last executing test programs:

5m4.839633721s ago: executing program 1 (id=2238):
syz_emit_ethernet(0x3b6, &(0x7f0000001c00)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000050000000026000400"}, {0x5, 0x18, "fe90000005dc9393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x18, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "f5003f00000002000000000200000000000017000000000000008879e66485201a0015ca837400"/55}, {0x0, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0)

5m4.028057205s ago: executing program 1 (id=2241):
r0 = syz_open_dev$video(&(0x7f00000000c0), 0x1, 0x82341)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000cc0)={0xa, {0x800, 0x7b, 0x1000}})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 32)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'syztnl2\x00', 0x0})
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x3, 0x0, &(0x7f00000003c0)="912fe9", &(0x7f0000000440), 0x6, 0x0, 0xdb9}, 0x50) (async)
r4 = socket(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00'}) (async)
sendto$packet(r3, &(0x7f0000000080)="3303200071fd140000007ef52f555f2a0c9fe67025c1d97bfbf719143baa4b1f0f858c6632f47042195e", 0x2a, 0x40008c1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x60240) (async)
creat(0x0, 0x4b) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]}) (async)
mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) (async, rerun: 32)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) (async, rerun: 32)
munlockall() (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) (async)
ioctl$VIDIOC_CROPCAP(r0, 0xc02c563a, &(0x7f0000000000)={0x8, {0x68, 0x52a1, 0x5, 0x40}, {0x6, 0x9, 0x1fb, 0xc}, {0x80}})

5m3.759090433s ago: executing program 1 (id=2243):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x1403, 0x20, 0x70bd2a, 0x25dfdbfb}, 0x10}, 0x1, 0xf00000000000000, 0x0, 0x4000}, 0x0)

5m3.69208967s ago: executing program 1 (id=2244):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r2 = syz_io_uring_setup(0x249e, &(0x7f0000000400)={0x0, 0x256c, 0x20, 0x2, 0x1ec}, &(0x7f0000000280), &(0x7f0000000480))
syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679a, 0x400, 0x2000006, 0x3cd, 0x0, r2}, &(0x7f0000000040), &(0x7f0000000140))
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x42000, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xa7)
mkdir(&(0x7f0000000280)='./bus\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000730000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0xc3100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x14)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x0, 0x0)
umount2(&(0x7f00000001c0)='./cgroup\x00', 0x3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYRESHEX=0x0])

5m2.526808746s ago: executing program 1 (id=2247):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$key(0xf, 0x3, 0x2)
gettid()
timer_create(0x2, 0x0, &(0x7f0000000100)=<r1=>0x0)
timer_settime(r1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x100000001, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r7, r4, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000680)=ANY=[], 0x0)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
sendmsg$key(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x2, 0x4, 0x6, 0x0, 0x4, 0x0, 0x70bd25, 0x25dfdbfc, [@sadb_sa={0x2, 0x1, 0x4d4, 0x80, 0x5, 0x3c, 0x1, 0xe0000000}]}, 0x20}}, 0x40000)
r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_GETOSPACE(r8, 0x8010500c, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
r9 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

5m2.097685043s ago: executing program 1 (id=2250):
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000080)="470f23fc6541fc48b8e7320000000000000f23d80f21f80f23e1f8f30f1edd0f2221c74c24022063800000002c24f30f556797c483fd005b02ea6426470f01cf65666466430f3833af00580000", 0x4d}], 0x1, 0x3e, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280)={0x0, <r0=>0x0})
prlimit64(r0, 0xa, &(0x7f0000000300)={0xc, 0x4}, &(0x7f0000000340))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x72, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000000040)={'sit0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x67, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}})
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=ANY=[@ANYBLOB="780000001000190026bd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="02250000400100001400030076657468315f766972745f776966690008002800a54600003c002b8008000100", @ANYRES32, @ANYBLOB="080002"], 0x78}}, 0x10402)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000a3000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000200)="2e0f01c8c4e265cff09ae74f0000d5002e650fc75c00000f01300f20d835200000000f22d80fc75c1564b9800000c00f3235004000000f30c4c1216b36eae9b60000d800"}], 0x2d, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='qnx6\x00', 0x208800, 0x0)
recvfrom$unix(r3, &(0x7f0000000400)=""/213, 0xd5, 0x140, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000380)={{0x1, 0x1, 0x18, <r7=>r6}, './cgroup\x00'})
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f00000003c0)=@arm64={0xb, 0x4, 0x8})

