34.669938542s ago: executing program 3 (id=175):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0x44, 0x30, 0x9, 0x0, 0x0, {}, [{0x30, 0x1, [@m_bpf={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001a00599c6d0e000091d028ef80"], 0xfe33)
read$FUSE(0xffffffffffffffff, &(0x7f0000000240)={0x2020, 0x0, <r1=>0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
r3 = syz_open_dev$audion(&(0x7f00000022c0), 0x5, 0x10000)
write$FUSE_INIT(r3, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x2b, 0x5, 0x20200001, 0x7, 0xf, 0x7, 0xd, 0x0, 0x0, 0x10, 0x7}}, 0x50)
get_robust_list(r2, &(0x7f0000000180)=&(0x7f0000000140)={&(0x7f00000000c0)={&(0x7f0000000080)}, 0x0, &(0x7f0000000100)}, &(0x7f0000002280)=0x18)
r4 = socket(0x11, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000040)=@bpf_lsm={0x3ea, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2a6, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x7d2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000000c0)={'aio_iiro_16\x00', [0x4f27, 0x8, 0x10000, 0x10000004, 0x8, 0xfffffbf9, 0x3, 0x0, 0x0, 0x100, 0x2, 0x1, 0x2, 0xfffffffe, 0x4, 0xe1cb, 0x0, 0x0, 0x3, 0x40000003, 0x89, 0xfffffffd, 0x0, 0x20001e56, 0xb, 0xfff, 0x3c, 0x7fffffff, 0x7, 0x8000000, 0xfffffff8]})
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xa, 0x12, r5, 0x37085000)
setsockopt(r4, 0x107, 0x14, &(0x7f0000000000)="11106e00", 0x4)
sendmmsg(r4, &(0x7f00000025c0)=[{{&(0x7f0000000080)=@qipcrtr={0x2a, 0x1, 0x1}, 0x80, 0x0}}], 0x1, 0x80)
r6 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_setup(0x9e, &(0x7f0000000340)={0x0, 0x13e8, 0x4, 0x3, 0x14b}, 0x0, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x49920d862a92153b, 0x7fc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1ec08}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_VALIDATE={0x8, 0x9, 0x2}, @IFLA_BOND_MODE={0x5, 0x1, 0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)

3m29.992999412s ago: executing program 0 (id=184):
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r0 = syz_open_dev$sndpcmc(&(0x7f0000000280), 0xfffffffffffffff9, 0x200000)
mmap$snddsp(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x100000a, 0x20010, r0, 0xa000)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="e6ffffff0000b1ea01717e3c8149000085000000ffffffff95"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x3, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="9110520000003ef5950000ab7512d300"], 0x0}, 0x94)
recvmsg(0xffffffffffffffff, 0x0, 0x2)
r2 = fanotify_init(0x200, 0x0)
r3 = memfd_create(&(0x7f0000000500)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\xee\xf6Oc8\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n)K\xf2#Ncp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9749\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-z\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\xdeQ/\xb8X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcax\xca\xa1E#6\xe9\xf31W\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xbe\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dO\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]\xd5\xbe\'U\xf17', 0x1)
fanotify_mark(r2, 0x1, 0x48000047, 0xffffffffffffffff, 0x0)
r4 = dup(r3)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000e80)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0xff, 0x78, 0xa3, 0x23e, 0x3, 0x3e, 0xc9, 0x3c9, 0x40, 0x2ea, 0x10000, 0x5, 0x38, 0x1, 0x6, 0x6b1, 0x400}, [{0x3, 0x81, 0xff, 0xff5, 0x5, 0x1b8, 0x7}], "", ['\x00', '\x00', '\x00']}, 0x378)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x20000121)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r5, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000005c0)=0x28)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r1, 0x40084149, &(0x7f0000000800)=0xd8e)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x3e)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x1f, 0x3, 0x15883d8a3850b168, 0x7, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}}, 0x50)

3m29.488286765s ago: executing program 0 (id=188):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r4}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x40000)
syz_genetlink_get_family_id$tipc2(&(0x7f0000001ec0), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
write$UHID_INPUT(r6, &(0x7f0000004000)={0xf, {"a2e3ad21ed0d09f91b50090987f70906d038e7ff7fc6e5539b0d3d0e8b089b33396d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffe59}}, 0xfa) (fail_nth: 1)

3m28.267265261s ago: executing program 0 (id=190):
r0 = socket(0x40000000015, 0x5, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
setresuid(0xee01, 0x0, 0x0) (fail_nth: 4)
timer_create(0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a440000102e0d703010902bf0002010650000904000001020d00000524060001052400a9b30d240f01020000000300ff000606241a0c001407240a050905580c241b04000200a90c090003"], 0x0)
connect$pppl2tp(r1, 0x0, 0x0)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x40, r6, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'macvlan1\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)

3m24.967497722s ago: executing program 0 (id=198):
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r0 = syz_open_dev$sndpcmc(&(0x7f0000000280), 0xfffffffffffffff9, 0x200000)
mmap$snddsp(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x100000a, 0x20010, r0, 0xa000)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="e6ffffff0000b1ea01717e3c8149000085000000ffffffff95"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x3, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="9110520000003ef5950000ab7512d300"], 0x0}, 0x94)
recvmsg(0xffffffffffffffff, 0x0, 0x2)
r2 = fanotify_init(0x200, 0x0)
r3 = memfd_create(&(0x7f0000000500)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\xee\xf6Oc8\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n)K\xf2#Ncp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9749\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-z\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\xdeQ/\xb8X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcax\xca\xa1E#6\xe9\xf31W\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xbe\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dO\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]\xd5\xbe\'U\xf17', 0x1)
fanotify_mark(r2, 0x1, 0x48000047, 0xffffffffffffffff, 0x0)
r4 = dup(r3)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000e80)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0xff, 0x78, 0xa3, 0x23e, 0x3, 0x3e, 0xc9, 0x3c9, 0x40, 0x2ea, 0x10000, 0x5, 0x38, 0x1, 0x6, 0x6b1, 0x400}, [{0x3, 0x81, 0xff, 0xff5, 0x5, 0x1b8, 0x7}], "", ['\x00', '\x00', '\x00']}, 0x378)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x20000121)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r5, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000005c0)=0x28)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r1, 0x40084149, &(0x7f0000000800)=0xd8e)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x3e)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x1f, 0x3, 0x15883d8a3850b168, 0x7, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}}, 0x50)

3m24.656367373s ago: executing program 0 (id=199):
r0 = socket$inet6(0xa, 0x802, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id', @ANYRESDEC=r0, @ANYBLOB=',group_id=', @ANYRESHEX=r0])
llistxattr(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)

3m24.427027827s ago: executing program 0 (id=200):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000280)={@remote}, 0x14)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x84aa5000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r2)
sendmsg$NLBL_MGMT_C_ADDDEF(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000400000008000700000000000800020005000000050008"], 0x34}}, 0x0)
r4 = syz_io_uring_setup(0xec4, &(0x7f00000003c0)={0x0, 0xfffffffc, 0x2, 0x3, 0x34b}, &(0x7f0000000500)=<r5=>0x0, &(0x7f0000000600))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
timer_create(0x2, 0x0, &(0x7f0000bbdffc))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r4, 0xe7f, 0xe876, 0x3, &(0x7f0000000040)={[0xfffffffffffffffc]}, 0x8)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x41)
getdents64(r6, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2000000011000101000000000001000000000000", @ANYRES32=r9], 0x20}}, 0x2000c004)
r10 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r10, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022dbd7000ffdbdf250500000024000680080006000200000008000600000000000500020000000000050002000000000008000400080000000800020006002000"], 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040041)
close(r0)

3m21.825389136s ago: executing program 3 (id=203):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21}, &(0x7f0000bbdffc)=<r0=>0x0)
r1 = syz_open_dev$dri(&(0x7f0000000200), 0x0, 0x60803)
ioctl$DRM_IOCTL_MODE_DIRTYFB(r1, 0xc01864b1, &(0x7f00000014c0)={0x0, 0x1, 0xff, 0x0, 0x0})
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x7, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x40f00, 0x7e, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(r2, &(0x7f0000000380)=ANY=[@ANYRES64=r2, @ANYRES64=r1, @ANYRESOCT=r0], 0x0)
r3 = creat(&(0x7f0000000200)='./file0\x00', 0x0)
socket$inet(0x2, 0x2, 0x1)
memfd_secret(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r5=>0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
io_submit(r5, 0x4, &(0x7f0000000580)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0xffff, r4, 0x0}, &(0x7f0000000340)={0x0, 0x0, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xfff8, r3, &(0x7f0000001b40)="21d28fb6af7695fa069843e3f47f30dae8fc8e1aa66f0cd59ba0bb0a5b8c1419c866984d25b427d6e1293447e1d70ecdb844e911cebbdc048444a69f15c0a730637e5bbbeb9ef287c41ba31e7baf6d92d46ab510aaa7f3419344dd6cece64e9ec11ce60becb7c8e42a66615066a7adb2ac0a63b83cd90fe88829c9509b64380cfdecdcd5eec6b21f84a8cdefc7ef05c72b8055d50f7b84431d2a6658eabcc4984041e81e91ffc51a74fc26689ec7c0c7c2554d9af52e17e6a2060c46e5f51f7f4bf1f528e3c0f3185f8d636ad32ff5534daca759b27b521ce30cf1a2aa6cc55ebb256cb5809a8219b6cd1992504962dd2008339e1081741fb1752890f929a2c0ad3bd475c32e08a045d9d8739624328ca3ce6593913f237c5d590c8b6ac4bc305ec9aa000f9257cbe3d2b618ed07e69c3c5cc24de421ca29598f3b440b3b737795babfe8dbd133caf5a00175d32b83e99d9d52f886de037acd9b8f16817bc6fca90c6491d4858cf6e67b182f212b116cf1f3260c798f5c35bccbb0618fe24b312df89b0bc0fc8b57b20173959d4e97a64b23794b9330f0059770a7a87beb1d234b6a0a6d52ee0e64ea14a1080f6b5287caa990e8083414a81b5132f27185c6fa33d20e1b321e85ec269791b79012d08d1c9aadf458c8bd0025088859216802c7dd67945f58481aadf1ec888a0ef85346de5cb872442c8f7bc65e1f6aa3a5535a720ef352a6cbfe2e439f12a4f0a17b64833a073c7440e2243d496240a48f48b61c3fb3e8a69f8767beea77a59638995421f46f9203f538b88bfd5bb781b969e8642b5cd79abaaffd2a8bcc0199474131339bd56b92b0212a483e83062ab9cda5bc2c54016e1cd90913107f8495b156aef838270a00e15b2897a28573bc3644d9d289404cc1a0663e5ef01392389db00375170a6ac79d00109c59a18856447efb24a6de65e986b7b5203a8e2258e97df18e017bb4144530a1a9c8818def5e0a14a3b0b47da0d0193f0f7ca299991e387204978a4bf441060d15f0e72d1cc81ece7af96f9cbb0be842a8f3f8504926302d48323ca4dbdd8b38d758457246d3909487c77b4a7109470378edc6bd31646d15b0bfa9e981beb2a1344fe5f7991021c6557963eafd685842b2a1b3366f9ae29662c4996663f9bc6a73af8c22125b97547a8da9f02d850fee86a48fab01e49789f198c96c580fd96172521bc62a3b08ee6d071198999b50670320b21a2a5d46717422c0e541929937631f9be94952e2b478a339369d58ac3ffa4dba737aa3d2803694d7256d8bcabfcd99351fcdac1545be34ffe53bfa67f5b09dcf74b4da2e1c98769e6544ec018450b0510f9d1fe527fef2925039a13c161dc1f7a2b800cafb07cabd2e0dfd06d50abfdd327be550666ba0a34b478099b90f8885847cb46e69f1f44402ccab107fb2509c733c674a7b98529f8f93e941764c786054de985a5b3d18af847f85b26255aae03843f85ea1e7bedbdb0706abd938c60775096a9e3d60036ebbb2bb687d4a3bfbd49e7262c0fdf724f1ae7ea6ad57fc399b1a65a275b133ffed1cbc01d64da50e3351543f0998e5ea7038563d1d0084f60c68a5a08c29744485d87cc08eb0666057a9731463b0280a6685c8fa5722dbc53222e2a703a8e7353c2cd511373c55053c2ce48b36ac936b72df1c88f44a9a9bce670ede48e093a092955d25af3434a4f92e827fea48ed780d811ef61494cf34e6c1f4cede6025fd933194c9d3b9a234b4d9fcda9c8547177ecf733b64c51e5216cf2be8c67d750a6ae948903512b011dcc9fbaf9310d05a2d89846030b94172f45cba58d87c1406b4d5c38bea3fcd064fb3e9acfe0cf2954f5598c4c2dff74379577c6b6338720ad01c0e14c0c91ff4233e28381937cf9f29c79bfd1170428b44fbcf9faaf23a9cffce3ab67e069c6f806eabfa2a3c2d7e71f764bf79c413634097be6aefc942ce6b2febf7726ce57c901d896cf5068c5f42ed30be722f649cd0f28c097627498e6e6041326d07affdd78eb937219152d862c13cc497dccc000620c36e7dce7600c481b97dfb476660c50a6ffd4b4ff12b3a2de6c529cfe74ece5774f3f40c08d3b9a01b55593330b97e39a4a84681995b9aebddd3c3217316af57ab7d11305d6c840a9a3308fefb3d1fc3e471a7fa7c5b4665503e40d3e224c5b6f717470aaf359e1a8a08b1e10a51101441e157cb0f643f5511daa8ac3670be507de5b4c9c920a24c5b6dcf81bc29bf5ea8e2d603dbbe5150b5c723484fa370d7ad922a0d7bd26cd5d71ab0610cb6c7ab464a38fc92c92fe810b103f767f14e18c8073842ebb1fdf6aac61424a44ca739f65f51aea51dd672dac42f38745b86fbbbc7ccf9744812fd56ae09ae2a393b42544c076e4b3b3cec06ee896a414a183d302ee955913ff51fc212113debff525b5fcd0762b9e6391abed67d803e73c86baafc26bf947704b7ed74758f303ff7416bd7a31c176f58819a727835f863db60e0a8512eb7d5886ffc15101827af4393e3e229a49ccf4ca1938e7da299c9a52ea12d513b9b0ff0a48a00737477db524736e2603582bcb7bc119e9d8116f11204e220427cc8a396d41ee5934be0eb4abb2a1a6afbe047f01588c033edd4d3f9eb476e5f4c0e45a79ae1ebdad3592b6c6b8641a2fa67a95bf03608d4f1d4011281041ec74c03479ef274fbf0d1fdb7a437c5c6132ad73b0695bb6ca50c671ea423a45a98c4b8753ae5869a8d4f2d979aaf33d4fe9c999e0fadfb681f4c396f340ae2fe3f410a4a0977a384f526d9c1b8c4375a6b16d4023759de3bd625a02c9711c54e97493125162412304363fdcf9052d7a002b31fd665357660a3da2c0031834be1ffecaa85cf99b4087a2733cff194980239a3061996c43394f2dc192ed0060160b1a0a56050061f8ed6e4035fd3152ced7c4367d63cd669b4d05ac24532c63a2aef69083c5dd2126bd2ce3a942ab7ad28a1dbd8628f73a8e20707629043f5393c4ac86864528a4990be2f2bf496de5cef69dca754abf8d821bebcf81fe26483ce4b512f06c3e6f9e8eadf43e41554635bead7b1439cb0cd1da72742bb07211c798fdc4b798862038aee6235277d4c057b5e738209c6f0acaae3ddf29d6f47415ee1796e0574e7c7abc92c02011a7a551afbd20b39331a28a77b5d1727da80cb6f9c57c8d1f9e120f35f7b7148668e7116fc3c670897f1e84269b7be83ca4b19a39976fb31d3bbe4800ece13684285cf52504a27e772d6883e72bc714b0c21c38157cae3fb3958d744d1dedc6b892fd409c36a86de7b0fdc9c0f1457ccca7d1152ad11bb6b8e2a4bde43019aba879d9ede4706d860bef8458ba0cb3115f50a5fff5758b060d18c89b8fb2eb7a52427d762e1e798b406e519c63358f8d022380bae2b04eb98f836f94b9635984a671846e304ce0ee7c2d584976a00d155e9f874a5d7b27a4717bb96606988128c77323b87756f243b8f10223778c2362f12c5ba64c76cb929a4a7db877e3d095f09f689e4584922caf6aaf09c9d9e2e15821f991c67ff19aa2ca81518787914bb5ea047df997392cf67b44dc500c799166b0ae809dbb4b2a1ed1e8c7691964f5832fe1f173f32150bdecf2304cc483d477225840f945a95315e165b7d644c7d2a10447b2e982bcd1a551894ae6a720b747c4e7e6c52f48f9d028e4020ff0ce3e71ea11e1405cce720a1048befb97001cb3dd37f9dcbf18ca8f97201c0b2d39b22aa8d0d99a35d72472505207c95145c87ac268888038647e8bb2574efaa36b7cce64f2588f192db276e61eac9a6597bca11a242364c0c0a6cb9d5405766a494fb0d97201680b0140abbc09d9d68cb185682b06f864fded476c5d8a1e166a4b6cd0d6eb423406fc064227cc99a43765debc48dc5d535884fe6b0f093da7be082446ae67a83f41842b55af9c5bd3fbb341cdd7a1ad7bce5ed1b316a3f3b2836ef17627185467c5dbe789299c86f538434bfa0745c0191ae3789f2a67aed30cf4958c2c83f80e19f94c94b87bdd7da7b7357abdcb3188660fdc6fc750cf429dbba7102ed657aa8b9fc278eebd0a9d8be90ae323745b78b01fdbbdb85859abdccd844510d26cfe8f3d9fe7f81b0737c241fa7446e0f65638659aba0fc4af15a7280e5b6802f4bf38a65c2f897c283040202824af7a1d399adfe6952ba402eca40140368af80893c256cc864ff60e02298ba8a066c96776e3111e696457899cc1f703c7d5a13506de793db5cdf9fd43a5f75d905181cdf282b07b99b1bc860cfdbc0c4030b70c9a3446f12bb3588fdda4c366c3cde8b52366e605971f15a2e455248ab4e19028f47e1217c2c53a2b8fe5e6501dc1dd64db2368762206d2046ad5de43eb52958b44bb4792e34e242188b5fe4cc775ce5a77ffa49c071619f3650ef36d2f7f2bb4d8b182f647b493a0cbcc3f1267beaf7402f5b5be9451a6162402816c3ac524f85e9a00cdb8aff8951e2fb134b69d51dba2a7e243814daff15c0f94e2fecc09da79131a1aec335abb46465e6fd3434ec813f8227675038b8c290e8e92124680ba79f80cd9f6edda9f99ecc0b51d7e74d4c7bc9ce663b65bf13b3bdbb651813063ad5e17936ecb6c10ead28a61c6205e216d6b5d04e00d0ce4a0bf22c5b282ba10e720453761b85e46eba4ba6d1674641bdd5aeb028e8fc8defa26f4843045df50c034a781b190f8ec2fa5da8ca5bbd9f516e1b58e755cd35095cb42b7370914117bc739ba9dfea0764bc0a48a9cb7afe8e3c9a9b291fc7bcbef80ea34eb2f2dfd9bfc1b0a4ba371edff1840b144c11c97732793460cfba856342abda54970131749eeed4ed830e8ab5e775e7b6370854e0332129ff8205edba202c53d613a955fe5abe4770bfd2b1da903351f90b9fd823078ef79d23cf2ad4901ed6e8ea9aaf953b3caab65221e2918021961c58691f97a89c3ca925f37766c577115d5ffdb7353f55c84ee7ecd93b38d265ffd4277969c12f8c193336a81b802d0e5d9d9151d6a03b77c8e6c354d24c0e747653cafe3abb706da6305bb3afafce4e0e81e8d07ee34276152849dcaf875df94fb09ad5633e14310e6092a85be16a9a25246e0e0d3901f7b4c6f4a26f69d18d318b8d706943c42c36c4a74ad73f7dcf4cb43c44a2d2acac575fa7c5970b2e7bdf2d3e451647201b22951466643139305a2d4fa1105854f560b4717283c2a8adb7716d4fe3aa2550f55ba4543712ccb49ce090bd9f94ad505ee1c51d781905f8cb32f850d5f9a47fb9d25e0801c9c70549ecc7ed643c36f272e75edce698824452d3e1dbdff19625efd0b48423b996e5426fa7ee0937b478c6a8af455a61d9c27a327db8e1b3648ddc28e7019934860251bf71ce0a9b62dd504fdeeb0c81662b43928a139059c7a3c8019e85e5ba362f98df5f719ebb8910dc83d955517cbb2025f6ce344c47b1a8b17be75c906d42c21163b6d5aa45b74a1dc522a156848886fc2b0784e5c30a4ff884943eae61952db65d2c9ce36e963a47bba9160422e64f3692f6f91a5083d59453ec96670653727f3c224b4861c03b343124d760c2d9038c18cca00f2cb03b4b2dea7bcf38ed1b1e48b3840c5745cf30df630811425b757f17de1efa3a30d76f269e831587bd53abbd12d11096aa4939f1f13df986d5dc525bb63e20dd7097c12d6dc21e9273d6dc54045579cdc583a9fd5b696c98a04d1c4bc488222a61b4fbcb966a6686b5b0d624887b139ffbd44dafdac192cd86800ef19895d6989200012079b37b2b574f15dd41204ecd", 0x1000, 0x44, 0x0, 0x1, r3}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x6, 0xd, 0xffffffffffffffff, &(0x7f0000000400)="429639dc2096dad1d17d546d3d218492e5248e7cdd25213bd335bbd9678bbdd60b80805c675854dc3d6aa36e59c6d371f4d01e6275dc5cc698fdde2f9c1ec400a3221a1186895c92cf9cc7da80b9cb5cfe28fb26dada1123650140d059e4a0c61fa6acb91dc8d0837b93d82a3a488e12a72abb5b81f1a6e6873616ec368e44039c81ea03281930b1ccdf4e58556f33b72f09a1fdc79774d3d04c339ff184c6402a484aa3e8009f1ebadf4d52937c384c3d2eac08641dcf7bbf96c0e80f836b7f80e2cf755d75b71fb4a7acb7db8a5ad2cf6d", 0xd2, 0x4bd, 0x0, 0x3}])
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=<r7=>0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9)
sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r7, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)

3m21.824547856s ago: executing program 1 (id=204):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.sectors\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x2, '\x00', 0x0, r1, 0x3, 0x2, 0x3}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r4, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r3], 0x38}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r2, 0x0, 0x5}, 0x18)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000780)={{0x12, 0x1, 0x0, 0xc9, 0x66, 0x7c, 0x40, 0x1d50, 0x60c6, 0xafe7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x58, 0x77, 0x1, 0x25, 0x84, 0x53, 0x0, [], [{{0x9, 0x5, 0xb, 0x0, 0x10, 0x1, 0x2, 0x2}}]}}]}}]}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r1)
sendmsg$TIPC_NL_MEDIA_SET(r6, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f00000007c0)={0x244, r7, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xe}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x694e812c}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5000}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xb5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_BEARER={0x10c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x0, @empty}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @local}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}}}}, @TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x88}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc44}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'macvlan0\x00'}}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb0}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4a1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x64}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffe}]}, @TIPC_NLA_SOCK={0x90, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xc}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7e5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xa}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1000}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xf}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x244}, 0x1, 0x0, 0x0, 0x40}, 0x14)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50)
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r10, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r10, &(0x7f0000000000), 0xd)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

3m18.612307287s ago: executing program 1 (id=206):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x48)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0x8001, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r2, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x1fff, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)