5m1.848687947s ago: executing program 32 (id=2250):
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000080)="470f23fc6541fc48b8e7320000000000000f23d80f21f80f23e1f8f30f1edd0f2221c74c24022063800000002c24f30f556797c483fd005b02ea6426470f01cf65666466430f3833af00580000", 0x4d}], 0x1, 0x3e, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280)={0x0, <r0=>0x0})
prlimit64(r0, 0xa, &(0x7f0000000300)={0xc, 0x4}, &(0x7f0000000340))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x72, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000000040)={'sit0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x67, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}})
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=ANY=[@ANYBLOB="780000001000190026bd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="02250000400100001400030076657468315f766972745f776966690008002800a54600003c002b8008000100", @ANYRES32, @ANYBLOB="080002"], 0x78}}, 0x10402)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000a3000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000200)="2e0f01c8c4e265cff09ae74f0000d5002e650fc75c00000f01300f20d835200000000f22d80fc75c1564b9800000c00f3235004000000f30c4c1216b36eae9b60000d800"}], 0x2d, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='qnx6\x00', 0x208800, 0x0)
recvfrom$unix(r3, &(0x7f0000000400)=""/213, 0xd5, 0x140, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000380)={{0x1, 0x1, 0x18, <r7=>r6}, './cgroup\x00'})
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f00000003c0)=@arm64={0xb, 0x4, 0x8})

2m43.242020579s ago: executing program 3 (id=2748):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r1, @in={{0x2, 0x0, @empty}}, 0x0, 0x7ffe}, 0x90)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80801)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000002040)={0xaa, 0x22c})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000b69000/0x1000)=nil, 0x800000, 0x3})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_SB_GET(r3, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000500)={0x18c, 0x0, 0x10, 0x70bd25, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7ff}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xffff5441}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9e92}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}}]}, 0x18c}, 0x1, 0x0, 0x0, 0x800}, 0x4000000)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000001340)={'#! ', './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', [{0x20, '#{'}, {0x20, 'blkio.throttle.io_serviced_recursive\x00'}, {0x20, 'trans=unix,'}, {0x20, ').*'}, {0x20, '*+$]&'}, {0x20, 'blkio.throttle.io_serviced_recursive\x00'}, {0x20, '-'}, {0x20, '/.@'}]}, 0x1067)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r4, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000100ffff0000000007000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='mm_khugepaged_scan_pmd\x00', r5}, 0x18)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r6 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x11, 0x2})
mount$9p_unix(&(0x7f0000002600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000003600)='.\x00', &(0x7f0000003640), 0x2000000, &(0x7f0000003680)=ANY=[@ANYBLOB='\x00\x00ans=unix,\x00'])

2m43.040031527s ago: executing program 3 (id=2749):
mincore(&(0x7f0000bfe000/0x400000)=nil, 0x400000, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_io_uring_setup(0x53f, &(0x7f0000000440)={0x0, 0x807734, 0x400, 0xfffffff8, 0xfe}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f00000002c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2m42.141597079s ago: executing program 3 (id=2753):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$media(0x0, 0x0, 0x80100)
syz_open_dev$tty1(0xc, 0x4, 0x1)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x52)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000240)=ANY=[], 0xa8}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = fsopen(&(0x7f0000000080)='exfat\x00', 0x0)
r2 = fsmount(r1, 0x0, 0x1)
fchdir(r2)
open(&(0x7f0000000100)='./file0\x00', 0x6b2443, 0x72)
write$P9_RLERRORu(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x53)
socket$nl_generic(0x10, 0x3, 0x10)

2m41.496228003s ago: executing program 3 (id=2754):
accept4$ax25(0xffffffffffffffff, &(0x7f0000000000)={{0x3, @null}, [@netrom, @netrom, @netrom, @remote, @netrom, @rose, @bcast, @netrom]}, &(0x7f0000000080)=0x48, 0x80800) (async)
r0 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000000)={{0x3, @null}, [@netrom, @netrom, @netrom, @remote, @netrom, @rose, @bcast, @netrom]}, &(0x7f0000000080)=0x48, 0x80800)
accept4$ax25(r0, &(0x7f0000000140)={{0x3, @null}, [@netrom, @default, @rose, @remote, @remote, @remote, @null, @bcast]}, &(0x7f0000000240)=0x77, 0xc0000)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0), 0x10)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000100)={0x4, 0x0, 0x4, 0x0, 0x4002}) (async)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000100)={0x4, 0x0, 0x4, 0x0, 0x4002})
ioctl$VT_OPENQRY(r1, 0x5600, &(0x7f00000001c0))

2m41.31328042s ago: executing program 3 (id=2756):
syz_usb_connect(0x4, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006325a640402000498b4d000000010902240001000000000904000002214c6a0009050702000000de000905890e6d544827d91fff0b534564a4c9b0b088e2d7c630a79c9f9ae9f1d50b3879d6b2571c6474d3ad47f23d7dddf6580e67832e76a90fcec4c361c0274e5afaebf093b17cb92ebcfa58e329dbe888dd112ca272490446c1e2684439c606e1683ede67b815b898b6b27f3a76ec48e5abc69460b1cec87629c4acd07e74994b07370cf5be40a3816b28fcd4f18b5b8c50894d4b22d03952e07efa6364bd6202882929ce1f4e8433f137ec7b42277cb6b777daeb050e54167c3b66fd77bd83256d13a2fe4ce32910cf42e18dcc4869ff45370b8bb487089c8e89c3aeafcc8982722cbccf92a43683b4bceb42426e7918f9dd25843222b006f524f0225a78bb3bec66f854e1b4f01e"], 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket(0x10, 0x803, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x60c, 0x2c, 0xd2b, 0x70bd2b, 0x35dfdbfe, {0x0, 0x0, 0x0, r4, {0xf, 0xb}, {}, {0x8, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x5e0, 0x2, [@TCA_U32_SEL={0x394, 0x5, {0x7, 0x7f, 0x3, 0x200, 0x8, 0x9, 0x3, 0x8, [{0x4, 0x400000, 0x0, 0x2}, {0x4800, 0x1, 0x9, 0x3}, {0x4, 0x0, 0x6, 0x8}, {0x1a8f, 0x9, 0xfffff801, 0x7}, {0x7, 0x6, 0x5, 0x400}, {0x73, 0x1400, 0x57e76c05, 0x32}, {0x7, 0x5, 0x0, 0x80000081}, {0x7f, 0x1, 0x1, 0x4}, {0x7fffffff, 0x0, 0x9, 0x7}, {0x5c4, 0xa, 0x3, 0xc}, {0x2, 0x8, 0x2}, {0x7, 0x8, 0xff, 0x6}, {0x401, 0xffffffff, 0x7, 0x7}, {0x2, 0x3, 0xd, 0x7}, {0x2, 0x0, 0x100, 0x6}, {0x6, 0x6, 0x1, 0x9}, {0x7, 0x4, 0x22, 0x6}, {0x7fff, 0x0, 0x3, 0x101}, {0x80000004, 0x5b61, 0x0, 0xe37}, {0x7, 0x2, 0x6, 0x4006d}, {0x21, 0x600000, 0xffff, 0x54}, {0xff, 0x81, 0xd4, 0x6}, {0x3, 0x2, 0x3fa4f833, 0x46a}, {0x1, 0x6, 0xff, 0x3ff}, {0x5, 0x9, 0x1, 0x3}, {0x7, 0x1, 0x401, 0x9}, {0x8, 0x100, 0x7, 0x3}, {0x7, 0x9819, 0x6, 0x6}, {0x3, 0xc, 0x5, 0x6}, {0x81, 0x9, 0xf3b8, 0xffff7fff}, {0x0, 0x1, 0x4, 0x9}, {0x4, 0x6, 0x5, 0x8001}, {0xfffffffb, 0xd, 0x7, 0x7f}, {0x42, 0x81, 0x80000000, 0x8}, {0x4, 0xffff, 0x6, 0x2}, {0x80000001, 0x7, 0x6, 0xe0}, {0x0, 0x9, 0x4, 0xb76}, {0x0, 0x8, 0x4, 0x36c2}, {0x6, 0xc63, 0xb, 0x7}, {0x1, 0x5, 0x5, 0x4}, {0x7, 0x200, 0x5, 0x3fc}, {0x10, 0x453, 0x6, 0x3}, {0xb, 0x5, 0x5, 0x5}, {0x0, 0x9, 0x8, 0x8}, {0x9, 0xd, 0x7f, 0x8000}, {0x7fffffff, 0x51, 0xd6fa, 0xb}, {0xd, 0x6, 0x2, 0x8}, {0x9, 0x9, 0x7ff, 0x9}, {0x8, 0xffffffff, 0x81, 0x200}, {0x3, 0x3, 0x6, 0x401}, {0xdc, 0x1ff, 