3m18.42847229s ago: executing program 1 (id=207):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f00000005c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
prctl$PR_SET_SECCOMP(0xd, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000c40)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x700}}}}}}, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0x2}, 0x6)
io_submit(0x0, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000040)="0200", 0x2, 0x0, 0x0, 0x2}])
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000000)={'wg0\x00', <r5=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000840)=ANY=[@ANYBLOB="e0100000", @ANYRES16=r4, @ANYBLOB="0500000000000000000001000000060006004e240000901008809005008024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b24000100000000000000000000000000000000000000000000000000000000000000000024000200fcbefe9641719404cc5c9ab2766dd4793e367b0ea55e65e2e3416ac9d4e68841240002001171ee8da334a5099295af229a5d237a7f4102f01f28b34347d6cbbe135d83ec24000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691cb40409807c000080060001000a00000014000200000000000000000000000000000000010500030002000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200ff0100000000000000000000000000010500030001000000060001000200000008000200e00000010500030000000000f4000080060001000a00000014000200fc0000000000000000000000000000000500030001000000060001000a00000014000200fc0200000000000000000000000000010500030000000000060001000200000008000200e00000020500030003000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414bb0500030001000000060001000200000008000200ac1414bb0500030000000000060001000a00000014000200000000000000000000000000000000010500030002000000060001000a00000014000200fc0200000000000000000000000000000500030003000000340000800600010002000000080002000a0101010500030004000000060001000200000008000200ac1414aa050003000300000064000080060001000a00000014000200200100000000000000000000000000000500030002000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200ff010000000000000000000000000001050003000200000094000080060001000200000008000200ac1e00010500030002000000060001000200000008000200e00000010500030002000000060001000a00000014000200fc0000000000000000000000000000000500030002000000060001000200000008000200000000000500030003000000060001000a00000014000200fe80000000000000000000000000000e050003000000000040000080060001000a00000014000200fc0200000000000000000000000000000500030002000000060001000200000008000200ac1414aa050003000000000064000080060001000a00000014000200200100000000000000000000000000020500030001000000060001000a00000014000200fc02000000000000000000000000000105000300020000000600010002000000080002000a010100050003000200000070000080060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000a00000014000200000000000000000000000000000000000500030002000000060001000a0000001400020000000000000000000000000000000001050003000000000000010080060001000a00000014000200ff0200000000000000000000000000010500030000000000060001000200000008000200000000000500030003000000060001000200000008000200640101000500030002000000060001000200000008000200640101010500030001000000060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fe8000000000000000000000000000bb05000300020000000600010002000000080002007f0000010500030002000000060001000a00000014000200fc0200000000000000000000000000010500030003000000060001000200000008000200640101010500030001000000240002005da952055e5857d673cddd36909746c80efa3ff95c317de1063db32bc80a0b3e1803008024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39220600050005000000e802098058000080060001000200000008000200ac1e00010500030001000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ffffffff05000300010000007c000080060001000a00000014000200000000000000000000000000000000010500030002000000060001000200000008000200ac1414bb0500030002000000060001000a000000140002000000000000000000000000000000000105000300020000000600010002000000080002000a0101010500030003000000f4000080060001000a0000001400020000000000000000000000ffffac1414aa0500030003000000060001000200000008000200ac1414aa05000300000000000600010002000000080002000a01010205000300020000000600010002000000080002007f00000105000300000000000600010002000000080002000a0101010500030003000000060001000200000008000200e00000010500030003000000060001000a00000014000200fc01000000000000000000000000000005000300010000000600010002000000080002000a0101000500030000000000060001000200000008000200ac1e0101050003000200000094000080060001000a00000014000200fc0200000000000000000000000000010500030002000000060001000a00000014000200ff0100000000000000000000000000010500030001000000060001000200000008000200e00000010500030002000000060001000200000008000200ac1414bb0500030001000000060001000200000008000200ffffffff050003000200000088000080060001000a00000014000200fe8000000000000000000000000000aa0500030001000000060001000200000008000200ac1414aa0500030002000000060001000a00000014000200fe8800000000000000000000000001010500030002000000060001000a00000014000200ff02000000000000000000000000000105000300020000007c000080200004000a004e2100000006fc0100000000000000000000000000010400000008000a000100000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000300000024000200379aa288b2244a5b504ba04bea45625d328fb93b62e607a1b2e4da2f7f76a549780000800800030001000000080003000400000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b1400040002004e22000000000000000000000000e4060080dc020980f4000080060001000a00000014000200000000000000000000000000000000000500030002000000060001000a00000014000200fc0000000000000000000000000000000500030001000000060001000200000008000200ffffffff050003000100000006d4e23d7500000008000200ac1e00010500030001000000060001000200000008000200e000000105000300020000000600010002000000080002007f0000010500030002000000060001000a00000014000200000000000000000000000000000000010500030001000000060001000a00000014000200fc010000000000000000000000000001050003000300000034000080060001000200000008000200640101000500030001000000060001000200000008000200ac1414bb050003000200000000010080060001000a00000014000200200100000000000000000000000000010500030000000000060001000200000008000200e000000205000300020000000600010002000000080002006401010005000300020000000600010002000000080002007f00000105000300010000000600010002000000080002007f0000010500030001000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ffffffff0500030000000000060001000200000008000200e00000010500030003000000060001000a00000014000200fc0100000000000000000000000000010500030000000000940000800600010002000000080002006401010005000300010000000600010002000000080002006401010205000300000000000600010002000000080002007f0000010500030003000000060001000200000008000200e00000020500030003000000060001000200000008000200ac1414120500030002000000060001000200000008000200ac14142d05000300020000001c000080060001000200000008000200ffffffff05000300030000000800030002000000200004000a004e2000000005fc010000000000000000000000000001000000009403098094000080060001000a0000001400020000000000000000000000ffffac1414bb0500030003000000060001000a00000014000200fe8800000000000000000000000000010500030002000000060001000a00000014000200ff0100000000000000000000000000010500030003000000060001000a00000014000200fe880000000000000000000000000101050003000100000064000080060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414bb0500030001000000060001000a0000001400020000000000000000000000ffffe00000020500030003000000f4000080060001000200000008000200000000000500030001000000060001000a00000014000200000000000000000000000000000000010500030003000000060001000200000008000200ac1414aa0500030001000000060001000a00000014000200fe80000000000000000000000000003e05000300010000000600010002000000080002007f0000010500030001000000060001000a00000014000200ff0200000000000000000000000000010500030001000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200e0000001050003000000000058000080060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200ac1414410500030010000000060001000200000008000200ac1e00010500030001000000f4000080060001000200000008000200640101000500030002000000060001000a00000014000200200100000000000000000000000000000500030000000000060001000a00000014000200fc0200000000000000000000000000010500030003000000060001000a00000014000200fe8000000000000000000000000000aa0500030003000000060001000200000008000200ac1414aa0500030000000000060001000200000008000200000000000500030000000000060001000200000008000200ac1414270500030000000000060001000a0000001400020020010000000000000000000000000002050003000100000058000080060001000200000008000200ac1414aa0500030001000000060001000a00000014000200fe8000000000000000000000000000140500030000000000060001000200000008000200e0000001050003000000000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b240002000f1b8b82264208ab1a2dce776c03b9f348f500ef8e7606466943f5ba2ae2881e0c0000800800030006000000060006004e24000008000100", @ANYRES32=r5, @ANYBLOB="240003"], 0x10e0}}, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
mremap(&(0x7f000074e000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f00000eb000/0x2000)=nil)
mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil)
mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040))
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x2, 0x2, 0x2, 0x6, 0x3b, 0x0, 0x70bd2d, 0x25dfdbfd, [@sadb_x_sa2={0x2, 0x13, 0x7, 0x0, 0x0, 0x70bd2a, 0x2}, @sadb_lifetime={0x4, 0x1, 0xc, 0x9, 0x4, 0x8b}, @sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x6e6bb6, 0x5, {0x6, 0x6c, 0x0, 0x0, 0x0, 0x1c, 0x0, @in=@broadcast, @in=@multicast1}}, @sadb_x_filter={0x5, 0x1a, @in=@private=0xa010100, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0xa, 0x14, 0x10}, @sadb_address={0x5, 0x7, 0x32, 0xa0, 0x0, @in6={0xa, 0x4e20, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0xdad}}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in6={0xa, 0x4e24, 0x80, @ipv4={'\x00', '\xff\xff', @local}, 0x4}, @in={0x2, 0x4e21, @rand_addr=0x64010100}}, @sadb_x_filter={0x5, 0x1a, @in=@local, @in=@private=0xa010101, 0x26, 0x10, 0x10}, @sadb_lifetime={0x4, 0x0, 0x81, 0x8000000000000000, 0x0, 0x2}, @sadb_x_sec_ctx={0x11, 0x18, 0x4, 0xf8, 0x7c, "1c8bd24e30811030953f9702ac31af67ba2f5ad2c30a3bd708ee553c9e98dc470201860aa10723ebb9d5a905a65ee00238917d3d5e86a22d77229b8387174fc6786b0852ef487632c63bb20b1e3f4e3d8243e3c7f53c2b76d1cea3b69a165e821094bf30b96369272c283c050f6ec1c5aa5b75a2d1c1764e446a8db1"}]}, 0x1d8}}, 0x20000001)

3m15.663108772s ago: executing program 2 (id=209):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000200))
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
r1 = dup2(r0, r0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000400)={0x0, 0x800, 0x0, &(0x7f0000000440)=""/120, 0x0, 0xdddd0000})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x5)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r2, &(0x7f00000003c0)='@', 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e22, @private=0xa010100}}}, &(0x7f0000000180)=0x9c)
unshare(0x22020600)
r3 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000004e00), 0x2, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(r4, 0xc0d05640, &(0x7f0000004e40)={0x7496a25e831224c0, @raw_data="b05221713b2617ef989de71a5060b9bb5d058eaf88508136b0cf959c6499bf378296ab1d9687143b37bdb25ebb7ab2d71eefc1c7fece98c49f284860f33fe4c4b31562c5b53c813fa9111ae4af51a7b681916863d919dfaae0b8e8385f35f011c2ec2bddc658dff9dbdcb9bb2da19f989471881c35430feba7d9443058a9111ce1339c935a08984bd7b8030ed8356dfa3c19b099a19e596b50bfd74eaebe693afe6abda147b6e8ad4a60334c0fac056d5c6e4ae1d93222a1f920fa2d02d52e7a0793a6bba566c389"})
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002cbd701004000000050000020600010005000000080009000200000008000b00000000"], 0x4c}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
connect(r3, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000004d80)={0x2020}, 0x2020)
write$vhost_msg_v2(r1, &(0x7f0000000280)={0x2, 0x0, {&(0x7f0000000140)=""/128, 0x80, 0x0, 0x0, 0x2}}, 0x48)

3m15.463400903s ago: executing program 1 (id=210):
r0 = socket$inet6(0xa, 0x802, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=r0, @ANYBLOB=',group_id=', @ANYRESHEX=r0])
llistxattr(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)

3m15.371328641s ago: executing program 1 (id=211):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket(0x10, 0x803, 0x2)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r6, @ANYRES16=r5], 0x3c}, 0x1, 0x0, 0x0, 0x40020c1}, 0x0)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000100)={@ipv4={'\x00', '\xff\xff', @multicast2}, 0x56, r2})
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000180)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2d, r6})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000006100000140012800b00010062726964676500000400028008000a00", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0)

3m15.030541892s ago: executing program 1 (id=212):
socket$nl_route(0x10, 0x3, 0x0)
close(0x3)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0x28, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x1, 0xb}}]}}]}, 0x24}, 0x1, 0x0, 0x0, 0x8858}, 0x20004804)

3m14.250650315s ago: executing program 2 (id=213):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000002900), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000002ac0)={&(0x7f00000028c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000002a80)={&(0x7f0000002940)={0x134, r1, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6815}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x60000000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x101}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1e6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7fff}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x153ef98b}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1e9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x40}]}, @TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x3131a5f04d1b5799, 0x1, @in={0x2, 0x4e20, @remote}}, {0x14, 0x2, @in={0x2, 0x4e20, @private=0xa010101}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA={0x24, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0x134}, 0x1, 0x0, 0x0, 0x40084}, 0x4000000)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000002880), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000000600)={0x2020, 0x0, <r3=>0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
waitid(0x1, r4, &(0x7f0000000340), 0x80000004, &(0x7f00000003c0)={{<r5=>0x0}, {0x0, <r6=>0x0}})
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000070000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000005c0)='sys_exit\x00', r7, 0x0, 0x8}, 0x18)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r9, &(0x7f0000002bc0)=ANY=[@ANYRES16=r3, @ANYBLOB="966951939f9025621de47b564da15bb64f74b1c8b05641ff44283add09941e6b669e292fd4eabd48216b539f9e3a6be93daf51f41920353c66754db6a261d8567f4c031ca12bb17a4fe59495c13f7ff9aa", @ANYRESDEC=r6, @ANYBLOB="f5565b31580c32856ad48e65ef7ed84c0fbe3ce4c2d677d36be1d3cd9e0d36c3379937b57df31109398307ba06766ffc3e94b25f3b4cebd139a87634f37d8982a67b51a82812a64cd5169724f543ddc21e525a7b732dde3964196e472ccf16ed9cbe45a119728eea13c553897718dd9edb57bb73a3591302c75766996f0107b977635b554aed8104a5165d84381c0f9567648ca36f4f61177c74a39dbaabd93fce", @ANYRESHEX=r5], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r9, 0x0)
ioctl$KVM_X86_SETUP_MCE(r9, 0x4008ae9c, &(0x7f0000000000)={0x14, 0xa7f084dd5657bbbf, 0x14})
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000004850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r12, 0x8937, &(0x7f0000000000)={'netdevsim0\x00', @broadcast})
r13 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r14=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r11, r14, 0x25, 0x0, @val=@kprobe_multi=@syms={0x1, 0x0, 0x0, 0x0, 0x8000000000000001}}, 0x30)
sendmmsg$inet6(r8, &(0x7f0000002800)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002640)="b812a89a9020f0edc6f7f437e9f302a538f003d5d87cb0ccefb9c64dddbdb6fdc14a52cb5d6acf4392882547f7d09f55c001ae29c5b7ff884402cd5a40a9db517888b669f5797cad8e278e3ed50e00b4467e0aef2d853197c2ae5c32a10533e720a3944de334b2c3349cf233690b59da3daf9b0bc38800fc6ee6caf54b99ada7eee355e9cbd9980c88ef2290f46423a0106a437cee6acceb25f54a1319b1bb09bd378b12682e", 0xa6}, {&(0x7f0000000480)="311ab06c8d2cea0e96e804d20100870fdc4a30eb82716d078e3e44664de6491b2e81bb13de472048c46665b57e945614d3521dc8390e546a6f855261b12a4e89bb2a0e37d4933c6514411325a4db710f524884cd", 0x54}, {&(0x7f0000002700)="95b8f4f6d554a54a82e3f072e52962cc84812401b212c31dec3306b38241531ee7b3227e48265d1446d306e3f3c98a38f2879048f6d785a48c4edde2e92190c2755dc2ce5cd268c2f717650f235079cd65ede80ab1be097c9007136ce0a034a29a5bb55f6d4fe7c67974de05bc58b323a9c86fe03278191fbcd18d36564ad0a4508254ade4979ac93a8f6e1f72aa6425af68eff2dc32f763067914a67358c1fef0fafe6bc8dda0f7754c153cf1fbc09e6805a72074537cc04a65f4fec70cc9541dcd39ce944699110073626c50f4d97b6a00d6a569847c35af8df75c612165318ba1182a8d4b3974eb4b27cea2e67cb7", 0xf0}, {&(0x7f0000000080)="5d31e0fa7d87c263810d4c1352cad6f53a5dcbc88258ae33de707905a22037e5c745aaebff9d", 0x26}], 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="280000000000000029000000390000005e02000800000000fe8800000000000000000000000000011400000000000000290000003400000001000000000000002400000000000000290000003200000020010000000000000000000000000002", @ANYRES32=r14, @ANYBLOB='@\x00\x00\x00'], 0x68}}], 0x2, 0x0)

3m12.963324811s ago: executing program 2 (id=214):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
syz_open_dev$sndmidi(0x0, 0x2, 0x80080)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000004500090000000000", @ANYRES8=r0], 0x1c}}, 0x0)

3m11.803325316s ago: executing program 2 (id=215):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109022400010000000009040000025c291d0009050900000000060709050ae5"], 0x0)
r1 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000100)=0xba1, 0x4)
getsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000034780)=""/102391, &(0x7f00000001c0)=0x18ff7)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000080)={0x20, 0xa, 0x2, {0x2, 0x9c80ab782a701418}}, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x2, 0x4, 0x5, 0x2, 0xf7, 0x6, 0x9}}}, &(0x7f0000000680)={0x84, &(0x7f0000000280)={0x20, 0x16, 0x25, "5b4accbbfc9d8e517d7f0f2037fe51f6d7904371e015b94ee332fa5ca10d6e066af51e4d1e"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0xc}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0xe}, &(0x7f0000000340)={0x20, 0x0, 0x4, {0x2, 0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

3m10.195037909s ago: executing program 2 (id=216):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.sectors\x00', 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x2, '\x00', 0x0, r1, 0x3, 0x2, 0x3}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r4, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r3], 0x38}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r2, 0x0, 0x5}, 0x18)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000780)={{0x12, 0x1, 0x0, 0xc9, 0x66, 0x7c, 0x40, 0x1d50, 0x60c6, 0xafe7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x58, 0x77, 0x1, 0x25, 0x84, 0x53, 0x0, [], [{{0x9, 0x5, 0xb, 0x0, 0x10, 0x1, 0x2, 0x2}}]}}]}}]}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r1)
sendmsg$TIPC_NL_MEDIA_SET(r6, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f00000007c0)={0x244, r7, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xe}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x694e812c}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5000}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xb5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_BEARER={0x10c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x0, @empty}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @local}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}}}}, @TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x88}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc44}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'macvlan0\x00'}}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb0}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4a1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x64}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffe}]}, @TIPC_NLA_SOCK={0x90, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xc}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7e5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xa}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1000}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xf}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x244}, 0x1, 0x0, 0x0, 0x40}, 0x14)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50)
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r10, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r10, &(0x7f0000000000), 0xd)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

3m9.075282106s ago: executing program 32 (id=200):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000280)={@remote}, 0x14)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x84aa5000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r2)
sendmsg$NLBL_MGMT_C_ADDDEF(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000400000008000700000000000800020005000000050008"], 0x34}}, 0x0)
r4 = syz_io_uring_setup(0xec4, &(0x7f00000003c0)={0x0, 0xfffffffc, 0x2, 0x3, 0x34b}, &(0x7f0000000500)=<r5=>0x0, &(0x7f0000000600))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
timer_create(0x2, 0x0, &(0x7f0000bbdffc))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r4, 0xe7f, 0xe876, 0x3, &(0x7f0000000040)={[0xfffffffffffffffc]}, 0x8)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x41)
getdents64(r6, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2000000011000101000000000001000000000000", @ANYRES32=r9], 0x20}}, 0x2000c004)
r10 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r10, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022dbd7000ffdbdf250500000024000680080006000200000008000600000000000500020000000000050002000000000008000400080000000800020006002000"], 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040041)
close(r0)

3m7.767718131s ago: executing program 2 (id=218):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
pwrite64(r0, &(0x7f00000000c0)="fa2c071600606f05", 0x8, 0x8000)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket(0x10, 0xe, 0xfffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x41, 0x0, 0x0)
r4 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r4, &(0x7f000001b700)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x8004)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000000a00ecff0800010073797a300000000074000000160a010100000000000000000a00000008000740000000014000038008000140000000002c000380140001006e657464657673696d300000000000001400010076657468305f766c616e00000000000008000240000000070900010073797a3000000000090002"], 0xbc}}, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r4, @ANYRES32=r0, @ANYRES64=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x94)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'macsec0\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00'}, 0x10)
lseek(0xffffffffffffffff, 0x5, 0x2)