0x101, 0x5}, {0x0, 0x7f, 0x60d4, 0x3}, {0x6, 0x8, 0xc, 0x8}, {0x400, 0xaef2, 0xfffb, 0x1}, {0x10001, 0xfffffffb, 0xfffffffa, 0x1ad}, {0x2, 0x4, 0x800, 0x5}]}}, @TCA_U32_INDEV={0x14, 0x8, 'vxcan1\x00'}, @TCA_U32_SEL={0x234, 0x5, {0x10, 0x9, 0x6, 0x10da, 0xa760, 0x0, 0x10, 0x100, [{0x1000, 0xe, 0xfffff000, 0x9f6}, {0x5, 0x3ff, 0x3, 0x4}, {0x2, 0xffffffff, 0x69c, 0x4000000}, {0x4009, 0x7, 0x40, 0x7d}, {0x2, 0xd033, 0x57, 0xffffffc0}, {0x1, 0x2, 0x20000009, 0x8}, {0x6, 0x7fff, 0x9, 0x2}, {0x3, 0xde5, 0x1, 0xbd}, {0x3, 0x80, 0x1, 0x6}, {0x0, 0x7fff, 0x0, 0x40}, {0x9, 0x10, 0x5, 0x5}, {0xac, 0xfffff08a, 0x8, 0x1}, {0x8, 0xfffffff9, 0xfffffffa, 0x51}, {0x49f, 0x7, 0x81, 0xb}, {0x5, 0x9, 0x2}, {0x10001, 0x7, 0xc841, 0x2}, {0x1000, 0x2, 0x264, 0x9}, {0x6, 0x0, 0x8, 0x7}, {0x3ff, 0x8, 0x3, 0xa6d}, {0x7, 0x7ff, 0x5, 0xc7}, {0x6, 0x8, 0x2, 0x1}, {0x7, 0x2, 0x5, 0x2}, {0xaa4, 0x406, 0x2, 0x127c}, {0x2, 0x4f, 0x5a2, 0xa2fa}, {0x10, 0xb, 0x2, 0x9}, {0x3, 0x7, 0x200, 0x1}, {0x2000004, 0x5d14, 0x7f, 0x72}, {0x7, 0x2, 0x7, 0x7}, {0x5, 0x7fff, 0x3, 0x438}, {0x7fff, 0x5, 0x401, 0xc42b}, {0x80, 0x3, 0x2, 0x1e0}, {0xfffffffc, 0x9, 0x40, 0x7}, {0x3, 0xa67, 0x400, 0x82}, {0xc, 0x8000, 0xfffffffb}]}}]}}]}, 0x60c}}, 0x24040084)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
socket$l2tp6(0xa, 0x2, 0x73)
clock_adjtime(0x0, &(0x7f0000000100)={0x362, 0x6a, 0x55cd, 0x8000000000000001, 0x48c, 0x5, 0xd, 0x424, 0x2, 0xffffffffffffffff, 0xf423f, 0xfffffffffffffff9, 0x7, 0x2, 0x1000000081, 0x5, 0x0, 0x5, 0x2, 0x9220000000000000, 0x3, 0x0, 0x80000001, 0x0, 0x5, 0x7})
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[@ANYBLOB="a000000021000100ef78be4ec900000000fefffffffc020000000000000000000000000000fc020000000000000000000000000001fffc0000000000000200e08000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="02000000000000005000110000000000000000000000ffff7f00000100000000000000000000ffff0a01010200000000000000000000000000000000fc0200000000000000000000000000003c0000000000000008000800"], 0xa0}, 0x1, 0x0, 0x0, 0x800}, 0x42000)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
pread64(r6, &(0x7f0000002180)=""/4101, 0x1005, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r7 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
fsopen(&(0x7f0000000240)='jfs\x00', 0x1)
ioctl$VIDIOC_S_SELECTION(r7, 0xc040565f, &(0x7f0000000000)={0xa, 0x100, 0x1, {0x6, 0x1000, 0x6, 0x86b}})

2m38.147700865s ago: executing program 3 (id=2771):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x38, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x3}]}], {0x14}}, 0x60}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000150a01020000000000000000000000000900010073797a3000000000a746e084542d961cbb9f90e9949eebb73d963523001932d177fb8917b6b42259c9e3e257cdefb57e6b70657c9c31cfd1a53aade72e17fbd86cb9f50d1f64fe798402813f49eb53d240600175ba3f69b101348f025b48191e73b2ccb20ad5408de2c2273154451b58"], 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x24040808)
socket(0x10, 0x80002, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r1, &(0x7f0000000340)={0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r3 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0xb, &(0x7f0000000000)=0x2, 0x4)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@gettaction={0x20, 0x32, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x4}, 0x1, 0x0, 0x0, 0x4000041}, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x140d, 0x4, 0x70bd29, 0x25dfdbfc}, 0x10}, 0x1, 0x0, 0x0, 0x8000}, 0x1)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x1, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="bf16000000000000b70200000100e0ff5070000028000000770000000000000095000200000000007ae9413df8ff0af5aa35339f4b382c4cad9db67dc983134d04ef2fd6fa7a9b857b72abaca100af1ba23d699b89e890c10500000000000000000000000000ac0e064c27bdfbd301150500000000000000bfdc995279d64072aacbb0595b95060000009ad3bf16a461e48e955a772d4062093f4cb1c3d9532abad2085401f098eb039ae4f4103699b9e079227e98cc07c09c1a72cb6d47cef1595e84d21951010f0274b1445a2ad6a7ad73827cccc21842599e0ae7b91f0b858b9267aa0b28d69a74ffdea613e892f0f9ff9468e4cb6dd65fd7bf3124702c6b1c2aea53ee0cb83ff180aa18b625d1667459c7cba77cedca0bff6d8370c33e2bd9cebd29c152ff9dc8c2772fe552fecfcd1778b0838100000031d521207e7423d86508416780983c2f380bc01cefe9773a9a5cd5b24aa24a561e72393c0ce2bf44825b05c1779fe74f884c2472ab45c2af60289cb199963312dd1929096c6f49d116f1612a7b97f77169fa5e8a66a372ef8e3ee7167f7d2a26fc6c3cfa4dc5860277223d6eb3460e3b10a0dc9495635a9fca19d7beb5e700498b43bdadc916c01264d22d7969530633f94b257fbc5da7a96820e31044c0b0f62619c9e351996185e4015510875b774666ba5c0ba9845ad25b578d7d714ff3a85586b9b452301f5470d0e0ae5d7f82f178f0c7c9c8f44c390c8a2c5be9e24a125420912ec9a3149f87b35ef1169f05e49164a4944e7b4da21f6f57020dd4f1f4f15edd7a0b1e24c6f79e3ea72a29c7928f000000006c5c8dddea685405273c7967d2c1a14efe0d53cb4b95a1ed7203000000ed52e5c08822cdcf2bc058ff9aab481926312fc7c88b1044e8c1c17d8c562edf69f4db96e059c49ec69a6086b5a3d24f4c8b10ab5f6a9f9eb5c881883e5671bbca4614df48103ca6e40891"], &(0x7f00000003c0)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x20}, 0x94)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r4, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="2800000011148d8a29bd7000fcdbdf2508004b001300000008000100000000000800030003000000320a55da2c5d5ef4f68f619cb083a5673149bc83e46a4831621f9acdb0cc90561b"], 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x4004800)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000840)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a40000000030a0fdb00000000000000000a0000050900030073797a30000000000900010073797a310000000014000480080002403cb140bb0800014000000003140000001100010000000000000000000100000ad6b0f094889f0b26be7fba3ea7"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
r6 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r6, 0x29, 0x24, &(0x7f0000000080), 0x4)
sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x8, @mcast1, 0x3, 0xffffffff}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000780)="f4000900062b3325fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)