3m6.156912573s ago: executing program 33 (id=203):
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21}, &(0x7f0000bbdffc)=<r0=>0x0)
r1 = syz_open_dev$dri(&(0x7f0000000200), 0x0, 0x60803)
ioctl$DRM_IOCTL_MODE_DIRTYFB(r1, 0xc01864b1, &(0x7f00000014c0)={0x0, 0x1, 0xff, 0x0, 0x0})
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x7, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x40f00, 0x7e, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(r2, &(0x7f0000000380)=ANY=[@ANYRES64=r2, @ANYRES64=r1, @ANYRESOCT=r0], 0x0)
r3 = creat(&(0x7f0000000200)='./file0\x00', 0x0)
socket$inet(0x2, 0x2, 0x1)
memfd_secret(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
pipe(&(0x7f00000003c0)={<r4=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r5=>0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
io_submit(r5, 0x4, &(0x7f0000000580)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0xffff, r4, 0x0}, &(0x7f0000000340)={0x0, 0x0, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0xfff8, r3, &(0x7f0000001b40)="21d28fb6af7695fa069843e3f47f30dae8fc8e1aa66f0cd59ba0bb0a5b8c1419c866984d25b427d6e1293447e1d70ecdb844e911cebbdc048444a69f15c0a730637e5bbbeb9ef287c41ba31e7baf6d92d46ab510aaa7f3419344dd6cece64e9ec11ce60becb7c8e42a66615066a7adb2ac0a63b83cd90fe88829c9509b64380cfdecdcd5eec6b21f84a8cdefc7ef05c72b8055d50f7b84431d2a6658eabcc4984041e81e91ffc51a74fc26689ec7c0c7c2554d9af52e17e6a2060c46e5f51f7f4bf1f528e3c0f3185f8d636ad32ff5534daca759b27b521ce30cf1a2aa6cc55ebb256cb5809a8219b6cd1992504962dd2008339e1081741fb1752890f929a2c0ad3bd475c32e08a045d9d8739624328ca3ce6593913f237c5d590c8b6ac4bc305ec9aa000f9257cbe3d2b618ed07e69c3c5cc24de421ca29598f3b440b3b737795babfe8dbd133caf5a00175d32b83e99d9d52f886de037acd9b8f16817bc6fca90c6491d4858cf6e67b182f212b116cf1f3260c798f5c35bccbb0618fe24b312df89b0bc0fc8b57b20173959d4e97a64b23794b9330f0059770a7a87beb1d234b6a0a6d52ee0e64ea14a1080f6b5287caa990e8083414a81b5132f27185c6fa33d20e1b321e85ec269791b79012d08d1c9aadf458c8bd0025088859216802c7dd67945f58481aadf1ec888a0ef85346de5cb872442c8f7bc65e1f6aa3a5535a720ef352a6cbfe2e439f12a4f0a17b64833a073c7440e2243d496240a48f48b61c3fb3e8a69f8767beea77a59638995421f46f9203f538b88bfd5bb781b969e8642b5cd79abaaffd2a8bcc0199474131339bd56b92b0212a483e83062ab9cda5bc2c54016e1cd90913107f8495b156aef838270a00e15b2897a28573bc3644d9d289404cc1a0663e5ef01392389db00375170a6ac79d00109c59a18856447efb24a6de65e986b7b5203a8e2258e97df18e017bb4144530a1a9c8818def5e0a14a3b0b47da0d0193f0f7ca299991e387204978a4bf441060d15f0e72d1cc81ece7af96f9cbb0be842a8f3f8504926302d48323ca4dbdd8b38d758457246d3909487c77b4a7109470378edc6bd31646d15b0bfa9e981beb2a1344fe5f7991021c6557963eafd685842b2a1b3366f9ae29662c4996663f9bc6a73af8c22125b97547a8da9f02d850fee86a48fab01e49789f198c96c580fd96172521bc62a3b08ee6d071198999b50670320b21a2a5d46717422c0e541929937631f9be94952e2b478a339369d58ac3ffa4dba737aa3d2803694d7256d8bcabfcd99351fcdac1545be34ffe53bfa67f5b09dcf74b4da2e1c98769e6544ec018450b0510f9d1fe527fef2925039a13c161dc1f7a2b800cafb07cabd2e0dfd06d50abfdd327be550666ba0a34b478099b90f8885847cb46e69f1f44402ccab107fb2509c733c674a7b98529f8f93e941764c786054de985a5b3d18af847f85b26255aae03843f85ea1e7bedbdb0706abd938c60775096a9e3d60036ebbb2bb687d4a3bfbd49e7262c0fdf724f1ae7ea6ad57fc399b1a65a275b133ffed1cbc01d64da50e3351543f0998e5ea7038563d1d0084f60c68a5a08c29744485d87cc08eb0666057a9731463b0280a6685c8fa5722dbc53222e2a703a8e7353c2cd511373c55053c2ce48b36ac936b72df1c88f44a9a9bce670ede48e093a092955d25af3434a4f92e827fea48ed780d811ef61494cf34e6c1f4cede6025fd933194c9d3b9a234b4d9fcda9c8547177ecf733b64c51e5216cf2be8c67d750a6ae948903512b011dcc9fbaf9310d05a2d89846030b94172f45cba58d87c1406b4d5c38bea3fcd064fb3e9acfe0cf2954f5598c4c2dff74379577c6b6338720ad01c0e14c0c91ff4233e28381937cf9f29c79bfd1170428b44fbcf9faaf23a9cffce3ab67e069c6f806eabfa2a3c2d7e71f764bf79c413634097be6aefc942ce6b2febf7726ce57c901d896cf5068c5f42ed30be722f649cd0f28c097627498e6e6041326d07affdd78eb937219152d862c13cc497dccc000620c36e7dce7600c481b97dfb476660c50a6ffd4b4ff12b3a2de6c529cfe74ece5774f3f40c08d3b9a01b55593330b97e39a4a84681995b9aebddd3c3217316af57ab7d11305d6c840a9a3308fefb3d1fc3e471a7fa7c5b4665503e40d3e224c5b6f717470aaf359e1a8a08b1e10a51101441e157cb0f643f5511daa8ac3670be507de5b4c9c920a24c5b6dcf81bc29bf5ea8e2d603dbbe5150b5c723484fa370d7ad922a0d7bd26cd5d71ab0610cb6c7ab464a38fc92c92fe810b103f767f14e18c8073842ebb1fdf6aac61424a44ca739f65f51aea51dd672dac42f38745b86fbbbc7ccf9744812fd56ae09ae2a393b42544c076e4b3b3cec06ee896a414a183d302ee955913ff51fc212113debff525b5fcd0762b9e6391abed67d803e73c86baafc26bf947704b7ed74758f303ff7416bd7a31c176f58819a727835f863db60e0a8512eb7d5886ffc15101827af4393e3e229a49ccf4ca1938e7da299c9a52ea12d513b9b0ff0a48a00737477db524736e2603582bcb7bc119e9d8116f11204e220427cc8a396d41ee5934be0eb4abb2a1a6afbe047f01588c033edd4d3f9eb476e5f4c0e45a79ae1ebdad3592b6c6b8641a2fa67a95bf03608d4f1d4011281041ec74c03479ef274fbf0d1fdb7a437c5c6132ad73b0695bb6ca50c671ea423a45a98c4b8753ae5869a8d4f2d979aaf33d4fe9c999e0fadfb681f4c396f340ae2fe3f410a4a0977a384f526d9c1b8c4375a6b16d4023759de3bd625a02c9711c54e97493125162412304363fdcf9052d7a002b31fd665357660a3da2c0031834be1ffecaa85cf99b4087a2733cff194980239a3061996c43394f2dc192ed0060160b1a0a56050061f8ed6e4035fd3152ced7c4367d63cd669b4d05ac24532c63a2aef69083c5dd2126bd2ce3a942ab7ad28a1dbd8628f73a8e20707629043f5393c4ac86864528a4990be2f2bf496de5cef69dca754abf8d821bebcf81fe26483ce4b512f06c3e6f9e8eadf43e41554635bead7b1439cb0cd1da72742bb07211c798fdc4b798862038aee6235277d4c057b5e738209c6f0acaae3ddf29d6f47415ee1796e0574e7c7abc92c02011a7a551afbd20b39331a28a77b5d1727da80cb6f9c57c8d1f9e120f35f7b7148668e7116fc3c670897f1e84269b7be83ca4b19a39976fb31d3bbe4800ece13684285cf52504a27e772d6883e72bc714b0c21c38157cae3fb3958d744d1dedc6b892fd409c36a86de7b0fdc9c0f1457ccca7d1152ad11bb6b8e2a4bde43019aba879d9ede4706d860bef8458ba0cb3115f50a5fff5758b060d18c89b8fb2eb7a52427d762e1e798b406e519c63358f8d022380bae2b04eb98f836f94b9635984a671846e304ce0ee7c2d584976a00d155e9f874a5d7b27a4717bb96606988128c77323b87756f243b8f10223778c2362f12c5ba64c76cb929a4a7db877e3d095f09f689e4584922caf6aaf09c9d9e2e15821f991c67ff19aa2ca81518787914bb5ea047df997392cf67b44dc500c799166b0ae809dbb4b2a1ed1e8c7691964f5832fe1f173f32150bdecf2304cc483d477225840f945a95315e165b7d644c7d2a10447b2e982bcd1a551894ae6a720b747c4e7e6c52f48f9d028e4020ff0ce3e71ea11e1405cce720a1048befb97001cb3dd37f9dcbf18ca8f97201c0b2d39b22aa8d0d99a35d72472505207c95145c87ac268888038647e8bb2574efaa36b7cce64f2588f192db276e61eac9a6597bca11a242364c0c0a6cb9d5405766a494fb0d97201680b0140abbc09d9d68cb185682b06f864fded476c5d8a1e166a4b6cd0d6eb423406fc064227cc99a43765debc48dc5d535884fe6b0f093da7be082446ae67a83f41842b55af9c5bd3fbb341cdd7a1ad7bce5ed1b316a3f3b2836ef17627185467c5dbe789299c86f538434bfa0745c0191ae3789f2a67aed30cf4958c2c83f80e19f94c94b87bdd7da7b7357abdcb3188660fdc6fc750cf429dbba7102ed657aa8b9fc278eebd0a9d8be90ae323745b78b01fdbbdb85859abdccd844510d26cfe8f3d9fe7f81b0737c241fa7446e0f65638659aba0fc4af15a7280e5b6802f4bf38a65c2f897c283040202824af7a1d399adfe6952ba402eca40140368af80893c256cc864ff60e02298ba8a066c96776e3111e696457899cc1f703c7d5a13506de793db5cdf9fd43a5f75d905181cdf282b07b99b1bc860cfdbc0c4030b70c9a3446f12bb3588fdda4c366c3cde8b52366e605971f15a2e455248ab4e19028f47e1217c2c53a2b8fe5e6501dc1dd64db2368762206d2046ad5de43eb52958b44bb4792e34e242188b5fe4cc775ce5a77ffa49c071619f3650ef36d2f7f2bb4d8b182f647b493a0cbcc3f1267beaf7402f5b5be9451a6162402816c3ac524f85e9a00cdb8aff8951e2fb134b69d51dba2a7e243814daff15c0f94e2fecc09da79131a1aec335abb46465e6fd3434ec813f8227675038b8c290e8e92124680ba79f80cd9f6edda9f99ecc0b51d7e74d4c7bc9ce663b65bf13b3bdbb651813063ad5e17936ecb6c10ead28a61c6205e216d6b5d04e00d0ce4a0bf22c5b282ba10e720453761b85e46eba4ba6d1674641bdd5aeb028e8fc8defa26f4843045df50c034a781b190f8ec2fa5da8ca5bbd9f516e1b58e755cd35095cb42b7370914117bc739ba9dfea0764bc0a48a9cb7afe8e3c9a9b291fc7bcbef80ea34eb2f2dfd9bfc1b0a4ba371edff1840b144c11c97732793460cfba856342abda54970131749eeed4ed830e8ab5e775e7b6370854e0332129ff8205edba202c53d613a955fe5abe4770bfd2b1da903351f90b9fd823078ef79d23cf2ad4901ed6e8ea9aaf953b3caab65221e2918021961c58691f97a89c3ca925f37766c577115d5ffdb7353f55c84ee7ecd93b38d265ffd4277969c12f8c193336a81b802d0e5d9d9151d6a03b77c8e6c354d24c0e747653cafe3abb706da6305bb3afafce4e0e81e8d07ee34276152849dcaf875df94fb09ad5633e14310e6092a85be16a9a25246e0e0d3901f7b4c6f4a26f69d18d318b8d706943c42c36c4a74ad73f7dcf4cb43c44a2d2acac575fa7c5970b2e7bdf2d3e451647201b22951466643139305a2d4fa1105854f560b4717283c2a8adb7716d4fe3aa2550f55ba4543712ccb49ce090bd9f94ad505ee1c51d781905f8cb32f850d5f9a47fb9d25e0801c9c70549ecc7ed643c36f272e75edce698824452d3e1dbdff19625efd0b48423b996e5426fa7ee0937b478c6a8af455a61d9c27a327db8e1b3648ddc28e7019934860251bf71ce0a9b62dd504fdeeb0c81662b43928a139059c7a3c8019e85e5ba362f98df5f719ebb8910dc83d955517cbb2025f6ce344c47b1a8b17be75c906d42c21163b6d5aa45b74a1dc522a156848886fc2b0784e5c30a4ff884943eae61952db65d2c9ce36e963a47bba9160422e64f3692f6f91a5083d59453ec96670653727f3c224b4861c03b343124d760c2d9038c18cca00f2cb03b4b2dea7bcf38ed1b1e48b3840c5745cf30df630811425b757f17de1efa3a30d76f269e831587bd53abbd12d11096aa4939f1f13df986d5dc525bb63e20dd7097c12d6dc21e9273d6dc54045579cdc583a9fd5b696c98a04d1c4bc488222a61b4fbcb966a6686b5b0d624887b139ffbd44dafdac192cd86800ef19895d6989200012079b37b2b574f15dd41204ecd", 0x1000, 0x44, 0x0, 0x1, r3}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x6, 0xd, 0xffffffffffffffff, &(0x7f0000000400)="429639dc2096dad1d17d546d3d218492e5248e7cdd25213bd335bbd9678bbdd60b80805c675854dc3d6aa36e59c6d371f4d01e6275dc5cc698fdde2f9c1ec400a3221a1186895c92cf9cc7da80b9cb5cfe28fb26dada1123650140d059e4a0c61fa6acb91dc8d0837b93d82a3a488e12a72abb5b81f1a6e6873616ec368e44039c81ea03281930b1ccdf4e58556f33b72f09a1fdc79774d3d04c339ff184c6402a484aa3e8009f1ebadf4d52937c384c3d2eac08641dcf7bbf96c0e80f836b7f80e2cf755d75b71fb4a7acb7db8a5ad2cf6d", 0xd2, 0x4bd, 0x0, 0x3}])
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=<r7=>0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r9)
sendmsg$NFC_CMD_DEV_UP(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r7, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)

2m59.284486807s ago: executing program 34 (id=212):
socket$nl_route(0x10, 0x3, 0x0)
close(0x3)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0x28, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x1, 0xb}}]}}]}, 0x24}, 0x1, 0x0, 0x0, 0x8858}, 0x20004804)

2m51.681006075s ago: executing program 35 (id=218):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
pwrite64(r0, &(0x7f00000000c0)="fa2c071600606f05", 0x8, 0x8000)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket(0x10, 0xe, 0xfffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x41, 0x0, 0x0)
r4 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r4, &(0x7f000001b700)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x8004)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000007040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000000a00ecff0800010073797a300000000074000000160a010100000000000000000a00000008000740000000014000038008000140000000002c000380140001006e657464657673696d300000000000001400010076657468305f766c616e00000000000008000240000000070900010073797a3000000000090002"], 0xbc}}, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r4, @ANYRES32=r0, @ANYRES64=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x94)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'macsec0\x00'})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00'}, 0x10)
lseek(0xffffffffffffffff, 0x5, 0x2)

18.790711061s ago: executing program 4 (id=260):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)={0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
fcntl$lock(r1, 0x7, &(0x7f00000000c0)={0x1, 0x2, 0x7eb7, 0x4, r2})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000ac0)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000780)={0x20, 0x0, 0x4, {0x2, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001580)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000011c0)={0x20, 0x0, 0x4, {0xa0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000001340)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00', @ANYBLOB="7ed88665ca"], 0x20)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000480)='yeah', 0x4)
r4 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000001010000f4205ae06d6c010203010902240001010000000904690202ff5aa300000004021000000000000000000010000000"], 0x0)
syz_usb_control_io$printer(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="e6e3c11beff27d3d531ba1f6"], 0x0, 0x0, 0x0, 0x0})
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x4, 0x22, 0x0, 0x50000}]})
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[], 0x34}}, 0x44084)
io_setup(0x2, &(0x7f0000000000)=<r6=>0x0)
syz_clone3(&(0x7f0000000280)={0x21800000, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_cancel(r6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x1, r5, 0x0, 0x0, 0x200}, 0x0)
r7 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
shutdown(r7, 0x1)

14.951643702s ago: executing program 4 (id=261):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f00000006c0)={0x4, 0x5, 0x0, 0x0, 0x132, 0x3})
socket$xdp(0x2c, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r5 = fanotify_init(0x200, 0x0)
fanotify_mark(r5, 0x1, 0x40000032, r4, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
sendto$packet(r6, 0x0, 0x0, 0x4c001, &(0x7f00000002c0)={0x11, 0x8137, r7, 0x1, 0x4, 0x6, @broadcast}, 0x14)
setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, 0x0, 0x88)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r8, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r9, &(0x7f0000000700)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1}, 0xe)
r10 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0x5, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc000000850000002300000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$CEC_ADAP_S_LOG_ADDRS(r10, 0xc05c6104, &(0x7f00000000c0)={"df000090", 0x4, 0x5, 0x3, 0x2a2b, 0x0, "185aca146de17dfe39fa28778e2400", '\x00', "35062200", '\x00', ["8bada94014000000000000c7", "00000000000000ac00830800", '\x00', "00113a071fa0fcd9c500"]})

11.862084614s ago: executing program 4 (id=262):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
memfd_create(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', 0xffffffffffffffff, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r4, 0x0, 0x9}, 0x18)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

9.487772178s ago: executing program 4 (id=263):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
r1 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r1, 0x2)
r2 = open(&(0x7f0000000300)='.\x00', 0x100000, 0x0)
flock(r2, 0x1)
r3 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r3, 0x2)
flock(r2, 0x2)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000700000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014fa0000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4, 0x0, 0x2000}, 0x18)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
arch_prctl$ARCH_ENABLE_TAGGED_ADDR(0x4002, 0x6)
clock_gettime(0x0, &(0x7f0000000040))
fgetxattr(0xffffffffffffffff, &(0x7f0000000080)=@known='system.posix_acl_default\x00', 0x0, 0x0)
futex_waitv(&(0x7f0000001480), 0x26, 0x0, &(0x7f0000000000), 0x0)

4.134750558s ago: executing program 4 (id=264):
socket(0x1d, 0x2, 0x6)
r0 = syz_io_uring_setup(0x68a9, &(0x7f00000004c0)={0x0, 0xc16a, 0x40, 0x0, 0x2d2}, &(0x7f0000000280), &(0x7f0000000000))
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
write$char_usb(r2, &(0x7f0000000000), 0x0)
syz_usb_disconnect(r1)
pipe2$9p(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000340)=ANY=[@ANYRES64], 0x0, 0xc, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd825}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_open_dev$evdev(0x0, 0x2, 0x0)
close(r6)
io_uring_setup(0x58f3, &(0x7f0000000540)={0x0, 0x2000e8e5, 0x400, 0x20001, 0x5d, 0x0, r0})
bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
r7 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg$sock(r7, 0x0, 0x0, 0x4080050)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
mknod$loop(&(0x7f0000000200)='./file0\x00', 0x2480, 0x1)
mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x800004, 0x0)

0s ago: executing program 4 (id=265):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x1c, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xf, 0x3, 0x1}}, @TCA_GRED_LIMIT={0x2, 0x5, 0x2}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x51}, 0x20040000)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x7ffffffe, 0x0, 0x0, 0x91}, 0x0)

kernel console output (not intermixed with test programs):