2m23.014395067s ago: executing program 33 (id=2771):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x38, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x3}]}], {0x14}}, 0x60}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000150a01020000000000000000000000000900010073797a3000000000a746e084542d961cbb9f90e9949eebb73d963523001932d177fb8917b6b42259c9e3e257cdefb57e6b70657c9c31cfd1a53aade72e17fbd86cb9f50d1f64fe798402813f49eb53d240600175ba3f69b101348f025b48191e73b2ccb20ad5408de2c2273154451b58"], 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x24040808)
socket(0x10, 0x80002, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r1, &(0x7f0000000340)={0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r3 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0xb, &(0x7f0000000000)=0x2, 0x4)
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@gettaction={0x20, 0x32, 0x300, 0x70bd2b, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x4}, 0x1, 0x0, 0x0, 0x4000041}, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x140d, 0x4, 0x70bd29, 0x25dfdbfc}, 0x10}, 0x1, 0x0, 0x0, 0x8000}, 0x1)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x1, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="bf16000000000000b70200000100e0ff5070000028000000770000000000000095000200000000007ae9413df8ff0af5aa35339f4b382c4cad9db67dc983134d04ef2fd6fa7a9b857b72abaca100af1ba23d699b89e890c10500000000000000000000000000ac0e064c27bdfbd301150500000000000000bfdc995279d64072aacbb0595b95060000009ad3bf16a461e48e955a772d4062093f4cb1c3d9532abad2085401f098eb039ae4f4103699b9e079227e98cc07c09c1a72cb6d47cef1595e84d21951010f0274b1445a2ad6a7ad73827cccc21842599e0ae7b91f0b858b9267aa0b28d69a74ffdea613e892f0f9ff9468e4cb6dd65fd7bf3124702c6b1c2aea53ee0cb83ff180aa18b625d1667459c7cba77cedca0bff6d8370c33e2bd9cebd29c152ff9dc8c2772fe552fecfcd1778b0838100000031d521207e7423d86508416780983c2f380bc01cefe9773a9a5cd5b24aa24a561e72393c0ce2bf44825b05c1779fe74f884c2472ab45c2af60289cb199963312dd1929096c6f49d116f1612a7b97f77169fa5e8a66a372ef8e3ee7167f7d2a26fc6c3cfa4dc5860277223d6eb3460e3b10a0dc9495635a9fca19d7beb5e700498b43bdadc916c01264d22d7969530633f94b257fbc5da7a96820e31044c0b0f62619c9e351996185e4015510875b774666ba5c0ba9845ad25b578d7d714ff3a85586b9b452301f5470d0e0ae5d7f82f178f0c7c9c8f44c390c8a2c5be9e24a125420912ec9a3149f87b35ef1169f05e49164a4944e7b4da21f6f57020dd4f1f4f15edd7a0b1e24c6f79e3ea72a29c7928f000000006c5c8dddea685405273c7967d2c1a14efe0d53cb4b95a1ed7203000000ed52e5c08822cdcf2bc058ff9aab481926312fc7c88b1044e8c1c17d8c562edf69f4db96e059c49ec69a6086b5a3d24f4c8b10ab5f6a9f9eb5c881883e5671bbca4614df48103ca6e40891"], &(0x7f00000003c0)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x20}, 0x94)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r4, &(0x7f0000001a00)={0x0, 0x0, &(0x7f00000019c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="2800000011148d8a29bd7000fcdbdf2508004b001300000008000100000000000800030003000000320a55da2c5d5ef4f68f619cb083a5673149bc83e46a4831621f9acdb0cc90561b"], 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x4004800)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000840)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a40000000030a0fdb00000000000000000a0000050900030073797a30000000000900010073797a310000000014000480080002403cb140bb0800014000000003140000001100010000000000000000000100000ad6b0f094889f0b26be7fba3ea7"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
r6 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r6, 0x29, 0x24, &(0x7f0000000080), 0x4)
sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x8, @mcast1, 0x3, 0xffffffff}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000780)="f4000900062b3325fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)

1m54.859038653s ago: executing program 2 (id=2938):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x2, &(0x7f0000000180)=@srh={0x62, 0x0, 0x4, 0x0, 0xf8, 0x0, 0x8003}, 0x8)
syz_emit_ethernet(0x4a, &(0x7f0000000200)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)
r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000440)={0x1, @vbi={0x2, 0xffffffff, 0x31384142, 0x4c314356, [0xdf88, 0x6], [0xfffffffa, 0x8012], 0x108}})
r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x101c00, 0x0)
syz_emit_vhci(&(0x7f0000009c40)=ANY=[@ANYBLOB="04140003c9"], 0x17)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r3 = creat(&(0x7f0000000440)='./file0\x00', 0x0)
syz_open_dev$vim2m(&(0x7f0000000540), 0x1ff, 0x2)
open_by_handle_at(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="17000000fb"], 0x830200)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz1\x00', {0x1b10, 0x0, 0x1, 0x2}, 0x2f, [0x4, 0x1, 0x704d, 0x1, 0x5, 0x1, 0x2, 0x0, 0x4, 0xfffff401, 0xfffffffb, 0x8, 0x1, 0x100, 0xfe, 0x48, 0x7, 0x5, 0x2ca, 0x8, 0x76, 0x8, 0x0, 0x81, 0x40, 0x19b1, 0x8000, 0x4, 0x797, 0x4000000, 0x3, 0x3, 0xe, 0x7, 0x1, 0x1, 0x5, 0xe, 0x7, 0x10001, 0x9, 0x7f, 0x8, 0x6, 0xfffffff7, 0x4, 0x7, 0x40, 0x7f, 0x9, 0x1, 0x6, 0x3, 0x2284919, 0x4, 0x5643fa73, 0xfffeffff, 0x4a, 0x800, 0xa, 0x8a, 0x6, 0x1, 0x6], [0xfffffed2, 0x7fffffff, 0xffff, 0x8, 0xe62, 0x3, 0x3, 0x9, 0xc33, 0x3, 0x7, 0x800, 0x6c368000, 0x8, 0x1000007, 0x0, 0x10, 0x5, 0x8, 0x8001, 0x3, 0x7fff, 0x80000009, 0x0, 0x5, 0x4, 0x401, 0x8, 0x40, 0xc10, 0x80000001, 0x3, 0x3, 0x3, 0x7, 0x8, 0x8, 0x5, 0x4, 0x9, 0x5, 0x3, 0x2, 0x3, 0x0, 0x11e, 0xa4, 0x0, 0x5, 0xd69, 0x9, 0xf404, 0xf1, 0x3, 0x3, 0x1, 0x6, 0x6, 0x0, 0x6, 0x8, 0x6, 0x4, 0x1000068], [0x1, 0x1, 0x4, 0xfffffffc, 0x0, 0x7fff, 0x405, 0x9, 0x2, 0xffc, 0x7, 0x4, 0xc, 0x7, 0xa, 0xa, 0x8, 0x7, 0x5, 0x5, 0x2, 0x30000000, 0x644, 0x2, 0xfffffffd, 0x7, 0x5, 0x7f, 0x7ff, 0xd, 0x400, 0xf, 0x41, 0x81, 0xc99, 0x25a, 0x2, 0x0, 0x2, 0x5d9fffa, 0x3ff, 0x41, 0x1, 0x8, 0x10000, 0xe7, 0x200, 0x7af5, 0x0, 0xb, 0x0, 0xffff, 0x7, 0xc, 0x2, 0x81, 0x9, 0x2, 0x7, 0x100, 0x7, 0x0, 0x6, 0x10], [0xffffff80, 0xd5800000, 0x0, 0x4, 0x2, 0x62a, 0x3, 0x407, 0xb343, 0x4, 0x1, 0x8, 0x8000, 0x8, 0xffffff81, 0x80000000, 0x5, 0x3, 0x201, 0xfff, 0x3, 0xfffffffd, 0x3c63, 0x7, 0x6, 0xe6, 0xffffffff, 0x3, 0x2, 0x7, 0x1, 0x7, 0x7, 0x8, 0x1, 0xf, 0x9, 0x17cb, 0x0, 0x3, 0x6fe, 0xe, 0x7, 0x13a, 0x7, 0x0, 0xb757, 0x2, 0x11b, 0x996, 0x54, 0x8c1, 0x0, 0x5, 0x4, 0x2, 0x5, 0x10000400, 0x9, 0x5, 0x3, 0xfffffffb, 0xc, 0x6]}, 0x45c)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r4 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r4, 0x89e1, &(0x7f0000000140)={r4})
writev(r2, &(0x7f0000000380)=[{&(0x7f0000000040)="123989129f63a32eb21b0424dd91600395466393248b0012d29105af0f05754cb684ed18a97e052205727518fd1b3d63ca89f595ab97c813ff44a79ee5b9b8b4bf2a44d076420b915e10485cb422df7764357d5def2c93fc212c9642f42498b2baa2c599e17cebdb2a8a18ff6225a7fdc24a760d257355a340016b539bbc5263f0e608b57c72cf216dbffc79fc91939ee3baa24bfabbfabae7775449", 0x9c}, {&(0x7f0000000100)="1ac9a71ec5c95681c17520c3302c60a9ca3d56863a033b876bdd594b495e13d283de3d46a2e76be56835ae0b3483cf1a151b6199eac60566edbdee0c61721d68b0e9bd7ce07ef593244261697fb1292bee9e4e3f9c73776919b6776af6f629ccd4e99caca1f698f1b8c88d171daeb0708cd67cea006422b25cb6", 0x7a}, {&(0x7f0000000180)="17d8e4480330add15235d754e05d3154ee1a97e57821dc1efd435ee2b1b9ca3d6b5a8ea895eb35cfa3f38ddd5a5e69006f352dbd72f8e9f6ac62c90b23d41499a37daf460780700022cc7cfda5819228d900cd68459b98911e514b75225d5fb392af2227235485a4d040aa020d692e327297b00ba950be508ebe8f4e888839848598d3415409055bb80536477c4755fb22638f45e585d7b0c32657f55589f5554af2e7aa6a346ccdcf8fcca31a7af89f9b567322902351e989b95e693847fa6f47d864d84d", 0xc5}, {&(0x7f00000002c0)="9c00612fa41addc605877830c2fc8ee37e7bd4a09c334033e83912a5ccb34212eb7f9bdb58725161d44e28c59704713976d263ff9831f9fcf252524bd140f6fc0b885950", 0x44}], 0x4)
clock_nanosleep(0xfffffff2, 0x1, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)