[   97.013791][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   97.014276][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   97.103514][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   97.273515][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   97.789235][   T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.789254][   T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.584038][ T1510] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.584058][ T1510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.784632][ T1307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.784651][ T1307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.834600][   T37] audit: type=1326 audit(1761810872.239:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5934 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce62cefc9 code=0x7ffc0000
[   99.834648][   T37] audit: type=1326 audit(1761810872.239:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5934 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce62cefc9 code=0x7ffc0000
[   99.838710][   T37] audit: type=1326 audit(1761810872.239:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5934 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3ce62cefc9 code=0x7ffc0000
[   99.838763][   T37] audit: type=1326 audit(1761810872.239:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5934 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce62cefc9 code=0x7ffc0000
[   99.838802][   T37] audit: type=1326 audit(1761810872.239:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5934 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce62cefc9 code=0x7ffc0000
[   99.838847][   T37] audit: type=1326 audit(1761810872.239:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5934 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f3ce62cefc9 code=0x7ffc0000
[   99.838889][   T37] audit: type=1326 audit(1761810872.239:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5934 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce62cefc9 code=0x7ffc0000
[   99.838928][   T37] audit: type=1326 audit(1761810872.239:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5934 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce62cefc9 code=0x7ffc0000
[   99.838966][   T37] audit: type=1326 audit(1761810872.239:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5934 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f3ce62cefc9 code=0x7ffc0000
[   99.839005][   T37] audit: type=1326 audit(1761810872.239:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5934 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce62cefc9 code=0x7ffc0000
[  100.015831][ T5939] Zero length message leads to an empty skb
[  101.614206][ T5944] netlink: 'syz.4.5': attribute type 1 has an invalid length.
[  101.635449][ T5944] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5'.
[  101.834356][  T140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.834375][  T140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.834475][ T5944] gre0: entered promiscuous mode
[  101.834493][ T5944] gre0: entered allmulticast mode
[  102.016303][ T5949] Illegal XDP return value 3049930009 on prog  (id 5) dev N/A, expect packet loss!
[  102.030079][ T5949] mmap: syz.3.9 (5949) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  102.550955][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.550974][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  102.603737][ T5880] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  105.490141][ T1242] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  105.681246][ T1242] usb 5-1: config 4 has an invalid interface number: 88 but max is 0
[  105.681272][ T1242] usb 5-1: config 4 has no interface number 0
[  105.681366][ T1242] usb 5-1: config 4 interface 88 has no altsetting 0
[  105.716843][ T1242] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  105.716871][ T1242] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.716889][ T1242] usb 5-1: Product: syz
[  105.716903][ T1242] usb 5-1: Manufacturer: syz
[  105.716917][ T1242] usb 5-1: SerialNumber: syz
[  106.023817][ T5887] usb 5-1: USB disconnect, device number 2
[  107.119086][    T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  107.235705][ T5989] ieee802154 phy0 wpan0: encryption failed: -22
[  107.237524][ T5989] warning: `syz.3.17' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  107.238848][ T5989] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  107.285234][    T9] usb 1-1: Using ep0 maxpacket: 8
[  107.288884][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  107.288915][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  107.288936][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  107.288958][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  107.288981][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  107.289017][    T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  107.289038][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.305406][    T9] usb 1-1: config 0 descriptor??
[  107.307089][ T5976] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  107.463899][ T5887] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  107.554167][ T5880] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  107.635239][ T5887] usb 5-1: config 4 has an invalid interface number: 231 but max is 0
[  107.635264][ T5887] usb 5-1: config 4 has no interface number 0
[  107.664306][ T5887] usb 5-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[  107.664334][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.664353][ T5887] usb 5-1: Product: syz
[  107.664365][ T5887] usb 5-1: Manufacturer: syz
[  107.664376][ T5887] usb 5-1: SerialNumber: syz
[  107.756118][ T5880] usb 2-1: config 252 has an invalid interface number: 251 but max is 0
[  107.756146][ T5880] usb 2-1: config 252 has no interface number 0
[  107.756956][ T5880] usb 2-1: New USB device found, idVendor=0c45, idProduct=6280, bcdDevice=d5.fc
[  107.756982][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.828140][ T5887] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[  107.875536][ T5808] Bluetooth: hci5: Opcode 0x0c03 failed: -19
[  107.885203][    T9] usb 1-1: USB disconnect, device number 3
[  108.050748][ T5880] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:6280
[  108.491240][ T5852] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  108.553674][ T5887] vp7045: USB control message 'out' went wrong.
[  108.553705][ T5887] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  108.553744][ T5887] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[  108.577093][ T5880] gspca_sn9c20x: Write register 1000 failed -110
[  108.577124][ T5880] gspca_sn9c20x: Device initialization failed
[  108.577208][ T5880] gspca_sn9c20x 2-1:252.251: probe with driver gspca_sn9c20x failed with error -110
[  108.632330][ T5887] usb 5-1: USB disconnect, device number 3
[  108.713572][ T5852] usb 3-1: Using ep0 maxpacket: 8
[  108.726921][ T5852] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  108.741381][ T5852] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  108.741408][ T5852] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.741428][ T5852] usb 3-1: Product: syz
[  108.741441][ T5852] usb 3-1: Manufacturer: syz
[  108.741454][ T5852] usb 3-1: SerialNumber: syz
[  108.780489][ T5852] usb 3-1: config 0 descriptor??
[  108.805991][ T5852] streamzap 3-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[  108.929990][ T6005] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2'.
[  108.997613][ T5887] usb 3-1: USB disconnect, device number 2
[  109.114603][ T5852] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  109.298423][ T5852] usb 1-1: Using ep0 maxpacket: 16
[  109.301318][ T5852] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  109.301343][ T5852] usb 1-1: config 0 has no interface number 0
[  109.334098][ T5852] usb 1-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  109.334126][ T5852] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.334143][ T5852] usb 1-1: Product: syz
[  109.334155][ T5852] usb 1-1: Manufacturer: syz
[  109.334168][ T5852] usb 1-1: SerialNumber: syz
[  109.377049][ T5852] usb 1-1: config 0 descriptor??
[  109.390626][ T5852] hub 1-1:0.132: bad descriptor, ignoring hub
[  109.390663][ T5852] hub 1-1:0.132: probe with driver hub failed with error -5
[  109.436059][ T5852] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.132/input/input5
[  109.593653][    T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  109.967738][    T9] usb 4-1: Using ep0 maxpacket: 32
[  110.773348][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  110.773380][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  110.773419][    T9] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  110.773438][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.840649][    T9] usb 4-1: config 0 descriptor??
[  111.057766][ T5887] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  111.214032][ T5887] usb 3-1: Using ep0 maxpacket: 8
[  111.218396][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  111.218417][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  111.218437][ T5887] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  111.218459][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  111.218484][ T5887] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  111.218521][ T5887] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  111.218537][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.241095][ T5887] usb 3-1: config 0 descriptor??
[  111.242561][ T6023] =======================================================
[  111.242561][ T6023] WARNING: The mand mount option has been deprecated and
[  111.242561][ T6023]          and is ignored by this kernel. Remove the mand
[  111.242561][ T6023]          option from the mount to silence this warning.
[  111.242561][ T6023] =======================================================
[  111.243700][ T6016] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  111.522082][ T6007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  111.538998][ T6007] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  111.634839][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  111.635376][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  111.668419][    T9] usb 4-1: USB disconnect, device number 2
[  111.728639][ T1242] usb 3-1: USB disconnect, device number 3
[  111.734868][ T5808] Bluetooth: hci5: Opcode 0x0c03 failed: -19
[  111.939130][ T5873] usb 2-1: USB disconnect, device number 2
[  112.204482][ T5852] usb 1-1: USB disconnect, device number 4
[  112.310248][   T37] kauditd_printk_skb: 16 callbacks suppressed
[  112.310263][   T37] audit: type=1326 audit(1761810884.709:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6026 comm="syz.0.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff9fbefc9 code=0x7ffc0000
[  112.310303][   T37] audit: type=1326 audit(1761810884.709:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6026 comm="syz.0.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=145 compat=0 ip=0x7fbff9fbefc9 code=0x7ffc0000
[  112.310343][   T37] audit: type=1326 audit(1761810884.709:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6026 comm="syz.0.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff9fbefc9 code=0x7ffc0000
[  112.344378][   T37] audit: type=1326 audit(1761810884.739:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6026 comm="syz.0.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fbff9fbefc9 code=0x7ffc0000
[  112.344424][   T37] audit: type=1326 audit(1761810884.749:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6026 comm="syz.0.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff9fbefc9 code=0x7ffc0000
[  112.352795][   T37] audit: type=1326 audit(1761810884.749:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6026 comm="syz.0.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7fbff9fbefc9 code=0x7ffc0000
[  112.352837][   T37] audit: type=1326 audit(1761810884.749:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6026 comm="syz.0.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbff9fbefc9 code=0x7ffc0000
[  112.352873][   T37] audit: type=1326 audit(1761810884.749:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6026 comm="syz.0.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fbff9fbefc9 code=0x7ffc0000
[  112.352911][   T37] audit: type=1326 audit(1761810884.749:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6026 comm="syz.0.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbff9fbf003 code=0x7ffc0000
[  112.352947][   T37] audit: type=1326 audit(1761810884.749:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6026 comm="syz.0.26" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbff9fbf003 code=0x7ffc0000
[  113.285258][ T6048] FAULT_INJECTION: forcing a failure.
[  113.285258][ T6048] name failslab, interval 1, probability 0, space 0, times 1
[  113.285360][ T6048] CPU: 1 UID: 0 PID: 6048 Comm: syz.1.30 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  113.285381][ T6048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  113.285399][ T6048] Call Trace:
[  113.285410][ T6048]  <TASK>
[  113.285418][ T6048]  dump_stack_lvl+0x189/0x250
[  113.285449][ T6048]  ? irqentry_exit+0x74/0x90
[  113.285473][ T6048]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.285517][ T6048]  should_fail_ex+0x46c/0x600
[  113.285544][ T6048]  ? skb_clone+0x212/0x3a0
[  113.285564][ T6048]  should_failslab+0xa8/0x100
[  113.285587][ T6048]  ? skb_clone+0x212/0x3a0
[  113.285605][ T6048]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  113.285641][ T6048]  skb_clone+0x212/0x3a0
[  113.285665][ T6048]  __netlink_deliver_tap+0x404/0x850
[  113.285696][ T6048]  ? netlink_deliver_tap+0x2e/0x1b0
[  113.285716][ T6048]  netlink_deliver_tap+0x19c/0x1b0
[  113.285735][ T6048]  netlink_unicast+0x811/0xa10
[  113.285767][ T6048]  ? __pfx_netlink_unicast+0x10/0x10
[  113.285788][ T6048]  ? security_netlink_send+0x15/0x290
[  113.285813][ T6048]  ? __pfx_bpf_lsm_netlink_send+0x10/0x10
[  113.285841][ T6048]  netlink_sendmsg+0x805/0xb30
[  113.285869][ T6048]  ? __pfx_netlink_sendmsg+0x10/0x10
[  113.285891][ T6048]  ? __sock_sendmsg+0x1a6/0x270
[  113.285916][ T6048]  ? __pfx_netlink_sendmsg+0x10/0x10
[  113.285935][ T6048]  __sock_sendmsg+0x21c/0x270
[  113.285961][ T6048]  ____sys_sendmsg+0x508/0x820
[  113.285987][ T6048]  ? __pfx_____sys_sendmsg+0x10/0x10
[  113.286016][ T6048]  ? import_iovec+0x74/0xa0
[  113.286039][ T6048]  ___sys_sendmsg+0x21f/0x2a0
[  113.286061][ T6048]  ? __pfx____sys_sendmsg+0x10/0x10
[  113.286120][ T6048]  ? __fget_files+0x2a/0x420
[  113.286141][ T6048]  ? __fget_files+0x3a6/0x420
[  113.286175][ T6048]  __x64_sys_sendmsg+0x1a1/0x260
[  113.286197][ T6048]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  113.286242][ T6048]  do_syscall_64+0xfa/0xfa0
[  113.286264][ T6048]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.286281][ T6048]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  113.286297][ T6048]  ? clear_bhb_loop+0x60/0xb0
[  113.286318][ T6048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.286335][ T6048] RIP: 0033:0x7f94e1eaefc9
[  113.286355][ T6048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.286369][ T6048] RSP: 002b:00007f94e00d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  113.286388][ T6048] RAX: ffffffffffffffda RBX: 00007f94e2106180 RCX: 00007f94e1eaefc9
[  113.286401][ T6048] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000009
[  113.286412][ T6048] RBP: 00007f94e00d4090 R08: 0000000000000000 R09: 0000000000000000
[  113.286423][ T6048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.286433][ T6048] R13: 00007f94e2106218 R14: 00007f94e2106180 R15: 00007ffd703b8618
[  113.286465][ T6048]  </TASK>
[  114.117089][ T6044] netlink: 'syz.2.32': attribute type 30 has an invalid length.
[  114.231664][ T6053] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  114.267560][ T6055] pim6reg1: entered promiscuous mode
[  114.267583][ T6055] pim6reg1: entered allmulticast mode
[  114.407353][ T6056] netlink: 4 bytes leftover after parsing attributes in process `syz.3.33'.
[  114.507602][ T6060] FAULT_INJECTION: forcing a failure.
[  114.507602][ T6060] name failslab, interval 1, probability 0, space 0, times 0
[  114.507632][ T6060] CPU: 0 UID: 0 PID: 6060 Comm: syz.4.36 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  114.507651][ T6060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  114.507659][ T6060] Call Trace:
[  114.507665][ T6060]  <TASK>
[  114.507672][ T6060]  dump_stack_lvl+0x189/0x250
[  114.507700][ T6060]  ? __pfx____ratelimit+0x10/0x10
[  114.507719][ T6060]  ? __pfx_dump_stack_lvl+0x10/0x10
[  114.507741][ T6060]  ? __pfx__printk+0x10/0x10
[  114.507765][ T6060]  ? __lock_acquire+0xab9/0xd20
[  114.507793][ T6060]  should_fail_ex+0x46c/0x600
[  114.507819][ T6060]  ? skb_clone+0x212/0x3a0
[  114.507838][ T6060]  should_failslab+0xa8/0x100
[  114.507861][ T6060]  ? skb_clone+0x212/0x3a0
[  114.507878][ T6060]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  114.507906][ T6060]  skb_clone+0x212/0x3a0
[  114.507929][ T6060]  __netlink_deliver_tap+0x404/0x850
[  114.507958][ T6060]  ? netlink_deliver_tap+0x2e/0x1b0
[  114.507975][ T6060]  netlink_deliver_tap+0x19c/0x1b0
[  114.507992][ T6060]  netlink_unicast+0x811/0xa10
[  114.508022][ T6060]  ? __pfx_netlink_unicast+0x10/0x10
[  114.508047][ T6060]  ? netlink_sendmsg+0x642/0xb30
[  114.508062][ T6060]  ? skb_put+0x11b/0x210
[  114.508081][ T6060]  netlink_sendmsg+0x805/0xb30
[  114.508108][ T6060]  ? __pfx_netlink_sendmsg+0x10/0x10
[  114.508134][ T6060]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  114.508155][ T6060]  ? __pfx_netlink_sendmsg+0x10/0x10
[  114.508174][ T6060]  __sock_sendmsg+0x21c/0x270
[  114.508198][ T6060]  ____sys_sendmsg+0x508/0x820
[  114.508223][ T6060]  ? __pfx_____sys_sendmsg+0x10/0x10
[  114.508250][ T6060]  ? import_iovec+0x74/0xa0
[  114.508271][ T6060]  ___sys_sendmsg+0x21f/0x2a0
[  114.508294][ T6060]  ? __pfx____sys_sendmsg+0x10/0x10
[  114.508348][ T6060]  ? __fget_files+0x2a/0x420
[  114.508369][ T6060]  ? __fget_files+0x3a6/0x420
[  114.508409][ T6060]  __x64_sys_sendmsg+0x1a1/0x260
[  114.508430][ T6060]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  114.508459][ T6060]  ? __pfx_ksys_write+0x10/0x10
[  114.508483][ T6060]  ? do_syscall_64+0xbe/0xfa0
[  114.508507][ T6060]  do_syscall_64+0xfa/0xfa0
[  114.508525][ T6060]  ? lockdep_hardirqs_on+0x9c/0x150
[  114.508548][ T6060]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.508565][ T6060]  ? clear_bhb_loop+0x60/0xb0
[  114.508586][ T6060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  114.508602][ T6060] RIP: 0033:0x7fdd33c1efc9
[  114.508618][ T6060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  114.508631][ T6060] RSP: 002b:00007fdd31e86038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  114.508649][ T6060] RAX: ffffffffffffffda RBX: 00007fdd33e75fa0 RCX: 00007fdd33c1efc9
[  114.508661][ T6060] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  114.508671][ T6060] RBP: 00007fdd31e86090 R08: 0000000000000000 R09: 0000000000000000
[  114.508682][ T6060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  114.508692][ T6060] R13: 00007fdd33e76038 R14: 00007fdd33e75fa0 R15: 00007fff8961c3e8
[  114.508722][ T6060]  </TASK>
[  114.508929][ T6060] netlink: 44 bytes leftover after parsing attributes in process `syz.4.36'.
[  114.508946][ T6060] netlink: 43 bytes leftover after parsing attributes in process `syz.4.36'.
[  114.508959][ T6060] netlink: 'syz.4.36': attribute type 5 has an invalid length.
[  114.508970][ T6060] netlink: 43 bytes leftover after parsing attributes in process `syz.4.36'.
[  117.487858][ T6079] netlink: 288 bytes leftover after parsing attributes in process `syz.1.39'.
[  117.866397][    T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  117.999776][ T6090] netlink: 5036 bytes leftover after parsing attributes in process `syz.2.43'.
[  118.013776][    T9] usb 1-1: Using ep0 maxpacket: 32
[  118.015469][    T9] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  118.015483][    T9] usb 1-1: config 0 has no interface number 0
[  118.017777][    T9] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  118.017792][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.017802][    T9] usb 1-1: Product: syz
[  118.017808][    T9] usb 1-1: Manufacturer: syz
[  118.017815][    T9] usb 1-1: SerialNumber: syz
[  118.078973][    T9] usb 1-1: config 0 descriptor??
[  118.102648][    T9] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  118.395656][    T9] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  118.495930][    T9] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  118.505507][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 6
[  118.707150][    C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  118.722308][ T5873] usb 1-1: USB disconnect, device number 5
[  118.741012][ T6099] syz.2.45 (6099) used greatest stack depth: 18288 bytes left
[  118.755334][ T5873] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  118.764617][ T5873] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  118.765323][ T5873] quatech2 1-1:0.51: device disconnected
[  119.397533][ T6113] FAULT_INJECTION: forcing a failure.
[  119.397533][ T6113] name failslab, interval 1, probability 0, space 0, times 0
[  119.397568][ T6113] CPU: 0 UID: 0 PID: 6113 Comm: syz.4.46 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  119.397580][ T6113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  119.397585][ T6113] Call Trace:
[  119.397590][ T6113]  <TASK>
[  119.397597][ T6113]  dump_stack_lvl+0x189/0x250
[  119.397616][ T6113]  ? __pfx____ratelimit+0x10/0x10
[  119.397628][ T6113]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.397642][ T6113]  ? __pfx__printk+0x10/0x10
[  119.397656][ T6113]  ? __pfx___might_resched+0x10/0x10
[  119.397667][ T6113]  ? fs_reclaim_acquire+0x7d/0x100
[  119.397683][ T6113]  should_fail_ex+0x46c/0x600
[  119.397699][ T6113]  should_failslab+0xa8/0x100
[  119.397713][ T6113]  __kvmalloc_node_noprof+0x169/0x920
[  119.397726][ T6113]  ? sock_devmem_dontneed+0x1cb/0x7c0
[  119.397739][ T6113]  sock_devmem_dontneed+0x1cb/0x7c0
[  119.397749][ T6113]  ? __lock_acquire+0xab9/0xd20
[  119.397766][ T6113]  ? __pfx_sock_devmem_dontneed+0x10/0x10
[  119.397774][ T6113]  ? __might_fault+0xb0/0x130
[  119.397799][ T6113]  sk_setsockopt+0x568/0x2a70
[  119.397812][ T6113]  ? lockdep_hardirqs_on+0x9c/0x150
[  119.397830][ T6113]  ? __pfx_sk_setsockopt+0x10/0x10
[  119.397839][ T6113]  ? __lock_acquire+0xab9/0xd20
[  119.397861][ T6113]  ? __fget_files+0x2a/0x420
[  119.397876][ T6113]  ? __fget_files+0x2a/0x420
[  119.397887][ T6113]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  119.397903][ T6113]  do_sock_setsockopt+0x11b/0x1b0
[  119.397916][ T6113]  __x64_sys_setsockopt+0x145/0x1b0
[  119.397929][ T6113]  do_syscall_64+0xfa/0xfa0
[  119.397941][ T6113]  ? lockdep_hardirqs_on+0x9c/0x150
[  119.397952][ T6113]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.397961][ T6113]  ? clear_bhb_loop+0x60/0xb0
[  119.397972][ T6113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.397981][ T6113] RIP: 0033:0x7fdd33c1efc9
[  119.397990][ T6113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.397998][ T6113] RSP: 002b:00007fdd31e44038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  119.398014][ T6113] RAX: ffffffffffffffda RBX: 00007fdd33e76180 RCX: 00007fdd33c1efc9
[  119.398021][ T6113] RDX: 0000000000000050 RSI: 0000000000000001 RDI: 0000000000000005
[  119.398026][ T6113] RBP: 00007fdd31e44090 R08: 0000000000000048 R09: 0000000000000000
[  119.398032][ T6113] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  119.398038][ T6113] R13: 00007fdd33e76218 R14: 00007fdd33e76180 R15: 00007fff8961c3e8
[  119.398054][ T6113]  </TASK>
[  119.848742][ T6119] FAULT_INJECTION: forcing a failure.
[  119.848742][ T6119] name failslab, interval 1, probability 0, space 0, times 0
[  119.848772][ T6119] CPU: 0 UID: 0 PID: 6119 Comm: syz.0.50 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  119.848791][ T6119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  119.848800][ T6119] Call Trace:
[  119.848815][ T6119]  <TASK>
[  119.848823][ T6119]  dump_stack_lvl+0x189/0x250
[  119.848852][ T6119]  ? __pfx____ratelimit+0x10/0x10
[  119.848873][ T6119]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.848896][ T6119]  ? __pfx__printk+0x10/0x10
[  119.848921][ T6119]  ? __lock_acquire+0xab9/0xd20
[  119.848950][ T6119]  should_fail_ex+0x46c/0x600
[  119.848976][ T6119]  ? skb_clone+0x212/0x3a0
[  119.848995][ T6119]  should_failslab+0xa8/0x100
[  119.849018][ T6119]  ? skb_clone+0x212/0x3a0
[  119.849035][ T6119]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  119.849063][ T6119]  skb_clone+0x212/0x3a0
[  119.849086][ T6119]  __netlink_deliver_tap+0x404/0x850
[  119.849115][ T6119]  ? netlink_deliver_tap+0x2e/0x1b0
[  119.849134][ T6119]  netlink_deliver_tap+0x19c/0x1b0
[  119.849152][ T6119]  netlink_unicast+0x811/0xa10
[  119.849183][ T6119]  ? __pfx_netlink_unicast+0x10/0x10
[  119.849207][ T6119]  ? netlink_sendmsg+0x642/0xb30
[  119.849222][ T6119]  ? skb_put+0x11b/0x210
[  119.849243][ T6119]  netlink_sendmsg+0x805/0xb30
[  119.849259][ T6119]  ? is_bpf_text_address+0x26/0x2b0
[  119.849289][ T6119]  ? __pfx_netlink_sendmsg+0x10/0x10
[  119.849313][ T6119]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  119.849335][ T6119]  ? __pfx_netlink_sendmsg+0x10/0x10
[  119.849353][ T6119]  __sock_sendmsg+0x21c/0x270
[  119.849379][ T6119]  ____sys_sendmsg+0x508/0x820
[  119.849404][ T6119]  ? __pfx_____sys_sendmsg+0x10/0x10
[  119.849433][ T6119]  ? import_iovec+0x74/0xa0
[  119.849455][ T6119]  ___sys_sendmsg+0x21f/0x2a0
[  119.849478][ T6119]  ? __pfx____sys_sendmsg+0x10/0x10
[  119.849531][ T6119]  ? __fget_files+0x2a/0x420
[  119.849552][ T6119]  ? __fget_files+0x3a6/0x420
[  119.849584][ T6119]  __x64_sys_sendmsg+0x1a1/0x260
[  119.849606][ T6119]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  119.849640][ T6119]  ? __pfx_ksys_write+0x10/0x10
[  119.849664][ T6119]  ? do_syscall_64+0xbe/0xfa0
[  119.849688][ T6119]  do_syscall_64+0xfa/0xfa0
[  119.849706][ T6119]  ? lockdep_hardirqs_on+0x9c/0x150
[  119.849725][ T6119]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.849742][ T6119]  ? clear_bhb_loop+0x60/0xb0
[  119.849761][ T6119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.849777][ T6119] RIP: 0033:0x7fbff9fbefc9
[  119.849793][ T6119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.849866][ T6119] RSP: 002b:00007fbff8226038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  119.849885][ T6119] RAX: ffffffffffffffda RBX: 00007fbffa215fa0 RCX: 00007fbff9fbefc9
[  119.849897][ T6119] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  119.849907][ T6119] RBP: 00007fbff8226090 R08: 0000000000000000 R09: 0000000000000000
[  119.849918][ T6119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  119.849928][ T6119] R13: 00007fbffa216038 R14: 00007fbffa215fa0 R15: 00007ffeb3c57338
[  119.849959][ T6119]  </TASK>
[  119.851283][ T6119] netlink: 'syz.0.50': attribute type 1 has an invalid length.
[  120.073703][ T1242] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  120.227968][ T1242] usb 2-1: Using ep0 maxpacket: 8
[  120.232048][ T1242] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  120.237728][ T1242] usb 2-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  120.237753][ T1242] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.237771][ T1242] usb 2-1: Product: syz
[  120.237785][ T1242] usb 2-1: Manufacturer: syz
[  120.237798][ T1242] usb 2-1: SerialNumber: syz
[  120.264111][ T1242] usb 2-1: config 0 descriptor??
[  120.296481][ T1242] gspca_main: stk014-2.14.0 probing 05e1:0893
[  120.296569][ T1242] usb 2-1: selecting invalid altsetting 1
[  120.501808][ T6117] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.507243][ T6117] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.516565][ T1242] gspca_stk014: init reg: 0x00
[  120.516652][ T1242] stk014 2-1:0.0: probe with driver stk014 failed with error -5
[  120.723548][ T1242] usb 2-1: USB disconnect, device number 3
[  120.888015][ T6135] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  120.918661][ T6135] FAULT_INJECTION: forcing a failure.
[  120.918661][ T6135] name fail_iommufd, interval 1, probability 0, space 0, times 1
[  120.918691][ T6135] CPU: 1 UID: 0 PID: 6135 Comm: syz.0.56 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  120.918712][ T6135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  120.918721][ T6135] Call Trace:
[  120.918728][ T6135]  <TASK>
[  120.918736][ T6135]  dump_stack_lvl+0x189/0x250
[  120.918764][ T6135]  ? __pfx____ratelimit+0x10/0x10
[  120.918795][ T6135]  ? __pfx_dump_stack_lvl+0x10/0x10
[  120.918819][ T6135]  ? __pfx__printk+0x10/0x10
[  120.918853][ T6135]  should_fail_ex+0x46c/0x600
[  120.918881][ T6135]  iommufd_get_object+0x78/0x4b0
[  120.918904][ T6135]  ? __pfx_iommufd_get_object+0x10/0x10
[  120.918934][ T6135]  iommufd_hwpt_invalidate+0x3b1/0x820
[  120.918964][ T6135]  ? __pfx_iommufd_hwpt_invalidate+0x10/0x10
[  120.919002][ T6135]  iommufd_fops_ioctl+0x461/0x580
[  120.919027][ T6135]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  120.919059][ T6135]  ? __fget_files+0x3a6/0x420
[  120.919081][ T6135]  ? __fget_files+0x2a/0x420
[  120.919105][ T6135]  ? bpf_lsm_file_ioctl+0x9/0x20
[  120.919121][ T6135]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  120.919141][ T6135]  __se_sys_ioctl+0xff/0x170
[  120.919163][ T6135]  do_syscall_64+0xfa/0xfa0
[  120.919182][ T6135]  ? lockdep_hardirqs_on+0x9c/0x150
[  120.919201][ T6135]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.919219][ T6135]  ? clear_bhb_loop+0x60/0xb0
[  120.919239][ T6135]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.919255][ T6135] RIP: 0033:0x7fbff9fbefc9
[  120.919271][ T6135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.919285][ T6135] RSP: 002b:00007fbff8226038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  120.919303][ T6135] RAX: ffffffffffffffda RBX: 00007fbffa215fa0 RCX: 00007fbff9fbefc9
[  120.919316][ T6135] RDX: 0000200000000280 RSI: 0000000000003b8d RDI: 0000000000000003
[  120.919326][ T6135] RBP: 00007fbff8226090 R08: 0000000000000000 R09: 0000000000000000
[  120.919336][ T6135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.919345][ T6135] R13: 00007fbffa216038 R14: 00007fbffa215fa0 R15: 00007ffeb3c57338
[  120.919372][ T6135]  </TASK>
[  122.331144][ T6146] bond1: option lacp_active: invalid value (7)
[  122.393205][ T6146] bond1 (unregistering): Released all slaves
[  122.497226][ T5873] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  122.683765][ T5873] usb 1-1: Using ep0 maxpacket: 32
[  122.686218][ T5873] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  122.686259][ T5873] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  122.686298][ T5873] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  122.686323][ T5873] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  122.686349][ T5873] usb 1-1: config 0 interface 0 has no altsetting 0
[  122.692829][ T5873] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  122.692855][ T5873] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  122.692874][ T5873] usb 1-1: Product: syz
[  122.692888][ T5873] usb 1-1: Manufacturer: syz
[  122.692902][ T5873] usb 1-1: SerialNumber: syz
[  122.702231][ T5873] usb 1-1: config 0 descriptor??
[  122.747477][ T5873] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  122.765058][ T5873] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  122.961754][ T5873] usb 1-1: USB disconnect, device number 6
[  122.961858][    C0] ldusb 1-1:0.0: usb_submit_urb failed (-19)
[  122.988577][ T5873] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  123.883762][ T6144] Invalid source name
[  123.883780][ T6144] UBIFS error (pid: 6144): cannot open "./file0", error -22
[  124.150862][ T6161] FAULT_INJECTION: forcing a failure.
[  124.150862][ T6161] name failslab, interval 1, probability 0, space 0, times 0
[  124.150894][ T6161] CPU: 0 UID: 0 PID: 6161 Comm: syz.1.64 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  124.150914][ T6161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  124.150924][ T6161] Call Trace:
[  124.150931][ T6161]  <TASK>
[  124.150938][ T6161]  dump_stack_lvl+0x189/0x250
[  124.150968][ T6161]  ? __pfx____ratelimit+0x10/0x10
[  124.150990][ T6161]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.151014][ T6161]  ? __pfx__printk+0x10/0x10
[  124.151040][ T6161]  ? __lock_acquire+0xab9/0xd20
[  124.151069][ T6161]  should_fail_ex+0x46c/0x600
[  124.151095][ T6161]  ? skb_clone+0x212/0x3a0
[  124.151115][ T6161]  should_failslab+0xa8/0x100
[  124.151140][ T6161]  ? skb_clone+0x212/0x3a0
[  124.151156][ T6161]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  124.151186][ T6161]  skb_clone+0x212/0x3a0
[  124.151209][ T6161]  __netlink_deliver_tap+0x404/0x850
[  124.151240][ T6161]  ? netlink_deliver_tap+0x2e/0x1b0
[  124.151259][ T6161]  netlink_deliver_tap+0x19c/0x1b0
[  124.151278][ T6161]  netlink_unicast+0x811/0xa10
[  124.151311][ T6161]  ? __pfx_netlink_unicast+0x10/0x10
[  124.151336][ T6161]  ? netlink_sendmsg+0x642/0xb30
[  124.151351][ T6161]  ? skb_put+0x11b/0x210
[  124.151373][ T6161]  netlink_sendmsg+0x805/0xb30
[  124.151389][ T6161]  ? is_bpf_text_address+0x26/0x2b0
[  124.151422][ T6161]  ? __pfx_netlink_sendmsg+0x10/0x10
[  124.151447][ T6161]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  124.151469][ T6161]  ? __pfx_netlink_sendmsg+0x10/0x10
[  124.151486][ T6161]  __sock_sendmsg+0x21c/0x270
[  124.151511][ T6161]  ____sys_sendmsg+0x508/0x820
[  124.151535][ T6161]  ? __pfx_____sys_sendmsg+0x10/0x10
[  124.151564][ T6161]  ? import_iovec+0x74/0xa0
[  124.151587][ T6161]  ___sys_sendmsg+0x21f/0x2a0
[  124.151609][ T6161]  ? __pfx____sys_sendmsg+0x10/0x10
[  124.151665][ T6161]  ? __fget_files+0x2a/0x420
[  124.151687][ T6161]  ? __fget_files+0x3a6/0x420
[  124.151726][ T6161]  __x64_sys_sendmsg+0x1a1/0x260
[  124.151748][ T6161]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  124.151778][ T6161]  ? __pfx_ksys_write+0x10/0x10
[  124.151802][ T6161]  ? do_syscall_64+0xbe/0xfa0
[  124.151827][ T6161]  do_syscall_64+0xfa/0xfa0
[  124.151846][ T6161]  ? lockdep_hardirqs_on+0x9c/0x150
[  124.151867][ T6161]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.151884][ T6161]  ? clear_bhb_loop+0x60/0xb0
[  124.151905][ T6161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.151922][ T6161] RIP: 0033:0x7f94e1eaefc9
[  124.151938][ T6161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  124.151952][ T6161] RSP: 002b:00007f94e0116038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  124.151971][ T6161] RAX: ffffffffffffffda RBX: 00007f94e2105fa0 RCX: 00007f94e1eaefc9
[  124.151983][ T6161] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005
[  124.151994][ T6161] RBP: 00007f94e0116090 R08: 0000000000000000 R09: 0000000000000000
[  124.152005][ T6161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  124.152015][ T6161] R13: 00007f94e2106038 R14: 00007f94e2105fa0 R15: 00007ffd703b8618
[  124.152047][ T6161]  </TASK>
[  124.688008][ T6170] netlink: 9275 bytes leftover after parsing attributes in process `syz.1.67'.
[  125.054157][ T6172] FAULT_INJECTION: forcing a failure.
[  125.054157][ T6172] name failslab, interval 1, probability 0, space 0, times 0
[  125.054178][ T6172] CPU: 1 UID: 0 PID: 6172 Comm: syz.4.68 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  125.054203][ T6172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  125.054210][ T6172] Call Trace:
[  125.054214][ T6172]  <TASK>
[  125.054219][ T6172]  dump_stack_lvl+0x189/0x250
[  125.054238][ T6172]  ? __pfx____ratelimit+0x10/0x10
[  125.054251][ T6172]  ? __pfx_dump_stack_lvl+0x10/0x10
[  125.054265][ T6172]  ? __pfx__printk+0x10/0x10
[  125.054279][ T6172]  ? __lock_acquire+0xab9/0xd20
[  125.054295][ T6172]  should_fail_ex+0x46c/0x600
[  125.054311][ T6172]  ? skb_clone+0x212/0x3a0
[  125.054325][ T6172]  should_failslab+0xa8/0x100
[  125.054340][ T6172]  ? skb_clone+0x212/0x3a0
[  125.054349][ T6172]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  125.054366][ T6172]  skb_clone+0x212/0x3a0
[  125.054379][ T6172]  __netlink_deliver_tap+0x404/0x850
[  125.054399][ T6172]  ? netlink_deliver_tap+0x2e/0x1b0
[  125.054409][ T6172]  netlink_deliver_tap+0x19c/0x1b0
[  125.054419][ T6172]  netlink_unicast+0x811/0xa10
[  125.054437][ T6172]  ? __pfx_netlink_unicast+0x10/0x10
[  125.054451][ T6172]  ? netlink_sendmsg+0x642/0xb30
[  125.054459][ T6172]  ? skb_put+0x11b/0x210
[  125.054471][ T6172]  netlink_sendmsg+0x805/0xb30
[  125.054479][ T6172]  ? is_bpf_text_address+0x26/0x2b0
[  125.054498][ T6172]  ? __pfx_netlink_sendmsg+0x10/0x10
[  125.054512][ T6172]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  125.054525][ T6172]  ? __pfx_netlink_sendmsg+0x10/0x10
[  125.054535][ T6172]  __sock_sendmsg+0x21c/0x270
[  125.054549][ T6172]  ____sys_sendmsg+0x508/0x820
[  125.054563][ T6172]  ? __pfx_____sys_sendmsg+0x10/0x10
[  125.054584][ T6172]  ? import_iovec+0x74/0xa0
[  125.054596][ T6172]  ___sys_sendmsg+0x21f/0x2a0
[  125.054608][ T6172]  ? __pfx____sys_sendmsg+0x10/0x10
[  125.054638][ T6172]  ? __fget_files+0x2a/0x420
[  125.054651][ T6172]  ? __fget_files+0x3a6/0x420
[  125.054668][ T6172]  __x64_sys_sendmsg+0x1a1/0x260
[  125.054681][ T6172]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  125.054696][ T6172]  ? __pfx_ksys_write+0x10/0x10
[  125.054710][ T6172]  ? do_syscall_64+0xbe/0xfa0
[  125.054724][ T6172]  do_syscall_64+0xfa/0xfa0
[  125.054735][ T6172]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.054746][ T6172]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.054760][ T6172]  ? clear_bhb_loop+0x60/0xb0
[  125.054780][ T6172]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.054795][ T6172] RIP: 0033:0x7fdd33c1efc9
[  125.054810][ T6172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.054824][ T6172] RSP: 002b:00007fdd31e86038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  125.054842][ T6172] RAX: ffffffffffffffda RBX: 00007fdd33e75fa0 RCX: 00007fdd33c1efc9
[  125.054854][ T6172] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  125.054865][ T6172] RBP: 00007fdd31e86090 R08: 0000000000000000 R09: 0000000000000000
[  125.054875][ T6172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  125.054884][ T6172] R13: 00007fdd33e76038 R14: 00007fdd33e75fa0 R15: 00007fff8961c3e8
[  125.054913][ T6172]  </TASK>
[  125.203611][ T1242] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  125.535947][ T1242] usb 2-1: Using ep0 maxpacket: 16
[  125.539145][ T1242] usb 2-1: config 0 interface 0 has no altsetting 0
[  125.539180][ T1242] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  125.539200][ T1242] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.595667][ T1242] usb 2-1: config 0 descriptor??
[  125.807604][ T1242] usb 2-1: string descriptor 0 read error: -71
[  125.828910][ T6176] netlink: 56 bytes leftover after parsing attributes in process `syz.3.70'.
[  125.864881][ T1242] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  125.881297][ T1242] usb 2-1: Detected FT232A
[  125.888359][ T1242] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  125.892430][ T1242] usb 2-1: USB disconnect, device number 4
[  125.912819][ T1242] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  125.926861][ T1242] ftdi_sio 2-1:0.0: device disconnected
[  126.476514][ T6187] ieee802154 phy0 wpan0: encryption failed: -22
[  127.581023][ T6196] 9pnet_fd: Insufficient options for proto=fd
[  127.622257][ T6198] FAULT_INJECTION: forcing a failure.
[  127.622257][ T6198] name failslab, interval 1, probability 0, space 0, times 0
[  127.622289][ T6198] CPU: 0 UID: 0 PID: 6198 Comm: syz.2.78 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  127.622309][ T6198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  127.622319][ T6198] Call Trace:
[  127.622327][ T6198]  <TASK>
[  127.622335][ T6198]  dump_stack_lvl+0x189/0x250
[  127.622363][ T6198]  ? __pfx____ratelimit+0x10/0x10
[  127.622385][ T6198]  ? __pfx_dump_stack_lvl+0x10/0x10
[  127.622409][ T6198]  ? __pfx__printk+0x10/0x10
[  127.622436][ T6198]  ? __lock_acquire+0xab9/0xd20
[  127.622466][ T6198]  should_fail_ex+0x46c/0x600
[  127.622494][ T6198]  ? skb_clone+0x212/0x3a0
[  127.622513][ T6198]  should_failslab+0xa8/0x100
[  127.622538][ T6198]  ? skb_clone+0x212/0x3a0
[  127.622555][ T6198]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  127.622585][ T6198]  skb_clone+0x212/0x3a0
[  127.622609][ T6198]  __netlink_deliver_tap+0x404/0x850
[  127.622641][ T6198]  ? netlink_deliver_tap+0x2e/0x1b0
[  127.622661][ T6198]  netlink_deliver_tap+0x19c/0x1b0
[  127.622681][ T6198]  netlink_unicast+0x811/0xa10
[  127.622714][ T6198]  ? __pfx_netlink_unicast+0x10/0x10
[  127.622739][ T6198]  ? netlink_sendmsg+0x642/0xb30
[  127.622754][ T6198]  ? skb_put+0x11b/0x210
[  127.622775][ T6198]  netlink_sendmsg+0x805/0xb30
[  127.622789][ T6198]  ? is_bpf_text_address+0x26/0x2b0
[  127.622823][ T6198]  ? __pfx_netlink_sendmsg+0x10/0x10
[  127.622849][ T6198]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  127.622871][ T6198]  ? __pfx_netlink_sendmsg+0x10/0x10
[  127.622890][ T6198]  __sock_sendmsg+0x21c/0x270
[  127.622917][ T6198]  ____sys_sendmsg+0x508/0x820
[  127.622943][ T6198]  ? __pfx_____sys_sendmsg+0x10/0x10
[  127.622973][ T6198]  ? import_iovec+0x74/0xa0
[  127.622996][ T6198]  ___sys_sendmsg+0x21f/0x2a0
[  127.623018][ T6198]  ? __pfx____sys_sendmsg+0x10/0x10
[  127.623078][ T6198]  ? __fget_files+0x2a/0x420
[  127.623106][ T6198]  ? __fget_files+0x3a6/0x420
[  127.623139][ T6198]  __x64_sys_sendmsg+0x1a1/0x260
[  127.623162][ T6198]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  127.623193][ T6198]  ? __pfx_ksys_write+0x10/0x10
[  127.623218][ T6198]  ? do_syscall_64+0xbe/0xfa0
[  127.623244][ T6198]  do_syscall_64+0xfa/0xfa0
[  127.623263][ T6198]  ? lockdep_hardirqs_on+0x9c/0x150
[  127.623284][ T6198]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.623303][ T6198]  ? clear_bhb_loop+0x60/0xb0
[  127.623324][ T6198]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.623341][ T6198] RIP: 0033:0x7fb6e39fefc9
[  127.623357][ T6198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  127.623371][ T6198] RSP: 002b:00007fb6e1c5e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  127.623390][ T6198] RAX: ffffffffffffffda RBX: 00007fb6e3c55fa0 RCX: 00007fb6e39fefc9
[  127.623403][ T6198] RDX: 0000000004008c40 RSI: 0000200000000140 RDI: 0000000000000003
[  127.623415][ T6198] RBP: 00007fb6e1c5e090 R08: 0000000000000000 R09: 0000000000000000
[  127.623426][ T6198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  127.623436][ T6198] R13: 00007fb6e3c56038 R14: 00007fb6e3c55fa0 R15: 00007ffdfa05e128
[  127.623468][ T6198]  </TASK>
[  127.816480][ T6203] FAULT_INJECTION: forcing a failure.
[  127.816480][ T6203] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  127.816510][ T6203] CPU: 0 UID: 0 PID: 6203 Comm: syz.3.80 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  127.816530][ T6203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  127.816540][ T6203] Call Trace:
[  127.816547][ T6203]  <TASK>
[  127.816555][ T6203]  dump_stack_lvl+0x189/0x250
[  127.816583][ T6203]  ? __pfx____ratelimit+0x10/0x10
[  127.816603][ T6203]  ? __pfx_dump_stack_lvl+0x10/0x10
[  127.816626][ T6203]  ? __pfx__printk+0x10/0x10
[  127.816661][ T6203]  should_fail_ex+0x46c/0x600
[  127.816689][ T6203]  _copy_to_user+0x31/0xb0
[  127.816710][ T6203]  simple_read_from_buffer+0xe1/0x170
[  127.816737][ T6203]  proc_fail_nth_read+0x1b6/0x220
[  127.816758][ T6203]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  127.816779][ T6203]  ? rw_verify_area+0x2ac/0x4e0
[  127.816798][ T6203]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  127.816817][ T6203]  vfs_read+0x206/0xa30
[  127.816845][ T6203]  ? __pfx_vfs_read+0x10/0x10
[  127.816861][ T6203]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  127.816888][ T6203]  ? mutex_lock_nested+0x154/0x1d0
[  127.816903][ T6203]  ? fdget_pos+0x253/0x320
[  127.816934][ T6203]  ksys_read+0x14b/0x260
[  127.816956][ T6203]  ? __pfx_ksys_read+0x10/0x10
[  127.816979][ T6203]  ? do_syscall_64+0xbe/0xfa0
[  127.817003][ T6203]  do_syscall_64+0xfa/0xfa0
[  127.817021][ T6203]  ? lockdep_hardirqs_on+0x9c/0x150
[  127.817041][ T6203]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.817058][ T6203]  ? clear_bhb_loop+0x60/0xb0
[  127.817078][ T6203]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.817094][ T6203] RIP: 0033:0x7f3ce62cd9dc
[  127.817110][ T6203] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  127.817123][ T6203] RSP: 002b:00007f3ce452e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  127.817141][ T6203] RAX: ffffffffffffffda RBX: 00007f3ce6525fa0 RCX: 00007f3ce62cd9dc
[  127.817153][ T6203] RDX: 000000000000000f RSI: 00007f3ce452e0a0 RDI: 0000000000000003
[  127.817171][ T6203] RBP: 00007f3ce452e090 R08: 0000000000000000 R09: 0000000000000000
[  127.817181][ T6203] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  127.817192][ T6203] R13: 00007f3ce6526038 R14: 00007f3ce6525fa0 R15: 00007ffd36611cb8
[  127.817223][ T6203]  </TASK>
[  127.946444][ T6205] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  128.284716][ T6211] netlink: 'syz.3.84': attribute type 10 has an invalid length.
[  128.397336][ T5873] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  128.476920][ T6216] netlink: 8 bytes leftover after parsing attributes in process `syz.0.87'.
[  128.476956][ T6216] netlink: 'syz.0.87': attribute type 15 has an invalid length.
[  128.476972][ T6216] netlink: 4 bytes leftover after parsing attributes in process `syz.0.87'.
[  128.553553][ T5873] usb 2-1: Using ep0 maxpacket: 32
[  128.556038][ T5873] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  128.556078][ T5873] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  128.556117][ T5873] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  128.556144][ T5873] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  128.556169][ T5873] usb 2-1: config 0 interface 0 has no altsetting 0
[  128.559678][ T5873] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  128.559703][ T5873] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  128.559723][ T5873] usb 2-1: Product: syz
[  128.559737][ T5873] usb 2-1: Manufacturer: syz
[  128.559750][ T5873] usb 2-1: SerialNumber: syz
[  129.205171][ T5873] usb 2-1: config 0 descriptor??
[  129.205476][   T13] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  129.223732][ T5873] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  129.247055][ T3565] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  129.247220][ T3565] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  129.247361][ T3565] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  129.305464][ T5873] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  129.434089][ T5915] usb 2-1: USB disconnect, device number 5
[  129.443393][ T5915] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  129.783640][ T5873] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  129.921982][ T6232] Invalid source name
[  129.921998][ T6232] UBIFS error (pid: 6232): cannot open "./file0", error -22
[  130.024377][ T5873] usb 3-1: Using ep0 maxpacket: 16
[  130.147722][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.147774][ T5873] usb 3-1: New USB device found, idVendor=046d, idProduct=c531, bcdDevice= 0.00
[  130.147886][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.357740][ T5873] usb 3-1: config 0 descriptor??
[  130.447372][ T6233] netlink: 28 bytes leftover after parsing attributes in process `syz.0.91'.
[  130.615167][ T6236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.92'.
[  130.760743][ T6238] FAULT_INJECTION: forcing a failure.
[  130.760743][ T6238] name failslab, interval 1, probability 0, space 0, times 0
[  130.760829][ T6238] CPU: 0 UID: 0 PID: 6238 Comm: syz.3.93 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  130.760850][ T6238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  130.760860][ T6238] Call Trace:
[  130.760868][ T6238]  <TASK>
[  130.760876][ T6238]  dump_stack_lvl+0x189/0x250
[  130.760904][ T6238]  ? __pfx____ratelimit+0x10/0x10
[  130.760925][ T6238]  ? __pfx_dump_stack_lvl+0x10/0x10
[  130.760952][ T6238]  ? __pfx__printk+0x10/0x10
[  130.760978][ T6238]  ? __lock_acquire+0xab9/0xd20
[  130.761006][ T6238]  should_fail_ex+0x46c/0x600
[  130.761033][ T6238]  ? skb_clone+0x212/0x3a0
[  130.761052][ T6238]  should_failslab+0xa8/0x100
[  130.761083][ T6238]  ? skb_clone+0x212/0x3a0
[  130.761100][ T6238]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  130.761129][ T6238]  skb_clone+0x212/0x3a0
[  130.761153][ T6238]  __netlink_deliver_tap+0x404/0x850
[  130.761183][ T6238]  ? netlink_deliver_tap+0x2e/0x1b0
[  130.761203][ T6238]  netlink_deliver_tap+0x19c/0x1b0
[  130.761222][ T6238]  netlink_unicast+0x811/0xa10
[  130.761254][ T6238]  ? __pfx_netlink_unicast+0x10/0x10
[  130.761279][ T6238]  ? netlink_sendmsg+0x642/0xb30
[  130.761295][ T6238]  ? skb_put+0x11b/0x210
[  130.761317][ T6238]  netlink_sendmsg+0x805/0xb30
[  130.761333][ T6238]  ? is_bpf_text_address+0x26/0x2b0
[  130.761366][ T6238]  ? __pfx_netlink_sendmsg+0x10/0x10
[  130.761392][ T6238]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  130.761414][ T6238]  ? __pfx_netlink_sendmsg+0x10/0x10
[  130.761433][ T6238]  __sock_sendmsg+0x21c/0x270
[  130.761459][ T6238]  ____sys_sendmsg+0x508/0x820
[  130.761484][ T6238]  ? __pfx_____sys_sendmsg+0x10/0x10
[  130.761514][ T6238]  ? import_iovec+0x74/0xa0
[  130.761536][ T6238]  ___sys_sendmsg+0x21f/0x2a0
[  130.761558][ T6238]  ? __pfx____sys_sendmsg+0x10/0x10
[  130.761617][ T6238]  ? __fget_files+0x2a/0x420
[  130.761638][ T6238]  ? __fget_files+0x3a6/0x420
[  130.761671][ T6238]  __x64_sys_sendmsg+0x1a1/0x260
[  130.761693][ T6238]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  130.761723][ T6238]  ? __pfx_ksys_write+0x10/0x10
[  130.761748][ T6238]  ? do_syscall_64+0xbe/0xfa0
[  130.761773][ T6238]  do_syscall_64+0xfa/0xfa0
[  130.761794][ T6238]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.761811][ T6238]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  130.761827][ T6238]  ? clear_bhb_loop+0x60/0xb0
[  130.761849][ T6238]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  130.761865][ T6238] RIP: 0033:0x7f3ce62cefc9
[  130.761881][ T6238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.761895][ T6238] RSP: 002b:00007f3ce452e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  130.761915][ T6238] RAX: ffffffffffffffda RBX: 00007f3ce6525fa0 RCX: 00007f3ce62cefc9
[  130.761928][ T6238] RDX: 0000000000000080 RSI: 0000200000000440 RDI: 0000000000000003
[  130.761939][ T6238] RBP: 00007f3ce452e090 R08: 0000000000000000 R09: 0000000000000000
[  130.761950][ T6238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  130.761961][ T6238] R13: 00007f3ce6526038 R14: 00007f3ce6525fa0 R15: 00007ffd36611cb8
[  130.761992][ T6238]  </TASK>
[  130.762111][ T6238] netlink: 12 bytes leftover after parsing attributes in process `syz.3.93'.
[  131.119122][ T5873] usb 3-1: USB disconnect, device number 4
[  132.043589][ T1242] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  132.068516][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805d1b1800: rx timeout, send abort
[  132.079633][ T5873] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  132.273897][ T5873] usb 4-1: device descriptor read/64, error -71
[  132.307694][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805df75800: rx timeout, send abort
[  132.468731][ T1242] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  132.468756][ T1242] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  132.474774][ T1242] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  132.474803][ T1242] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  132.474823][ T1242] usb 5-1: SerialNumber: syz
[  132.523599][ T5873] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  132.570684][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805d1b1800: abort rx timeout. Force session deactivation
[  132.653755][ T5873] usb 4-1: device descriptor read/64, error -71
[  132.736447][ T6260] FAULT_INJECTION: forcing a failure.
[  132.736447][ T6260] name failslab, interval 1, probability 0, space 0, times 0
[  132.736477][ T6260] CPU: 0 UID: 0 PID: 6260 Comm: syz.2.100 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  132.736498][ T6260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  132.736507][ T6260] Call Trace:
[  132.736514][ T6260]  <TASK>
[  132.736522][ T6260]  dump_stack_lvl+0x189/0x250
[  132.736550][ T6260]  ? __pfx____ratelimit+0x10/0x10
[  132.736571][ T6260]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.736594][ T6260]  ? __pfx__printk+0x10/0x10
[  132.736620][ T6260]  ? __lock_acquire+0xab9/0xd20
[  132.736647][ T6260]  should_fail_ex+0x46c/0x600
[  132.736674][ T6260]  ? skb_clone+0x212/0x3a0
[  132.736693][ T6260]  should_failslab+0xa8/0x100
[  132.736718][ T6260]  ? skb_clone+0x212/0x3a0
[  132.736735][ T6260]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  132.736765][ T6260]  skb_clone+0x212/0x3a0
[  132.736788][ T6260]  __netlink_deliver_tap+0x404/0x850
[  132.736819][ T6260]  ? netlink_deliver_tap+0x2e/0x1b0
[  132.736839][ T6260]  netlink_deliver_tap+0x19c/0x1b0
[  132.736856][ T6260]  netlink_unicast+0x811/0xa10
[  132.736887][ T6260]  ? __pfx_netlink_unicast+0x10/0x10
[  132.736918][ T6260]  ? netlink_sendmsg+0x642/0xb30
[  132.736932][ T6260]  ? skb_put+0x11b/0x210
[  132.736953][ T6260]  netlink_sendmsg+0x805/0xb30
[  132.736969][ T6260]  ? is_bpf_text_address+0x26/0x2b0
[  132.737002][ T6260]  ? __pfx_netlink_sendmsg+0x10/0x10
[  132.737032][ T6260]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  132.737054][ T6260]  ? __pfx_netlink_sendmsg+0x10/0x10
[  132.737071][ T6260]  __sock_sendmsg+0x21c/0x270
[  132.737097][ T6260]  ____sys_sendmsg+0x508/0x820
[  132.737122][ T6260]  ? __pfx_____sys_sendmsg+0x10/0x10
[  132.737151][ T6260]  ? import_iovec+0x74/0xa0
[  132.737174][ T6260]  ___sys_sendmsg+0x21f/0x2a0
[  132.737196][ T6260]  ? __pfx____sys_sendmsg+0x10/0x10