1m53.537143111s ago: executing program 2 (id=2940):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x4c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff4}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{0x0}], 0x1)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback}, 0x1c)
socket$igmp6(0xa, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000000)="2e0f00d066b8010000000f01d90f01c96636f30f2240650f01c465f0000d0f01fbbaf80c66b800f0498b66efbafc0cb86bd9ef0fc7acdcd4660f3a405676f6", 0x3f}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(r2, 0x4068aea3, &(0x7f0000000080)={0x74, 0x0, 0x50})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mount$9p_fd(0x0, 0x0, 0x0, 0x4080, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
read$FUSE(r5, &(0x7f00000005c0)={0x2020}, 0x2020)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x4}}, 0x1c}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
syz_clone3(&(0x7f00000006c0)={0x1e2844880, 0x0, 0x0, 0x0, {0x30}, 0x0, 0x0, 0x0, 0x0}, 0x58)

1m51.943679989s ago: executing program 2 (id=2945):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000580)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000540)='%pS    \x00'}, 0x20)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000006c0)={&(0x7f0000000000)="b9d5856eb6ca885890be4dfeb03a0e9ca155bec40946a8", &(0x7f0000000cc0)=""/4096, &(0x7f00000002c0)="145054f1745e729a89e472db38ca3944106c61a0f09f24dc14aa84534224b2ccc80c97c1b992f3424873a4eee35d7618b05579ff3a77950ac8c06f6e23de2135e5afdd22b39715a7ac8a22ef1acf6c8b5798368d3b84e1312023a67eee2fa12a23366f9a2430974f3e99413fc3f1eeebbbdaec77d1a2cd86045ec4c9f78e2cece4af41be52028fdd0d7ff0603be1e15fedb3a2530f58f47ccd96052698883bfb126d032dccb5ddd952df76242d04d44af73357819f09926529777582392622717898e7a3c7", &(0x7f0000000600)="954c38d7ad0364aaed2d846de572ef600880c88f8d13de93d07ff4cf46cf2d659922d5c8055e4b3a270ea773ba458a7335e824e5d3c5e2dccb5c18a273e988a6ecdfd0895d48fabad209473f1a6dfab93b9bf86054977601a4cd6a7390582fb1e920a6abdfe188661128620c3f6b0b37b18dc8966c6b3fabc0dae03e35790a3854ad55", 0x7, r2}, 0x38) (async)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0xf, 0xfffffe0000000001, 0xfa15, 0x1ff}, 0x0) (async)
mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) (async)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/address_bits', 0x0, 0x0)
lseek(r4, 0x1, 0x0)
r5 = accept4(r3, 0x0, 0x0, 0x800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$video4linux(0x0, 0x200007, 0x8482)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) (async)
socket$packet(0x11, 0x2, 0x300) (async)
ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, 0x0) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) (async)
openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xd40, 0x80) (async)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32], 0x48) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r6 = openat$dlm_monitor(0xffffff9c, &(0x7f0000003f80), 0x0, 0x0) (async)
r7 = openat$ubi_ctrl(0xffffff9c, &(0x7f00000041c0), 0x8000, 0x0