[  132.737253][ T6260]  ? __fget_files+0x2a/0x420
[  132.737275][ T6260]  ? __fget_files+0x3a6/0x420
[  132.737307][ T6260]  __x64_sys_sendmsg+0x1a1/0x260
[  132.737330][ T6260]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  132.737360][ T6260]  ? __pfx_ksys_write+0x10/0x10
[  132.737386][ T6260]  ? do_syscall_64+0xbe/0xfa0
[  132.737411][ T6260]  do_syscall_64+0xfa/0xfa0
[  132.737429][ T6260]  ? lockdep_hardirqs_on+0x9c/0x150
[  132.737450][ T6260]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.737467][ T6260]  ? clear_bhb_loop+0x60/0xb0
[  132.737488][ T6260]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.737504][ T6260] RIP: 0033:0x7fb6e39fefc9
[  132.737520][ T6260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.737533][ T6260] RSP: 002b:00007fb6e1c5e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  132.737552][ T6260] RAX: ffffffffffffffda RBX: 00007fb6e3c55fa0 RCX: 00007fb6e39fefc9
[  132.737564][ T6260] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[  132.737575][ T6260] RBP: 00007fb6e1c5e090 R08: 0000000000000000 R09: 0000000000000000
[  132.737586][ T6260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  132.737595][ T6260] R13: 00007fb6e3c56038 R14: 00007fb6e3c55fa0 R15: 00007ffdfa05e128
[  132.737621][ T6260]  </TASK>
[  132.781350][ T5873] usb usb4-port1: attempt power cycle
[  132.808340][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805df75800: abort rx timeout. Force session deactivation
[  132.808701][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  132.808765][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  133.705048][ T1242] usb 5-1: 0:2 : does not exist
[  133.706349][ T6260] netlink: 'syz.2.100': attribute type 10 has an invalid length.
[  133.707138][ T1242] usb 5-1: unit 5: unexpected type 0x0c
[  133.728418][ T6265] fuse: Unknown parameter 'use00000000000000000003'
[  133.786748][ T5873] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  133.816241][ T5873] usb 4-1: device descriptor read/8, error -71
[  133.933908][ T1242] usb 5-1: USB disconnect, device number 4
[  134.063642][ T5873] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  134.074534][ T5873] usb 4-1: device descriptor read/8, error -71
[  134.161236][ T5859] udevd[5859]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  134.184160][ T5873] usb usb4-port1: unable to enumerate USB device
[  134.493579][ T5873] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  134.643782][ T1242] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  134.663655][ T5873] usb 2-1: Using ep0 maxpacket: 32
[  134.667538][ T5873] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  134.667581][ T5873] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  134.667619][ T5873] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  134.667643][ T5873] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  134.667668][ T5873] usb 2-1: config 0 interface 0 has no altsetting 0
[  134.671187][ T5873] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  134.671211][ T5873] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  134.671230][ T5873] usb 2-1: Product: syz
[  134.671242][ T5873] usb 2-1: Manufacturer: syz
[  134.671256][ T5873] usb 2-1: SerialNumber: syz
[  134.702762][ T6285] netlink: 'syz.0.110': attribute type 1 has an invalid length.
[  134.766319][ T6287] netlink: 28 bytes leftover after parsing attributes in process `syz.0.110'.
[  134.787101][ T6285] bond1: entered promiscuous mode
[  134.787689][ T6285] 8021q: adding VLAN 0 to HW filter on device bond1
[  134.792640][ T6287] bond1: entered allmulticast mode
[  134.794425][ T1242] usb 5-1: Using ep0 maxpacket: 32
[  134.806096][ T1242] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  134.806120][ T1242] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.849147][ T5873] usb 2-1: config 0 descriptor??
[  134.863399][ T5873] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  134.865632][ T1242] usb 5-1: config 0 descriptor??
[  134.892418][ T5873] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  135.070284][ T1242] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  135.097661][ T5887] usb 2-1: USB disconnect, device number 6
[  135.126051][ T5887] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  135.129288][ T1242] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  135.167310][ T1242] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  135.167400][ T1242] usb 5-1: media controller created
[  135.257886][ T1242] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  135.271962][ T6281] FAULT_INJECTION: forcing a failure.
[  135.271962][ T6281] name failslab, interval 1, probability 0, space 0, times 0
[  135.271992][ T6281] CPU: 1 UID: 0 PID: 6281 Comm: syz.4.108 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  135.272012][ T6281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  135.272022][ T6281] Call Trace:
[  135.272029][ T6281]  <TASK>
[  135.272037][ T6281]  dump_stack_lvl+0x189/0x250
[  135.272065][ T6281]  ? __pfx____ratelimit+0x10/0x10
[  135.272086][ T6281]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.272110][ T6281]  ? __pfx__printk+0x10/0x10
[  135.272136][ T6281]  ? __pfx___might_resched+0x10/0x10
[  135.272159][ T6281]  should_fail_ex+0x46c/0x600
[  135.272187][ T6281]  should_failslab+0xa8/0x100
[  135.272212][ T6281]  __kmalloc_cache_noprof+0x6f/0x6c0
[  135.272235][ T6281]  ? __i2c_smbus_xfer+0xc43/0x1e50
[  135.272264][ T6281]  __i2c_smbus_xfer+0xc43/0x1e50
[  135.272282][ T6281]  ? __lock_acquire+0xab9/0xd20
[  135.272312][ T6281]  ? do_raw_spin_lock+0x121/0x290
[  135.272335][ T6281]  ? __pfx___i2c_smbus_xfer+0x10/0x10
[  135.272358][ T6281]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  135.272383][ T6281]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  135.272404][ T6281]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  135.272435][ T6281]  ? rt_mutex_lock_nested+0x15e/0x1e0
[  135.272463][ T6281]  i2c_smbus_xfer+0x275/0x3c0
[  135.272482][ T6281]  ? __pfx_i2c_smbus_xfer+0x10/0x10
[  135.272518][ T6281]  i2cdev_ioctl_smbus+0x43d/0x6d0
[  135.272547][ T6281]  ? __pfx_i2cdev_ioctl_smbus+0x10/0x10
[  135.272587][ T6281]  i2cdev_ioctl+0x5d6/0x800
[  135.272608][ T6281]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  135.272635][ T6281]  ? __fget_files+0x2a/0x420
[  135.272661][ T6281]  ? bpf_lsm_file_ioctl+0x9/0x20
[  135.272678][ T6281]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  135.272700][ T6281]  __se_sys_ioctl+0xff/0x170
[  135.272722][ T6281]  do_syscall_64+0xfa/0xfa0
[  135.272741][ T6281]  ? lockdep_hardirqs_on+0x9c/0x150
[  135.272761][ T6281]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.272778][ T6281]  ? clear_bhb_loop+0x60/0xb0
[  135.272799][ T6281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.272815][ T6281] RIP: 0033:0x7fdd33c1efc9
[  135.272831][ T6281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.272845][ T6281] RSP: 002b:00007fdd31e86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  135.272864][ T6281] RAX: ffffffffffffffda RBX: 00007fdd33e75fa0 RCX: 00007fdd33c1efc9
[  135.272877][ T6281] RDX: 0000200000000080 RSI: 0000000000000720 RDI: 0000000000000004
[  135.272888][ T6281] RBP: 00007fdd31e86090 R08: 0000000000000000 R09: 0000000000000000
[  135.272899][ T6281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.272909][ T6281] R13: 00007fdd33e76038 R14: 00007fdd33e75fa0 R15: 00007fff8961c3e8
[  135.272940][ T6281]  </TASK>
[  135.555216][ T5880] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  135.796073][ T5880] usb 4-1: config 4 has an invalid interface number: 88 but max is 0
[  135.796099][ T5880] usb 4-1: config 4 has no interface number 0
[  135.796146][ T5880] usb 4-1: config 4 interface 88 has no altsetting 0
[  135.799957][ T5880] usb 4-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  135.799983][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.800002][ T5880] usb 4-1: Product: syz
[  135.800016][ T5880] usb 4-1: Manufacturer: syz
[  135.800029][ T5880] usb 4-1: SerialNumber: syz
[  135.983170][ T6279] Invalid source name
[  135.983186][ T6279] UBIFS error (pid: 6279): cannot open "./file0", error -22
[  136.311553][ T6298] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  136.379239][ T6297] [U] R5¡JCÒ°~V6“˜|‡7§¤Á…KXVZZËG—RÙÔ   
[  136.391255][ T1242] az6027: usb out operation failed. (-71)
[  136.392159][ T1242] az6027: usb out operation failed. (-71)
[  136.392173][ T1242] stb0899_attach: Driver disabled by Kconfig
[  136.392182][ T1242] az6027: no front-end attached
[  136.392182][ T1242] 
[  136.393353][ T1242] az6027: usb out operation failed. (-71)
[  136.393374][ T1242] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  136.454875][ T1242] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input7
[  136.457520][ T1242] dvb-usb: schedule remote query interval to 400 msecs.
[  136.457537][ T1242] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  136.461707][ T1242] usb 5-1: USB disconnect, device number 5
[  136.499351][ T6305] fuse: Unknown parameter 'use00000000000000000003'
[  136.675522][ T1242] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  136.869097][ T6313] FAULT_INJECTION: forcing a failure.
[  136.869097][ T6313] name failslab, interval 1, probability 0, space 0, times 0
[  136.869130][ T6313] CPU: 0 UID: 0 PID: 6313 Comm: syz.0.118 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  136.869151][ T6313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  136.869161][ T6313] Call Trace:
[  136.869168][ T6313]  <TASK>
[  136.869176][ T6313]  dump_stack_lvl+0x189/0x250
[  136.869204][ T6313]  ? __pfx____ratelimit+0x10/0x10
[  136.869226][ T6313]  ? __pfx_dump_stack_lvl+0x10/0x10
[  136.869250][ T6313]  ? __pfx__printk+0x10/0x10
[  136.869276][ T6313]  ? __pfx___might_resched+0x10/0x10
[  136.869298][ T6313]  should_fail_ex+0x46c/0x600
[  136.869326][ T6313]  should_failslab+0xa8/0x100
[  136.869352][ T6313]  __kmalloc_noprof+0xcc/0x7d0
[  136.869373][ T6313]  ? smk_write_net6addr+0x163/0x13e0
[  136.869391][ T6313]  ? _copy_from_user+0x94/0xb0
[  136.869414][ T6313]  smk_write_net6addr+0x163/0x13e0
[  136.869434][ T6313]  ? __lock_acquire+0xab9/0xd20
[  136.869468][ T6313]  ? __pfx_smk_write_net6addr+0x10/0x10
[  136.869484][ T6313]  ? rcu_read_lock_any_held+0xb3/0x120
[  136.869502][ T6313]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  136.869530][ T6313]  ? __pfx_smk_write_net6addr+0x10/0x10
[  136.869558][ T6313]  vfs_write+0x287/0xb40
[  136.869588][ T6313]  ? __pfx_vfs_write+0x10/0x10
[  136.869606][ T6313]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  136.869634][ T6313]  ? mutex_lock_nested+0x154/0x1d0
[  136.869650][ T6313]  ? fdget_pos+0x253/0x320
[  136.869681][ T6313]  ksys_write+0x14b/0x260
[  136.869704][ T6313]  ? __pfx_ksys_write+0x10/0x10
[  136.869728][ T6313]  ? do_syscall_64+0xbe/0xfa0
[  136.869753][ T6313]  do_syscall_64+0xfa/0xfa0
[  136.869775][ T6313]  ? lockdep_hardirqs_on+0x9c/0x150
[  136.869795][ T6313]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.869811][ T6313]  ? clear_bhb_loop+0x60/0xb0
[  136.869831][ T6313]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.869847][ T6313] RIP: 0033:0x7fbff9fbefc9
[  136.869862][ T6313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.869875][ T6313] RSP: 002b:00007fbff8226038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  136.869893][ T6313] RAX: ffffffffffffffda RBX: 00007fbffa215fa0 RCX: 00007fbff9fbefc9
[  136.869906][ T6313] RDX: 00000000000000b1 RSI: 00002000000002c0 RDI: 0000000000000003
[  136.869916][ T6313] RBP: 00007fbff8226090 R08: 0000000000000000 R09: 0000000000000000
[  136.869926][ T6313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.869936][ T6313] R13: 00007fbffa216038 R14: 00007fbffa215fa0 R15: 00007ffeb3c57338
[  136.869969][ T6313]  </TASK>
[  137.197454][ T6317] process 'syz.0.121' launched '/dev/fd/6' with NULL argv: empty string added
[  137.359253][ T6283] Bluetooth: MGMT ver 1.23
[  137.552354][   T31] usb 4-1: USB disconnect, device number 7
[  137.767670][ T6332] pim6reg1: entered promiscuous mode
[  137.767708][ T6332] pim6reg1: entered allmulticast mode
[  137.918692][ T6339] fuse: Unknown parameter 'use00000000000000000003'
[  138.177628][   T31] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  138.242144][ T6349] netlink: 8 bytes leftover after parsing attributes in process `syz.2.132'.
[  138.313607][ T1242] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  138.335501][   T31] usb 1-1: Using ep0 maxpacket: 32
[  138.342567][   T31] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  138.342595][   T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  138.342621][   T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  138.342661][   T31] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  138.342683][   T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.574660][ T1242] usb 2-1: Using ep0 maxpacket: 32
[  138.707011][   T31] usb 1-1: config 0 descriptor??
[  138.790440][ T6341] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  138.843664][ T1242] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  138.844100][ T1242] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  138.844899][ T1242] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  138.844993][ T1242] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  138.845086][ T1242] usb 2-1: config 0 interface 0 has no altsetting 0
[  139.049180][   T31] hub 1-1:0.0: USB hub found
[  139.093744][ T1242] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  139.093771][ T1242] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  139.093851][ T1242] usb 2-1: Product: syz
[  139.093865][ T1242] usb 2-1: Manufacturer: syz
[  139.093877][ T1242] usb 2-1: SerialNumber: syz
[  139.123748][   T31] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[  139.999775][ T1242] usb 2-1: config 0 descriptor??
[  140.080663][ T1242] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  140.093093][   T31] usbhid 1-1:0.0: can't add hid device: -71
[  140.093214][   T31] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  140.116642][ T1242] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  140.158362][   T31] usb 1-1: USB disconnect, device number 7
[  140.217667][  T991] usb 2-1: USB disconnect, device number 7
[  140.225268][  T991] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  140.810161][ T6361] Invalid source name
[  140.810177][ T6361] UBIFS error (pid: 6361): cannot open "./file0", error -22
[  141.414412][ T6373] fuse: Unknown parameter 'user_i00000000000000000003'
[  141.933594][  T991] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  142.063712][  T991] usb 5-1: device descriptor read/64, error -71
[  142.133697][   T31] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  142.332586][  T991] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  142.463975][  T991] usb 5-1: device descriptor read/64, error -71
[  142.575489][  T991] usb usb5-port1: attempt power cycle
[  143.147885][   T31] usb 2-1: config 4 has an invalid interface number: 88 but max is 0
[  143.147912][   T31] usb 2-1: config 4 has no interface number 0
[  143.147958][   T31] usb 2-1: config 4 interface 88 has no altsetting 0
[  143.166122][   T31] usb 2-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  143.166147][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.166165][   T31] usb 2-1: Product: syz
[  143.166178][   T31] usb 2-1: Manufacturer: syz
[  143.166190][   T31] usb 2-1: SerialNumber: syz
[  143.243805][  T991] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  143.264446][  T991] usb 5-1: device descriptor read/8, error -71
[  143.459850][ T6396] netlink: 16 bytes leftover after parsing attributes in process `syz.2.147'.
[  143.513744][  T991] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  143.534569][  T991] usb 5-1: device descriptor read/8, error -71
[  143.644068][  T991] usb usb5-port1: unable to enumerate USB device
[  143.796758][ T6404] fuse: Unknown parameter 'user_i00000000000000000003'
[  144.003665][ T5880] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  144.191926][ T5880] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  144.191987][ T5880] usb 3-1: config 0 has no interfaces?
[  144.192087][ T5880] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  144.192109][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.416943][ T5880] usb 3-1: config 0 descriptor??
[  145.028545][ T5852] usb 3-1: USB disconnect, device number 5
[  145.115406][  T991] usb 2-1: USB disconnect, device number 8
[  145.235563][ T6419] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  145.398893][ T6412] [U] R5¡JCÒ°~V6“˜|‡7§¤Á…KXVZZËG—RÙÔ   
[  145.463576][ T5887] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  145.490957][  T991] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  145.596821][  T991] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  145.626198][ T5887] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  145.626231][ T5887] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  145.626254][ T5887] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  145.626295][ T5887] usb 4-1: New USB device found, idVendor=0458, idProduct=5019, bcdDevice= 0.00
[  145.626317][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.631713][ T5887] usb 4-1: config 0 descriptor??
[  145.816500][ T6433] fuse: Unknown parameter 'user_i00000000000000000003'
[  146.063833][ T5915] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  146.623660][ T5915] usb 5-1: Using ep0 maxpacket: 32
[  146.623727][ T5887] usbhid 4-1:0.0: can't add hid device: -71
[  146.623838][ T5887] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  146.626190][ T5915] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  146.626217][ T5915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  146.626243][ T5915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  146.626284][ T5915] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  146.626304][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.678659][ T5915] usb 5-1: config 0 descriptor??
[  146.679440][ T6429] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  146.688188][ T5915] hub 5-1:0.0: USB hub found
[  146.749172][ T5887] usb 4-1: USB disconnect, device number 8
[  146.900639][ T5915] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  147.785071][ T5915] usbhid 5-1:0.0: can't add hid device: -71
[  147.785193][ T5915] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  147.842489][ T5915] usb 5-1: USB disconnect, device number 10
[  148.363616][ T5915] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  148.486196][ T5852] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  148.519549][ T5915] usb 1-1: unable to get BOS descriptor or descriptor too short
[  148.521192][ T5915] usb 1-1: not running at top speed; connect to a high speed hub
[  148.540463][ T5915] usb 1-1: config 249 has an invalid interface number: 222 but max is 0
[  148.540496][ T5915] usb 1-1: config 249 has no interface number 0
[  148.540548][ T5915] usb 1-1: config 249 interface 222 altsetting 1 endpoint 0x2 has invalid maxpacket 1024, setting to 64
[  148.540575][ T5915] usb 1-1: config 249 interface 222 altsetting 1 endpoint 0xE has invalid wMaxPacketSize 0
[  148.540596][ T5915] usb 1-1: config 249 interface 222 has no altsetting 0
[  148.559228][ T5915] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0106, bcdDevice=44.ce
[  148.559256][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.559273][ T5915] usb 1-1: Product: syz
[  148.559286][ T5915] usb 1-1: Manufacturer: syz
[  148.559299][ T5915] usb 1-1: SerialNumber: syz
[  148.586665][ T6425] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  148.716161][ T5852] usb 4-1: config 4 has an invalid interface number: 88 but max is 0
[  148.716189][ T5852] usb 4-1: config 4 has no interface number 0
[  148.716265][ T5852] usb 4-1: config 4 interface 88 has no altsetting 0
[  148.745070][ T5852] usb 4-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  148.745098][ T5852] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.745117][ T5852] usb 4-1: Product: syz
[  148.745130][ T5852] usb 4-1: Manufacturer: syz
[  148.745144][ T5852] usb 4-1: SerialNumber: syz
[  148.929189][ T5915] kvaser_usb 1-1:249.222: error -ENODEV: Cannot get usb endpoint(s)
[  149.027020][ T5915] usb 1-1: USB disconnect, device number 8
[  149.433780][ T6449] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  149.882546][ T6465] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  149.992005][ T5915] usb 4-1: USB disconnect, device number 9
[  150.161639][ T6472] FAULT_INJECTION: forcing a failure.
[  150.161639][ T6472] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  150.161669][ T6472] CPU: 1 UID: 0 PID: 6472 Comm: syz.1.172 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  150.161690][ T6472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  150.161700][ T6472] Call Trace:
[  150.161707][ T6472]  <TASK>
[  150.161715][ T6472]  dump_stack_lvl+0x189/0x250
[  150.161743][ T6472]  ? __pfx____ratelimit+0x10/0x10
[  150.161764][ T6472]  ? __pfx_dump_stack_lvl+0x10/0x10
[  150.161788][ T6472]  ? __pfx__printk+0x10/0x10
[  150.161820][ T6472]  should_fail_ex+0x46c/0x600
[  150.161849][ T6472]  _copy_to_user+0x31/0xb0
[  150.161870][ T6472]  drm_ioctl+0x6aa/0xb20
[  150.161894][ T6472]  ? __pfx_drm_mode_addfb2_ioctl+0x10/0x10
[  150.161922][ T6472]  ? __pfx_drm_ioctl+0x10/0x10
[  150.161954][ T6472]  ? __fget_files+0x3a6/0x420
[  150.161976][ T6472]  ? __fget_files+0x2a/0x420
[  150.162001][ T6472]  ? bpf_lsm_file_ioctl+0x9/0x20
[  150.162017][ T6472]  ? __pfx_drm_ioctl+0x10/0x10
[  150.162035][ T6472]  __se_sys_ioctl+0xff/0x170
[  150.162056][ T6472]  do_syscall_64+0xfa/0xfa0
[  150.162075][ T6472]  ? lockdep_hardirqs_on+0x9c/0x150
[  150.162095][ T6472]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.162112][ T6472]  ? clear_bhb_loop+0x60/0xb0
[  150.162132][ T6472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.162149][ T6472] RIP: 0033:0x7f94e1eaefc9
[  150.162165][ T6472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.162179][ T6472] RSP: 002b:00007f94e0116038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  150.162198][ T6472] RAX: ffffffffffffffda RBX: 00007f94e2105fa0 RCX: 00007f94e1eaefc9
[  150.162211][ T6472] RDX: 00002000000001c0 RSI: 00000000c06864b8 RDI: 0000000000000003
[  150.162222][ T6472] RBP: 00007f94e0116090 R08: 0000000000000000 R09: 0000000000000000
[  150.162233][ T6472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.162244][ T6472] R13: 00007f94e2106038 R14: 00007f94e2105fa0 R15: 00007ffd703b8618
[  150.162274][ T6472]  </TASK>
[  150.764754][ T6475] fuse: Unknown parameter 'user_id00000000000000000003'
[  150.882625][ T6478] netlink: 'syz.3.175': attribute type 2 has an invalid length.
[  151.863928][ T6478] bond1: option arp_validate: mode dependency failed, not supported in mode balance-tlb(5)
[  151.937253][ T6493] vivid-000: disconnect
[  152.712320][ T6484] vivid-000: reconnect
[  153.026664][ T6478] bond1 (unregistering): Released all slaves
[  153.621575][ T6501] netlink: 12 bytes leftover after parsing attributes in process `syz.2.181'.
[  153.621650][ T6501] netlink: 'syz.2.181': attribute type 1 has an invalid length.
[  153.621663][ T6501] netlink: 44 bytes leftover after parsing attributes in process `syz.2.181'.
[  153.840307][ T6506] netlink: 'syz.4.182': attribute type 1 has an invalid length.
[  153.894336][ T6507] netlink: 28 bytes leftover after parsing attributes in process `syz.4.182'.
[  154.864791][ T6506] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  155.581090][ T6524] fuse: Unknown parameter 'user_id00000000000000000003'
[  155.783548][ T5887] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  155.936864][ T5887] usb 3-1: config 4 has an invalid interface number: 88 but max is 0
[  155.936890][ T5887] usb 3-1: config 4 has no interface number 0
[  155.936941][ T5887] usb 3-1: config 4 interface 88 has no altsetting 0
[  155.943000][ T5887] usb 3-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  155.943026][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.943045][ T5887] usb 3-1: Product: syz
[  155.943058][ T5887] usb 3-1: Manufacturer: syz
[  155.943071][ T5887] usb 3-1: SerialNumber: syz
[  156.330482][    C1] vkms_vblank_simulate: vblank timer overrun
[  156.818123][    C1] vkms_vblank_simulate: vblank timer overrun
[  157.360127][    C1] vkms_vblank_simulate: vblank timer overrun
[  157.544078][ T6538] FAULT_INJECTION: forcing a failure.
[  157.544078][ T6538] name failslab, interval 1, probability 0, space 0, times 0
[  157.544135][ T6538] CPU: 1 UID: 0 PID: 6538 Comm: syz.0.190 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  157.544156][ T6538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  157.544166][ T6538] Call Trace:
[  157.544173][ T6538]  <TASK>
[  157.544181][ T6538]  dump_stack_lvl+0x189/0x250
[  157.544210][ T6538]  ? __pfx____ratelimit+0x10/0x10
[  157.544231][ T6538]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.544255][ T6538]  ? __pfx__printk+0x10/0x10
[  157.544281][ T6538]  ? __pfx___might_resched+0x10/0x10
[  157.544300][ T6538]  ? fs_reclaim_acquire+0x7d/0x100
[  157.544327][ T6538]  should_fail_ex+0x46c/0x600
[  157.544355][ T6538]  should_failslab+0xa8/0x100
[  157.544380][ T6538]  __kmalloc_cache_noprof+0x6f/0x6c0
[  157.544403][ T6538]  ? alloc_ucounts+0xa9/0x340
[  157.544421][ T6538]  ? find_ucounts+0x29d/0x2d0
[  157.544445][ T6538]  alloc_ucounts+0xa9/0x340
[  157.544470][ T6538]  set_cred_ucounts+0x10c/0x1c0
[  157.544505][ T6538]  __sys_setresuid+0x7ff/0xc40
[  157.544534][ T6538]  do_syscall_64+0xfa/0xfa0
[  157.544553][ T6538]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.544566][ T6538]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  157.544577][ T6538]  ? clear_bhb_loop+0x60/0xb0
[  157.544595][ T6538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  157.544609][ T6538] RIP: 0033:0x7fbff9fbefc9
[  157.544707][ T6538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  157.544726][ T6538] RSP: 002b:00007fbff81e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000075
[  157.544745][ T6538] RAX: ffffffffffffffda RBX: 00007fbffa216180 RCX: 00007fbff9fbefc9
[  157.544756][ T6538] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee01
[  157.544765][ T6538] RBP: 00007fbff81e4090 R08: 0000000000000000 R09: 0000000000000000
[  157.544773][ T6538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  157.544782][ T6538] R13: 00007fbffa216218 R14: 00007fbffa216180 R15: 00007ffeb3c57338
[  157.544810][ T6538]  </TASK>
[  157.595974][    C1] vkms_vblank_simulate: vblank timer overrun
[  158.127621][ T6539] FAULT_INJECTION: forcing a failure.
[  158.127621][ T6539] name failslab, interval 1, probability 0, space 0, times 0
[  158.129824][ T6539] CPU: 1 UID: 0 PID: 6539 Comm: syz.4.191 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  158.129846][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  158.129854][ T6539] Call Trace:
[  158.129860][ T6539]  <TASK>
[  158.129868][ T6539]  dump_stack_lvl+0x189/0x250
[  158.129892][ T6539]  ? __pfx____ratelimit+0x10/0x10
[  158.129913][ T6539]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.129936][ T6539]  ? __pfx__printk+0x10/0x10
[  158.129963][ T6539]  ? __pfx___might_resched+0x10/0x10
[  158.129980][ T6539]  ? fs_reclaim_acquire+0x7d/0x100
[  158.130008][ T6539]  should_fail_ex+0x46c/0x600
[  158.130037][ T6539]  should_failslab+0xa8/0x100
[  158.130061][ T6539]  __kmalloc_noprof+0xcc/0x7d0
[  158.130082][ T6539]  ? __lock_acquire+0xab9/0xd20
[  158.130101][ T6539]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  158.130130][ T6539]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  158.130159][ T6539]  genl_family_rcv_msg_doit+0xb8/0x300
[  158.130187][ T6539]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  158.130211][ T6539]  ? rcu_is_watching+0x15/0xb0
[  158.130229][ T6539]  ? cap_capable+0x11f/0x460
[  158.130246][ T6539]  ? safesetid_security_capable+0xa9/0x1a0
[  158.130272][ T6539]  ? bpf_lsm_capable+0x9/0x20
[  158.130289][ T6539]  ? security_capable+0x7e/0x2e0
[  158.130316][ T6539]  genl_rcv_msg+0x60e/0x790
[  158.130344][ T6539]  ? __pfx_genl_rcv_msg+0x10/0x10
[  158.130364][ T6539]  ? __pfx_netlbl_cipsov4_add+0x10/0x10
[  158.130387][ T6539]  ? __lock_acquire+0xab9/0xd20
[  158.130425][ T6539]  netlink_rcv_skb+0x208/0x470
[  158.130443][ T6539]  ? __pfx_genl_rcv_msg+0x10/0x10
[  158.130466][ T6539]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  158.130500][ T6539]  ? netlink_deliver_tap+0x2e/0x1b0
[  158.130517][ T6539]  ? netlink_deliver_tap+0x2e/0x1b0
[  158.130539][ T6539]  genl_rcv+0x28/0x40
[  158.130558][ T6539]  netlink_unicast+0x846/0xa10
[  158.130591][ T6539]  ? __pfx_netlink_unicast+0x10/0x10
[  158.130616][ T6539]  ? netlink_sendmsg+0x642/0xb30
[  158.130631][ T6539]  ? skb_put+0x11b/0x210
[  158.130653][ T6539]  netlink_sendmsg+0x805/0xb30
[  158.130669][ T6539]  ? is_bpf_text_address+0x26/0x2b0
[  158.130702][ T6539]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.130729][ T6539]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  158.130751][ T6539]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.130769][ T6539]  __sock_sendmsg+0x21c/0x270
[  158.130799][ T6539]  ____sys_sendmsg+0x508/0x820
[  158.130826][ T6539]  ? __pfx_____sys_sendmsg+0x10/0x10
[  158.130855][ T6539]  ? import_iovec+0x74/0xa0
[  158.130878][ T6539]  ___sys_sendmsg+0x21f/0x2a0
[  158.130900][ T6539]  ? __pfx____sys_sendmsg+0x10/0x10
[  158.130960][ T6539]  ? __fget_files+0x2a/0x420
[  158.130981][ T6539]  ? __fget_files+0x3a6/0x420
[  158.131014][ T6539]  __x64_sys_sendmsg+0x1a1/0x260
[  158.131037][ T6539]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  158.131067][ T6539]  ? __pfx_ksys_write+0x10/0x10
[  158.131092][ T6539]  ? do_syscall_64+0xbe/0xfa0
[  158.131117][ T6539]  do_syscall_64+0xfa/0xfa0
[  158.131136][ T6539]  ? lockdep_hardirqs_on+0x9c/0x150
[  158.131156][ T6539]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.131173][ T6539]  ? clear_bhb_loop+0x60/0xb0
[  158.131195][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.131212][ T6539] RIP: 0033:0x7fdd33c1efc9
[  158.131245][ T6539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  158.131259][ T6539] RSP: 002b:00007fdd31e86038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  158.131278][ T6539] RAX: ffffffffffffffda RBX: 00007fdd33e75fa0 RCX: 00007fdd33c1efc9
[  158.131291][ T6539] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005
[  158.131302][ T6539] RBP: 00007fdd31e86090 R08: 0000000000000000 R09: 0000000000000000
[  158.131313][ T6539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.131323][ T6539] R13: 00007fdd33e76038 R14: 00007fdd33e75fa0 R15: 00007fff8961c3e8
[  158.131356][ T6539]  </TASK>
[  158.639335][ T5880] usb 3-1: USB disconnect, device number 6
[  158.712222][ T6543] unsupported nla_type 52263
[  158.718034][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.4.193'.
[  158.718052][ T6543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.193'.
[  158.930215][ T6546] netlink: 4 bytes leftover after parsing attributes in process `syz.2.194'.
[  159.010967][   T65] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  159.011381][   T65] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  159.011420][   T65] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  159.011454][   T65] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  159.028342][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.4.193'.
[  159.028361][ T6543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.193'.
[  159.145004][ T6543] syz.4.193 (6543) used greatest stack depth: 17560 bytes left
[  159.216047][ T6549] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  159.927940][ T6555] netlink: 'syz.1.197': attribute type 1 has an invalid length.
[  160.213717][ T6555] bond1: entered promiscuous mode
[  160.214238][ T6555] 8021q: adding VLAN 0 to HW filter on device bond1
[  160.219394][ T6555] netlink: 28 bytes leftover after parsing attributes in process `syz.1.197'.
[  160.758703][ T6563] fuse: Unknown parameter 'user_id00000000000000000003'
[  160.969187][ T6566] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  161.010504][ T6566] netlink: 8 bytes leftover after parsing attributes in process `syz.0.200'.
[  161.545535][ T6568] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  161.545939][ T6568] overlayfs: failed to look up (tracing) for ino (-66)
[  161.809660][ T6555] bond1: entered allmulticast mode
[  164.731554][ T5852] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  164.879511][ T5852] usb 2-1: config 4 has an invalid interface number: 88 but max is 0
[  164.879537][ T5852] usb 2-1: config 4 has no interface number 0
[  164.879583][ T5852] usb 2-1: config 4 interface 88 has no altsetting 0
[  164.907918][ T5852] usb 2-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  164.907945][ T5852] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.908046][ T5852] usb 2-1: Product: syz
[  164.908060][ T5852] usb 2-1: Manufacturer: syz
[  164.908073][ T5852] usb 2-1: SerialNumber: syz
[  166.049150][ T5852] usb 2-1: USB disconnect, device number 9
[  167.073575][ T5887] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  167.253575][ T5887] usb 2-1: Using ep0 maxpacket: 8
[  167.256345][ T5887] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  167.256374][ T5887] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  167.256397][ T5887] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  167.256419][ T5887] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  167.256460][ T5887] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  167.256480][ T5887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.525141][ T5887] usb 2-1: GET_CAPABILITIES returned 0
[  167.525192][ T5887] usbtmc 2-1:16.0: can't read capabilities
[  169.195806][ T5887] usb 2-1: USB disconnect, device number 10
[  169.757327][ T6603] netlink: 32 bytes leftover after parsing attributes in process `syz.2.209'.
[  169.822354][ T6605] fuse: Bad value for 'fd'
[  169.973368][ T6607] netlink: 'syz.1.211': attribute type 1 has an invalid length.
[  170.031612][ T6607] bond2: entered promiscuous mode
[  170.032197][ T6607] 8021q: adding VLAN 0 to HW filter on device bond2
[  170.060499][ T6607] netlink: 28 bytes leftover after parsing attributes in process `syz.1.211'.
[  170.180211][ T6607] bond2: entered allmulticast mode
[  173.743570][ T5887] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  173.896701][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  173.896729][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[  173.900372][ T5887] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  173.900398][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.900416][ T5887] usb 3-1: Product: syz
[  173.900429][ T5887] usb 3-1: Manufacturer: syz
[  173.900442][ T5887] usb 3-1: SerialNumber: syz
[  173.975158][ T5887] usb 3-1: config 0 descriptor??
[  173.991989][ T5887] usb 3-1: 0:0 : invalid sync pipe. is_playback 1, ep 0a, bSynchAddress 07
[  174.442485][ T1242] usb 3-1: USB disconnect, device number 7
[  175.313603][ T1242] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  175.469829][ T1242] usb 3-1: config 4 has an invalid interface number: 88 but max is 0
[  175.469856][ T1242] usb 3-1: config 4 has no interface number 0
[  175.469903][ T1242] usb 3-1: config 4 interface 88 has no altsetting 0
[  175.478035][ T1242] usb 3-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  175.478060][ T1242] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.478078][ T1242] usb 3-1: Product: syz
[  175.478091][ T1242] usb 3-1: Manufacturer: syz
[  175.478104][ T1242] usb 3-1: SerialNumber: syz
[  176.562790][ T5808] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  176.578731][ T5808] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  176.579839][ T5808] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  176.581038][ T5808] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  176.582661][ T5808] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  176.916739][ T5915] usb 3-1: USB disconnect, device number 8
[  177.217045][ T6626] chnl_net:caif_netlink_parms(): no params data found
[  177.659278][ T6632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.218'.
[  178.643633][ T5812] Bluetooth: hci5: command tx timeout
[  179.358294][ T6645] fuse: Bad value for 'fd'
[  179.521824][ T6647] netlink: 'syz.4.222': attribute type 1 has an invalid length.
[  179.590644][ T6648] netlink: 28 bytes leftover after parsing attributes in process `syz.4.222'.
[  179.845768][ T5808] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  179.848146][ T5808] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  179.849200][ T5808] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  179.850647][ T5808] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  179.851466][ T5808] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  179.948156][ T6647] bond1: entered promiscuous mode
[  179.948595][ T6647] 8021q: adding VLAN 0 to HW filter on device bond1
[  179.967025][ T6648] bond1: entered allmulticast mode
[  179.969720][ T6626] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.970938][ T6626] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.971453][ T6626] bridge_slave_0: entered allmulticast mode
[  180.012011][ T6626] bridge_slave_0: entered promiscuous mode
[  180.042082][ T6626] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.051031][ T6626] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.051536][ T6626] bridge_slave_1: entered allmulticast mode
[  180.068519][ T6626] bridge_slave_1: entered promiscuous mode
[  180.827425][ T5812] Bluetooth: hci5: command tx timeout
[  181.436702][ T6626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  182.234252][ T5812] Bluetooth: hci6: command tx timeout
[  182.883673][ T5812] Bluetooth: hci5: command tx timeout
[  184.313169][ T5812] Bluetooth: hci6: command tx timeout
[  185.683602][ T5812] Bluetooth: hci5: command tx timeout
[  186.339022][ T5812] Bluetooth: hci6: command tx timeout
[  188.403757][ T5812] Bluetooth: hci6: command tx timeout
[  193.363645][ T1242] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  194.138509][ T1242] usb 5-1: config 4 has an invalid interface number: 88 but max is 0
[  194.138536][ T1242] usb 5-1: config 4 has no interface number 0
[  194.138584][ T1242] usb 5-1: config 4 interface 88 has no altsetting 0
[  194.157743][ T1242] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  194.157768][ T1242] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.157787][ T1242] usb 5-1: Product: syz
[  194.157800][ T1242] usb 5-1: Manufacturer: syz
[  194.157813][ T1242] usb 5-1: SerialNumber: syz
[  194.449810][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  194.465645][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  196.125413][ T5808] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  196.139253][ T5808] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  196.141192][ T5808] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  196.142842][ T5808] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  196.144890][ T5808] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  198.089852][ T1242] usb 5-1: USB disconnect, device number 11
[  199.223544][ T1242] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  199.763705][ T5808] Bluetooth: hci1: command tx timeout
[  200.184369][ T1242] usb 5-1: Using ep0 maxpacket: 32
[  200.295868][ T1242] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  200.295896][ T1242] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  200.301112][ T1242] usb 5-1: config 0 descriptor??
[  200.418974][ T6626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  201.575150][ T1242] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  201.579942][ T1242] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  201.580933][ T1242] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  201.581120][ T1242] usb 5-1: media controller created
[  201.756220][ T1242] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  202.644803][ T5808] Bluetooth: hci1: command tx timeout
[  203.283558][ T1242] az6027: usb out operation failed. (-71)
[  203.313447][ T1242] az6027: usb out operation failed. (-71)
[  203.313463][ T1242] stb0899_attach: Driver disabled by Kconfig
[  203.313472][ T1242] az6027: no front-end attached
[  203.313472][ T1242] 
[  203.313879][ T1242] az6027: usb out operation failed. (-71)
[  203.313893][ T1242] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  203.317328][ T1242] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input8
[  203.596898][ T1242] dvb-usb: schedule remote query interval to 400 msecs.
[  203.596920][ T1242] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  204.485604][ T6691] fuse: Bad value for 'fd'
[  204.606892][ T1242] usb 5-1: USB disconnect, device number 12
[  204.733552][ T5808] Bluetooth: hci1: command tx timeout
[  206.690621][ T5812] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  206.707289][ T5812] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  206.708903][ T5812] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  206.710186][ T5812] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  206.710942][ T5812] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  206.815952][ T5808] Bluetooth: hci1: command tx timeout
[  208.887343][ T5812] Bluetooth: hci0: command tx timeout
[  208.935940][ T1242] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  210.963572][   T61] Bluetooth: hci0: command tx timeout
[  211.743603][   T61] Bluetooth: hci2: command 0x0406 tx timeout
[  211.743640][   T61] Bluetooth: hci4: command 0x0406 tx timeout
[  211.743664][   T61] Bluetooth: hci3: command 0x0406 tx timeout
[  213.043550][ T5118] Bluetooth: hci0: command tx timeout
[  215.263582][ T5118] Bluetooth: hci0: command tx timeout
[  217.357649][ T3582] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  217.357682][ T3582] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.742422][ T6626] team0: Port device team_slave_0 added
[  222.565702][ T6626] team0: Port device team_slave_1 added
[  224.406652][ T1242] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  226.113603][ T1242] usb 5-1: device not accepting address 13, error -71
[  228.303550][ T1242] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  228.843835][ T1242] usb 5-1: config 4 has an invalid interface number: 88 but max is 0
[  228.843861][ T1242] usb 5-1: config 4 has no interface number 0
[  228.843909][ T1242] usb 5-1: config 4 interface 88 has no altsetting 0
[  228.876324][ T1242] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  228.876351][ T1242] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.876370][ T1242] usb 5-1: Product: syz
[  228.876390][ T1242] usb 5-1: Manufacturer: syz
[  228.876404][ T1242] usb 5-1: SerialNumber: syz
[  229.423575][ T6716] Bluetooth: MGMT ver 1.23
[  232.895290][ T5873] usb 5-1: USB disconnect, device number 15
[  250.440962][ T5812] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  250.736329][ T5812] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  250.745101][ T5812] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  250.753600][ T5812] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  250.757635][ T5812] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  250.859469][ T5807] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  250.873677][ T5807] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  250.874878][ T5807] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  250.884589][ T5807] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  250.885411][ T5807] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  252.805877][ T5808] Bluetooth: hci3: command tx timeout
[  253.365206][ T5808] Bluetooth: hci2: command tx timeout
[  253.863859][ T5812] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  253.884920][ T5812] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  253.888128][ T5812] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  253.893072][ T5812] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  253.894560][ T5812] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  254.883874][ T5808] Bluetooth: hci3: command tx timeout
[  255.447085][ T5808] Bluetooth: hci2: command tx timeout
[  256.178255][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  256.178325][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  256.181791][ T5808] Bluetooth: hci7: command tx timeout
[  256.963557][ T5808] Bluetooth: hci3: command tx timeout
[  257.531713][ T5808] Bluetooth: hci2: command tx timeout
[  258.243747][ T5808] Bluetooth: hci7: command tx timeout
[  259.103449][ T5812] Bluetooth: hci3: command tx timeout
[  259.656679][ T5812] Bluetooth: hci2: command tx timeout
[  260.343528][ T5812] Bluetooth: hci7: command tx timeout
[  261.713651][   T44] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  261.776044][ T5808] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  261.778511][ T5808] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  261.779626][ T5808] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  261.813972][ T5808] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  261.815780][ T5808] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  261.895976][   T44] usb 5-1: config 4 has an invalid interface number: 88 but max is 0
[  261.896003][   T44] usb 5-1: config 4 has no interface number 0
[  261.896051][   T44] usb 5-1: config 4 interface 88 has no altsetting 0
[  262.039573][   T44] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  262.039601][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.039620][   T44] usb 5-1: Product: syz
[  262.039634][   T44] usb 5-1: Manufacturer: syz
[  262.039647][   T44] usb 5-1: SerialNumber: syz
[  262.403836][ T5808] Bluetooth: hci7: command tx timeout
[  264.023169][ T5808] Bluetooth: hci5: command tx timeout
[  264.583148][   T44] usb 5-1: USB disconnect, device number 16
[  266.403501][ T5808] Bluetooth: hci5: command tx timeout
[  266.656149][   T37] kauditd_printk_skb: 6 callbacks suppressed
[  266.656166][   T37] audit: type=1326 audit(1761811039.059:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.4.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd33c1efc9 code=0x7ffc0000
[  266.657850][ T6769] FAULT_INJECTION: forcing a failure.
[  266.657850][ T6769] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  266.657886][ T6769] CPU: 1 UID: 0 PID: 6769 Comm: syz.4.243 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  266.657906][ T6769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  266.657916][ T6769] Call Trace:
[  266.657924][ T6769]  <TASK>
[  266.657932][ T6769]  dump_stack_lvl+0x189/0x250
[  266.657968][ T6769]  ? __pfx____ratelimit+0x10/0x10
[  266.657990][ T6769]  ? __pfx_dump_stack_lvl+0x10/0x10
[  266.658014][ T6769]  ? __pfx__printk+0x10/0x10
[  266.658034][ T6769]  ? __might_fault+0xb0/0x130
[  266.658068][ T6769]  should_fail_ex+0x46c/0x600
[  266.658095][ T6769]  _copy_from_user+0x2d/0xb0
[  266.658115][ T6769]  __se_sys_landlock_add_rule+0x144/0x720
[  266.658138][ T6769]  ? __pfx___se_sys_landlock_add_rule+0x10/0x10
[  266.658156][ T6769]  ? ksys_write+0x230/0x260
[  266.658182][ T6769]  ? __secure_computing+0xe2/0x2a0
[  266.658209][ T6769]  do_syscall_64+0xfa/0xfa0
[  266.658229][ T6769]  ? lockdep_hardirqs_on+0x9c/0x150
[  266.658250][ T6769]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.658267][ T6769]  ? clear_bhb_loop+0x60/0xb0
[  266.658288][ T6769]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.658305][ T6769] RIP: 0033:0x7fdd33c1efc9
[  266.658326][ T6769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  266.658341][ T6769] RSP: 002b:00007fdd31e86038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bd
[  266.658360][ T6769] RAX: ffffffffffffffda RBX: 00007fdd33e75fa0 RCX: 00007fdd33c1efc9
[  266.658374][ T6769] RDX: 0000200000000080 RSI: 0000000000000002 RDI: 0000000000000003
[  266.658385][ T6769] RBP: 00007fdd31e86090 R08: 0000000000000000 R09: 0000000000000000
[  266.658396][ T6769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  266.658407][ T6769] R13: 00007fdd33e76038 R14: 00007fdd33e75fa0 R15: 00007fff8961c3e8
[  266.658437][ T6769]  </TASK>
[  266.659153][   T37] audit: type=1326 audit(1761811039.059:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.4.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd33c1efc9 code=0x7ffc0000
[  266.659202][   T37] audit: type=1326 audit(1761811039.059:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.4.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=444 compat=0 ip=0x7fdd33c1efc9 code=0x7ffc0000
[  266.659244][   T37] audit: type=1326 audit(1761811039.059:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.4.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd33c1efc9 code=0x7ffc0000
[  266.659285][   T37] audit: type=1326 audit(1761811039.059:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.4.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdd33c1d810 code=0x7ffc0000
[  266.659327][   T37] audit: type=1326 audit(1761811039.059:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.4.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdd33c1da7f code=0x7ffc0000
[  266.659369][   T37] audit: type=1326 audit(1761811039.059:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.4.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7fdd33c1efc9 code=0x7ffc0000
[  266.659409][   T37] audit: type=1326 audit(1761811039.059:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.4.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fdd33c1d9dc code=0x7ffc0000
[  266.659452][   T37] audit: type=1326 audit(1761811039.059:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.4.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdd33c1da7f code=0x7ffc0000
[  266.659492][   T37] audit: type=1326 audit(1761811039.059:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6768 comm="syz.4.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fdd33c1dc2a code=0x7ffc0000
[  268.493486][ T5808] Bluetooth: hci5: command tx timeout
[  268.725144][ T6771] netlink: 5724 bytes leftover after parsing attributes in process `syz.4.244'.
[  270.563725][ T5808] Bluetooth: hci5: command tx timeout
[  273.757718][ T5880] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  274.239279][ T5880] usb 5-1: unable to read config index 0 descriptor/all
[  274.239331][ T5880] usb 5-1: can't read configurations, error -71
[  274.567762][ T6781] FAULT_INJECTION: forcing a failure.
[  274.567762][ T6781] name failslab, interval 1, probability 0, space 0, times 0
[  274.567799][ T6781] CPU: 1 UID: 0 PID: 6781 Comm: syz.4.246 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  274.567849][ T6781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  274.567876][ T6781] Call Trace:
[  274.567893][ T6781]  <TASK>
[  274.567910][ T6781]  dump_stack_lvl+0x189/0x250
[  274.567964][ T6781]  ? __pfx____ratelimit+0x10/0x10
[  274.567985][ T6781]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.568010][ T6781]  ? __pfx__printk+0x10/0x10
[  274.568047][ T6781]  should_fail_ex+0x46c/0x600
[  274.568078][ T6781]  should_failslab+0xa8/0x100
[  274.568104][ T6781]  __kmalloc_node_track_caller_noprof+0xcf/0x7e0
[  274.568127][ T6781]  ? nf_ct_ext_add+0x1b6/0x460
[  274.568151][ T6781]  ? nf_ct_ext_add+0x1b6/0x460
[  274.568174][ T6781]  krealloc_node_align_noprof+0x140/0x390
[  274.568201][ T6781]  nf_ct_ext_add+0x1b6/0x460
[  274.568231][ T6781]  init_conntrack+0x689/0xf20
[  274.568261][ T6781]  ? __pfx_init_conntrack+0x10/0x10
[  274.568287][ T6781]  ? __pfx___nf_conntrack_find_get+0x10/0x10
[  274.568311][ T6781]  ? __siphash_unaligned+0x232/0x3b0
[  274.568341][ T6781]  nf_conntrack_in+0xbc3/0x15d0
[  274.568389][ T6781]  ? __pfx_nf_conntrack_in+0x10/0x10
[  274.568422][ T6781]  ? __lock_acquire+0xab9/0xd20
[  274.568460][ T6781]  ? ipv6_defrag+0x2dc/0x3b0
[  274.568478][ T6781]  ? __pfx_ipv6_conntrack_in+0x10/0x10
[  274.568501][ T6781]  nf_hook_slow+0xc5/0x220
[  274.568526][ T6781]  NF_HOOK+0x206/0x3a0
[  274.568544][ T6781]  ? skb_orphan+0x4f/0xd0
[  274.568564][ T6781]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  274.568582][ T6781]  ? NF_HOOK+0x9a/0x3a0
[  274.568600][ T6781]  ? __pfx_NF_HOOK+0x10/0x10
[  274.568622][ T6781]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  274.568654][ T6781]  __netif_receive_skb+0xd3/0x380
[  274.568677][ T6781]  ? do_syscall_64+0xd26/0xfa0
[  274.568696][ T6781]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.568719][ T6781]  ? netif_receive_skb+0x115/0x790
[  274.568741][ T6781]  netif_receive_skb+0x1cb/0x790
[  274.568767][ T6781]  ? __pfx_netif_receive_skb+0x10/0x10
[  274.568794][ T6781]  ? __local_bh_enable+0x28c/0x410
[  274.568813][ T6781]  ? tun_rx_batched+0x166/0x730
[  274.568838][ T6781]  tun_rx_batched+0x1bf/0x730
[  274.568867][ T6781]  ? __pfx_tun_rx_batched+0x10/0x10
[  274.568888][ T6781]  ? __lock_acquire+0xab9/0xd20
[  274.568922][ T6781]  ? tun_get_user+0x272f/0x3ec0
[  274.568964][ T6781]  tun_get_user+0x2b7a/0x3ec0
[  274.568994][ T6781]  ? tun_get_user+0x6f6/0x3ec0
[  274.569016][ T6781]  ? tun_get_user+0x272f/0x3ec0
[  274.569042][ T6781]  ? __might_fault+0xb0/0x130
[  274.569065][ T6781]  ? __pfx_tun_get_user+0x10/0x10
[  274.569099][ T6781]  ? __lock_acquire+0xab9/0xd20
[  274.569127][ T6781]  ? ref_tracker_alloc+0x2fe/0x450
[  274.569147][ T6781]  ? __lock_acquire+0xab9/0xd20
[  274.569170][ T6781]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  274.569197][ T6781]  ? tun_get+0x1c/0x2f0
[  274.569224][ T6781]  ? tun_get+0x1c/0x2f0
[  274.569244][ T6781]  ? tun_get+0x1c/0x2f0
[  274.569270][ T6781]  tun_chr_write_iter+0x119/0x200
[  274.569294][ T6781]  vfs_write+0x5d5/0xb40
[  274.569320][ T6781]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  274.569342][ T6781]  ? __pfx_vfs_write+0x10/0x10
[  274.569376][ T6781]  ? __fget_files+0x2a/0x420
[  274.569409][ T6781]  ksys_write+0x14b/0x260
[  274.569433][ T6781]  ? __pfx_ksys_write+0x10/0x10
[  274.569457][ T6781]  ? do_syscall_64+0xbe/0xfa0
[  274.569482][ T6781]  do_syscall_64+0xfa/0xfa0
[  274.569502][ T6781]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.569522][ T6781]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.569540][ T6781]  ? clear_bhb_loop+0x60/0xb0
[  274.569562][ T6781]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.569579][ T6781] RIP: 0033:0x7fdd33c1da7f
[  274.569595][ T6781] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  274.569610][ T6781] RSP: 002b:00007fdd31e86000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  274.569630][ T6781] RAX: ffffffffffffffda RBX: 00007fdd33e75fa0 RCX: 00007fdd33c1da7f
[  274.569643][ T6781] RDX: 0000000000000046 RSI: 0000200000000b40 RDI: 00000000000000c8
[  274.569655][ T6781] RBP: 00007fdd31e86090 R08: 0000000000000000 R09: 0000000000000000
[  274.569667][ T6781] R10: 0000000000000046 R11: 0000000000000293 R12: 0000000000000001
[  274.569678][ T6781] R13: 00007fdd33e76038 R14: 00007fdd33e75fa0 R15: 00007fff8961c3e8
[  274.569712][ T6781]  </TASK>
[  280.429159][    C0] vkms_vblank_simulate: vblank timer overrun
[  281.227845][    C0] vkms_vblank_simulate: vblank timer overrun
[  281.589976][    C0] vkms_vblank_simulate: vblank timer overrun
[  281.658204][    C0] vkms_vblank_simulate: vblank timer overrun
[  282.808464][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.324018][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.526571][    C0] vkms_vblank_simulate: vblank timer overrun
[  284.064435][    C0] vkms_vblank_simulate: vblank timer overrun
[  285.139536][    C0] vkms_vblank_simulate: vblank timer overrun
[  285.208095][    C0] vkms_vblank_simulate: vblank timer overrun
[  285.258847][    C0] vkms_vblank_simulate: vblank timer overrun
[  286.223549][ T5880] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  286.478489][ T5880] usb 5-1: config 4 has an invalid interface number: 88 but max is 0
[  286.478516][ T5880] usb 5-1: config 4 has no interface number 0
[  286.478567][ T5880] usb 5-1: config 4 interface 88 has no altsetting 0
[  286.555264][ T5880] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=af.e7
[  286.555293][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.555312][ T5880] usb 5-1: Product: syz
[  286.555326][ T5880] usb 5-1: Manufacturer: syz
[  286.555339][ T5880] usb 5-1: SerialNumber: syz
[  287.653032][   T31] usb 5-1: USB disconnect, device number 19
[  291.775466][ T6797] capability: warning: `syz.4.250' uses 32-bit capabilities (legacy support in use)
[  291.775929][ T6797] netlink: 5724 bytes leftover after parsing attributes in process `syz.4.250'.
[  291.892228][ T6796] 
€Â: renamed from hsr0 (while UP)
[  303.177631][ T5807] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  303.181924][ T5807] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  303.183001][ T5807] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  303.205979][ T5807] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  303.206781][ T5807] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  304.341870][ T5807] Bluetooth: hci6: command 0x0406 tx timeout
[  305.303456][ T5807] Bluetooth: hci8: command tx timeout
[  306.069934][ T6818] FAULT_INJECTION: forcing a failure.
[  306.069934][ T6818] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  306.069967][ T6818] CPU: 0 UID: 0 PID: 6818 Comm: syz.4.253 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  306.069988][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  306.070003][ T6818] Call Trace:
[  306.070011][ T6818]  <TASK>
[  306.070020][ T6818]  dump_stack_lvl+0x189/0x250
[  306.070049][ T6818]  ? __pfx____ratelimit+0x10/0x10
[  306.070070][ T6818]  ? __pfx_dump_stack_lvl+0x10/0x10
[  306.070093][ T6818]  ? __pfx__printk+0x10/0x10
[  306.070122][ T6818]  ? __might_fault+0xb0/0x130
[  306.070156][ T6818]  should_fail_ex+0x46c/0x600
[  306.070185][ T6818]  _copy_from_user+0x2d/0xb0
[  306.070205][ T6818]  dma_buf_ioctl+0x166/0x870
[  306.070229][ T6818]  ? smack_file_ioctl+0x305/0x340
[  306.070252][ T6818]  ? __pfx_dma_buf_ioctl+0x10/0x10
[  306.070274][ T6818]  ? __pfx_smack_file_ioctl+0x10/0x10
[  306.070308][ T6818]  ? __fget_files+0x3a6/0x420
[  306.070329][ T6818]  ? __fget_files+0x2a/0x420
[  306.070353][ T6818]  ? bpf_lsm_file_ioctl+0x9/0x20
[  306.070370][ T6818]  ? __pfx_dma_buf_ioctl+0x10/0x10
[  306.070392][ T6818]  __se_sys_ioctl+0xff/0x170
[  306.070414][ T6818]  do_syscall_64+0xfa/0xfa0
[  306.070433][ T6818]  ? lockdep_hardirqs_on+0x9c/0x150
[  306.070454][ T6818]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.070472][ T6818]  ? clear_bhb_loop+0x60/0xb0
[  306.070493][ T6818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.070510][ T6818] RIP: 0033:0x7fdd33c1efc9
[  306.070526][ T6818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  306.070541][ T6818] RSP: 002b:00007fdd31e86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  306.070561][ T6818] RAX: ffffffffffffffda RBX: 00007fdd33e75fa0 RCX: 00007fdd33c1efc9
[  306.070574][ T6818] RDX: 00002000000002c0 RSI: 0000000040086200 RDI: 0000000000000005
[  306.070586][ T6818] RBP: 00007fdd31e86090 R08: 0000000000000000 R09: 0000000000000000
[  306.070597][ T6818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  306.070608][ T6818] R13: 00007fdd33e76038 R14: 00007fdd33e75fa0 R15: 00007fff8961c3e8
[  306.070640][ T6818]  </TASK>
[  307.443497][ T5807] Bluetooth: hci8: command tx timeout
[  309.673861][ T5808] Bluetooth: hci8: command tx timeout
[  310.240899][ T5807] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  310.269079][ T5807] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  310.270290][ T5807] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  310.313608][ T5807] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  310.747447][ T5807] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  311.703588][ T5808] Bluetooth: hci8: command tx timeout
[  313.626206][ T5808] Bluetooth: hci9: command tx timeout
[  313.656181][ T6827] veth2: entered promiscuous mode
[  313.656206][ T6827] veth2: entered allmulticast mode
[  315.683470][ T5808] Bluetooth: hci9: command tx timeout
[  317.214120][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  317.214192][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  317.881105][ T5808] Bluetooth: hci9: command tx timeout
[  319.943424][ T5808] Bluetooth: hci9: command tx timeout
[  321.713087][ T5807] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  321.730933][ T5807] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  321.732040][ T5807] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  321.734255][ T5807] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  321.734988][ T5807] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  324.751853][ T5808] Bluetooth: hci1: command 0x0406 tx timeout
[  324.751918][ T5808] Bluetooth: hci2: command tx timeout
[  325.864457][ T6849] netlink: 5724 bytes leftover after parsing attributes in process `syz.4.257'.
[  326.803845][ T5812] Bluetooth: hci2: command tx timeout
[  328.882430][ T5808] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  328.884927][ T5118] Bluetooth: hci2: command tx timeout
[  328.948658][ T5808] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  328.951694][ T5808] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  328.952892][ T5808] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  328.976132][ T5808] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  329.454283][ T5807] Bluetooth: hci0: command 0x0406 tx timeout
[  331.634103][ T5808] Bluetooth: hci2: command tx timeout
[  331.634174][ T5808] Bluetooth: hci3: command tx timeout
[  333.683475][ T5812] Bluetooth: hci3: command tx timeout
[  335.765095][ T5812] Bluetooth: hci3: command tx timeout
[  337.843698][ T5812] Bluetooth: hci3: command tx timeout
[  338.713505][   T31] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  340.046634][   T31] usb 5-1: Using ep0 maxpacket: 16
[  342.201786][   T31] usb 5-1: device descriptor read/all, error -71
[  347.343533][   T31] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  348.593415][   T31] usb 5-1: Using ep0 maxpacket: 32
[  348.724651][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  348.724683][   T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  348.724722][   T31] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  348.724744][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.784048][   T31] usb 5-1: config 0 descriptor??
[  348.820793][   T31] hub 5-1:0.0: USB hub found
[  350.069380][   T31] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  350.303915][   T31] usbhid 5-1:0.0: can't add hid device: -71
[  350.304056][   T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  350.403577][   T31] usb 5-1: USB disconnect, device number 22
[  360.305127][ T6890] syz.4.263 (6890) used greatest stack depth: 17448 bytes left
[  362.433469][ T5880] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  363.053430][ T5880] usb 5-1: Using ep0 maxpacket: 32
[  363.055654][ T5880] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  363.055694][ T5880] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  363.055737][ T5880] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  363.055763][ T5880] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  363.055789][ T5880] usb 5-1: config 0 interface 0 has no altsetting 0
[  363.058786][ T5880] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  363.058811][ T5880] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  363.058831][ T5880] usb 5-1: Product: syz
[  363.058844][ T5880] usb 5-1: Manufacturer: syz
[  363.058858][ T5880] usb 5-1: SerialNumber: syz
[  364.469642][ T5880] usb 5-1: config 0 descriptor??
[  364.516825][ T5880] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  365.336107][ T5880] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  365.443668][ T5880] usb 5-1: USB disconnect, device number 23
[  365.854589][ T5880] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  365.874048][ T6895] udevd[6895]: setting mode of /dev/bus/usb/005/023 to 020664 failed: No such file or directory
[  365.874260][ T6895] udevd[6895]: setting owner of /dev/bus/usb/005/023 to uid=0, gid=0 failed: No such file or directory
[  367.683681][   T38] INFO: task kworker/u8:10:3582 blocked for more than 143 seconds.
[  367.683706][   T38]       Not tainted syzkaller #0
[  367.683716][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  367.683725][   T38] task:kworker/u8:10   state:D stack:19928 pid:3582  tgid:3582  ppid:2      task_flags:0x4208060 flags:0x00080000
[  367.683771][   T38] Workqueue: netns cleanup_net
[  367.683794][   T38] Call Trace:
[  367.683801][   T38]  <TASK>
[  367.683815][   T38]  __schedule+0x16f3/0x4c20
[  367.685121][   T38]  ? __lock_acquire+0xab9/0xd20
[  367.685149][   T38]  ? __pfx___schedule+0x10/0x10
[  367.685188][   T38]  ? schedule+0x91/0x360
[  367.685212][   T38]  schedule+0x165/0x360
[  367.685235][   T38]  schedule_timeout+0x9a/0x270
[  367.685256][   T38]  ? __pfx_schedule_timeout+0x10/0x10
[  367.685288][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[  367.685309][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  367.685328][   T38]  ? wait_for_completion+0x267/0x5d0
[  367.685351][   T38]  wait_for_completion+0x2bf/0x5d0
[  367.685386][   T38]  ? __pfx_wait_for_completion+0x10/0x10
[  367.685414][   T38]  ? __init_swait_queue_head+0xa9/0x150
[  367.685439][   T38]  rcu_barrier+0x463/0x570
[  367.685470][   T38]  netdev_run_todo+0x327/0xea0
[  367.685497][   T38]  ? __pfx_netdev_run_todo+0x10/0x10
[  367.685517][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[  367.685543][   T38]  ? nsim_destroy+0x38d/0x680
[  367.685567][   T38]  ? kfree+0x197/0x950
[  367.685585][   T38]  ? nsim_destroy+0x38d/0x680
[  367.685612][   T38]  nsim_destroy+0x3ae/0x680
[  367.685644][   T38]  __nsim_dev_port_del+0x14d/0x1b0
[  367.685666][   T38]  nsim_dev_reload_destroy+0x288/0x490
[  367.685700][   T38]  nsim_dev_reload_down+0x8a/0xc0
[  367.685721][   T38]  devlink_reload+0x1b6/0x8d0
[  367.685744][   T38]  ? xa_get_mark+0x67/0x7b0
[  367.685770][   T38]  ? __pfx_devlink_reload+0x10/0x10
[  367.685784][   T38]  ? xa_get_mark+0x70f/0x7b0
[  367.685821][   T38]  devlink_pernet_pre_exit+0x1d9/0x3d0
[  367.685849][   T38]  ? __pfx_devlink_pernet_pre_exit+0x10/0x10
[  367.685881][   T38]  ? class_remove_file_ns+0x124/0x160
[  367.685903][   T38]  ops_undo_list+0x187/0x990
[  367.685928][   T38]  ? __pfx_ops_undo_list+0x10/0x10
[  367.685947][   T38]  ? __rcu_read_unlock+0x84/0xe0
[  367.685970][   T38]  ? rt_spin_unlock+0x161/0x200
[  367.685991][   T38]  cleanup_net+0x4de/0x820
[  367.686012][   T38]  ? __pfx_cleanup_net+0x10/0x10
[  367.686035][   T38]  ? process_scheduled_works+0x9ef/0x17b0
[  367.686055][   T38]  ? process_scheduled_works+0x9ef/0x17b0
[  367.686078][   T38]  process_scheduled_works+0xae1/0x17b0
[  367.686130][   T38]  ? __pfx_process_scheduled_works+0x10/0x10
[  367.686169][   T38]  worker_thread+0x8a0/0xda0
[  367.686205][   T38]  ? __kthread_parkme+0x7b/0x200
[  367.686237][   T38]  kthread+0x711/0x8a0
[  367.686264][   T38]  ? __pfx_worker_thread+0x10/0x10
[  367.686284][   T38]  ? __pfx_kthread+0x10/0x10
[  367.686305][   T38]  ? rt_spin_unlock+0x150/0x200
[  367.686328][   T38]  ? rt_spin_unlock+0x161/0x200
[  367.686344][   T38]  ? __pfx_kthread+0x10/0x10
[  367.686369][   T38]  ret_from_fork+0x4bc/0x870
[  367.686394][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  367.686422][   T38]  ? __switch_to_asm+0x39/0x70
[  367.686440][   T38]  ? __switch_to_asm+0x33/0x70
[  367.686456][   T38]  ? __pfx_kthread+0x10/0x10
[  367.686480][   T38]  ret_from_fork_asm+0x1a/0x30
[  367.686517][   T38]  </TASK>
[  367.686607][   T38] 
[  367.686607][   T38] Showing all locks held in the system:
[  367.686621][   T38] 2 locks held by kworker/u8:1/13:
[  367.686632][   T38]  #0: ffff888146ec5138 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  367.686686][   T38]  #1: ffffc90000127ba0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  367.686731][   T38] 3 locks held by rcuc/0/20:
[  367.686743][   T38] 4 locks held by rcuc/1/28:
[  367.686753][   T38] 1 lock held by khungtaskd/38:
[  367.686763][   T38]  #0: ffffffff8d5aa4c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  367.686808][   T38] 2 locks held by kworker/u8:3/58:
[  367.686818][   T38]  #0: ffff888146ec5138 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  367.686862][   T38]  #1: ffffc9000124fba0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  367.686907][   T38] 2 locks held by kworker/u8:4/65:
[  367.686917][   T38]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  367.686965][   T38]  #1: ffffc9000150fba0 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  367.687012][   T38] 3 locks held by kworker/u8:5/140:
[  367.687022][   T38]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  367.687071][   T38]  #1: ffffc90003a67ba0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  367.687115][   T38]  #2: ffffffff8e862eb8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  367.687161][   T38] 4 locks held by kworker/0:2/991:
[  367.687174][   T38] 3 locks held by kworker/u8:7/1344:
[  367.687197][   T38] 6 locks held by kworker/u8:10/3582:
[  367.687207][   T38]  #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  367.687251][   T38]  #1: ffffc9000d9e7ba0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  367.687295][   T38]  #2: ffffffff8e855fa0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x820
[  367.687335][   T38]  #3: ffff88803cfcf0d8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0
[  367.687382][   T38]  #4: ffff888047fb8300 (&devlink->lock_key#3){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0
[  367.687433][   T38]  #5: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  367.687477][   T38] 2 locks held by getty/5560:
[  367.687487][   T38]  #0: ffff88823bf2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  367.687531][   T38]  #1: ffffc9000417e2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400
[  367.687583][   T38] 6 locks held by kworker/0:4/5880:
[  367.687593][   T38]  #0: ffff888141291d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  367.687637][   T38]  #1: ffffc900059cfba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  367.687689][   T38]  #2: ffff88802758a188 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  367.687730][   T38]  #3: ffff8880275ab088 (&hub->status_mutex){+.+.}-{4:4}, at: hub_ext_port_status+0x53/0x820
[  367.687777][   T38]  #4: ffffffff8d6ca528 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60
[  367.687821][   T38]  #5: ffff88801c2bda58 (&n->list_lock){+.+.}-{3:3}, at: __put_partials+0x55/0x170
[  367.687862][   T38] 3 locks held by kworker/0:7/5950:
[  367.687873][   T38] 9 locks held by kworker/u8:13/6356:
[  367.687884][   T38] 2 locks held by kworker/u8:14/6502:
[  367.687894][   T38]  #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  367.687943][   T38]  #1: ffffc90004e0fba0 ((reaper_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  367.687987][   T38] 1 lock held by syz.1.212/6611:
[  367.687997][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  367.688039][   T38] 1 lock held by syz-executor/6626:
[  367.688049][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  367.688092][   T38] 1 lock held by syz.2.218/6631:
[  367.688102][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  367.688144][   T38] 2 locks held by syz-executor/6652:
[  367.688153][   T38]  #0: ffffffff8e855fa0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0
[  367.688200][   T38]  #1: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  367.688241][   T38] 2 locks held by syz-executor/6682:
[  367.688251][   T38]  #0: ffffffff8e855fa0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0
[  367.688297][   T38]  #1: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  367.688338][   T38] 2 locks held by syz-executor/6694:
[  367.688348][   T38]  #0: ffffffff8e855fa0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0
[  367.688393][   T38]  #1: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  367.688434][   T38] 1 lock held by syz-executor/6742:
[  367.688445][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  367.688486][   T38] 1 lock held by syz-executor/6743:
[  367.688496][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  367.688537][   T38] 1 lock held by syz-executor/6752:
[  367.688547][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  367.688590][   T38] 1 lock held by syz-executor/6766:
[  367.688600][   T38]  #0: ffffffff8d5afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  367.688643][   T38] 1 lock held by syz-executor/6823:
[  367.688653][   T38] 4 locks held by syz-executor/6843:
[  367.688664][   T38]  #0: ffffffff8ed63e38 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  367.688716][   T38]  #1: ffffffff8e862eb8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  367.688762][   T38]  #2: ffffffff8d6ca528 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60
[  367.688805][   T38]  #3: ffff88801c2bda58 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x190/0x370
[  367.688846][   T38] 2 locks held by syz-executor/6855:
[  367.688856][   T38]  #0: ffffffff8ed64678 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250
[  367.688901][   T38]  #1: ffffffff8e862eb8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80
[  367.688948][   T38] 1 lock held by syz-executor/6891:
[  367.688958][   T38] 2 locks held by udevd/6895:
[  367.688967][   T38]  #0: ffffffff8d6ca528 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60
[  367.689010][   T38]  #1: ffff88801c2bda58 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x190/0x370
[  367.689052][   T38] 3 locks held by syz-executor/6897:
[  367.689063][   T38] 1 lock held by syz.4.265/6902:
[  367.689073][   T38]  #0: ffffffff8e862eb8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70
[  367.689121][   T38] 
[  367.689126][   T38] =============================================
[  367.689126][   T38] 
[  367.689140][   T38] NMI backtrace for cpu 1
[  367.689154][   T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  367.689172][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  367.689182][   T38] Call Trace:
[  367.689188][   T38]  <TASK>
[  367.689195][   T38]  dump_stack_lvl+0x189/0x250
[  367.689221][   T38]  ? __pfx_dump_stack_lvl+0x10/0x10
[  367.689244][   T38]  ? __pfx__printk+0x10/0x10
[  367.689277][   T38]  nmi_cpu_backtrace+0x39e/0x3d0
[  367.689298][   T38]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  367.689318][   T38]  ? __pfx__printk+0x10/0x10
[  367.689344][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  367.689365][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  367.689386][   T38]  watchdog+0xf60/0xfa0
[  367.689413][   T38]  ? watchdog+0x1e2/0xfa0
[  367.689440][   T38]  kthread+0x711/0x8a0
[  367.689467][   T38]  ? __pfx_watchdog+0x10/0x10
[  367.689488][   T38]  ? __pfx_kthread+0x10/0x10
[  367.689508][   T38]  ? rt_spin_unlock+0x150/0x200
[  367.689531][   T38]  ? rt_spin_unlock+0x161/0x200
[  367.689546][   T38]  ? __pfx_kthread+0x10/0x10
[  367.689570][   T38]  ret_from_fork+0x4bc/0x870
[  367.689592][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[  367.689620][   T38]  ? __switch_to_asm+0x39/0x70
[  367.689636][   T38]  ? __switch_to_asm+0x33/0x70
[  367.689652][   T38]  ? __pfx_kthread+0x10/0x10
[  367.689683][   T38]  ret_from_fork_asm+0x1a/0x30
[  367.689717][   T38]  </TASK>
[  367.689724][   T38] Sending NMI from CPU 1 to CPUs 0:
[  367.689748][    C0] NMI backtrace for cpu 0
[  367.689761][    C0] CPU: 0 UID: 0 PID: 20 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  367.689779][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  367.689788][    C0] RIP: 0010:nft_do_chain+0x96/0x1920
[  367.689808][    C0] Code: e9 03 42 c7 04 21 f1 f1 f1 f1 42 c7 44 21 0e f2 f2 f2 f2 48 b8 f2 f2 f2 f2 00 00 f3 f3 4a 89 44 21 22 48 89 8c 24 80 00 00 00 <66> 42 c7 44 21 2a f3 f3 e8 bd b1 c4 f8 48 89 5c 24 18 48 83 c3 08
[  367.689822][    C0] RSP: 0018:ffffc90000196e80 EFLAGS: 00000a06
[  367.689836][    C0] RAX: f3f30000f2f2f2f2 RBX: ffffc90000197130 RCX: 1ffff92000032de4
[  367.689848][    C0] RDX: 0000000000000100 RSI: ffff888028b63070 RDI: ffffc90000197130
[  367.689860][    C0] RBP: ffffc900001970d0 R08: ffff88801b6e5a00 R09: 0000000000000002
[  367.689871][    C0] R10: 0000000000000100 R11: 000000000000000a R12: dffffc0000000000
[  367.689881][    C0] R13: dffffc0000000000 R14: 1ffff92000032e1c R15: ffff88807c7f2506
[  367.689894][    C0] FS:  0000000000000000(0000) GS:ffff888126dfc000(0000) knlGS:0000000000000000
[  367.689907][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  367.689919][    C0] CR2: 0000561c3238cc78 CR3: 0000000019ee8000 CR4: 00000000003526f0
[  367.689939][    C0] Call Trace:
[  367.689944][    C0]  <TASK>
[  367.689959][    C0]  ? __pfx_nft_do_chain+0x10/0x10
[  367.689979][    C0]  ? finish_task_switch+0x266/0x950
[  367.690013][    C0]  nft_do_chain_inet+0x25d/0x340
[  367.690031][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  367.690049][    C0]  ? __lock_acquire+0xab9/0xd20
[  367.690072][    C0]  ? NF_HOOK+0x9a/0x3a0
[  367.690091][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  367.690110][    C0]  nf_hook_slow+0xc5/0x220
[  367.690127][    C0]  NF_HOOK+0x206/0x3a0
[  367.690147][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  367.690166][    C0]  ? NF_HOOK+0x9a/0x3a0
[  367.690184][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  367.690202][    C0]  ? ip_rcv_finish_core+0xda3/0x1c00
[  367.690218][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  367.690238][    C0]  ? skb_dst+0x4f/0xd0
[  367.690252][    C0]  ? ip_local_deliver+0x12a/0x1b0
[  367.690273][    C0]  NF_HOOK+0x30c/0x3a0
[  367.690292][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  367.690305][    C0]  ? NF_HOOK+0x9a/0x3a0
[  367.690323][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  367.690342][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  367.690361][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  367.690379][    C0]  __netif_receive_skb+0x143/0x380
[  367.690401][    C0]  ? process_backlog+0x27b/0x900
[  367.690419][    C0]  process_backlog+0x31e/0x900
[  367.690444][    C0]  __napi_poll+0xb6/0x540
[  367.690464][    C0]  net_rx_action+0x5f7/0xda0
[  367.690490][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  367.690511][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  367.690532][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[  367.690544][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  367.690567][    C0]  handle_softirqs+0x22f/0x710
[  367.690589][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  367.690610][    C0]  __local_bh_enable_ip+0x1a0/0x2e0
[  367.690628][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  367.690650][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  367.690669][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  367.690687][    C0]  rcu_cpu_kthread+0xc3d/0x1b50
[  367.690709][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  367.690734][    C0]  ? __pfx_rcu_cpu_kthread+0x10/0x10
[  367.690754][    C0]  ? __lock_acquire+0xab9/0xd20
[  367.690771][    C0]  ? __pfx___schedule+0x10/0x10
[  367.690795][    C0]  ? schedule+0x91/0x360
[  367.690815][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  367.690832][    C0]  smpboot_thread_fn+0x542/0xa60
[  367.690849][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  367.690870][    C0]  kthread+0x711/0x8a0
[  367.690889][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  367.690906][    C0]  ? __pfx_kthread+0x10/0x10
[  367.690928][    C0]  ? rt_spin_unlock+0x150/0x200
[  367.690945][    C0]  ? rt_spin_unlock+0x161/0x200
[  367.690959][    C0]  ? __pfx_kthread+0x10/0x10
[  367.690978][    C0]  ret_from_fork+0x4bc/0x870
[  367.690996][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  367.691016][    C0]  ? __switch_to_asm+0x39/0x70
[  367.691030][    C0]  ? __switch_to_asm+0x33/0x70
[  367.691043][    C0]  ? __pfx_kthread+0x10/0x10
[  367.691062][    C0]  ret_from_fork_asm+0x1a/0x30
[  367.691085][    C0]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  371.179829][ T6902] netlink: 8 bytes leftover after parsing attributes in process `syz.4.265'.
[  372.265114][   T44] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  372.792615][ T5914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  373.022219][ T5808] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  373.030881][ T5808] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  373.033663][ T5808] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  373.079306][ T5808] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  373.158002][ T5808] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  373.451652][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  373.787034][ T5950] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  374.843796][ T5914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  374.892530][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  375.963683][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  376.243784][ T5812] Bluetooth: hci5: command tx timeout
[  377.043829][ T5887] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  377.283543][ T5880] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog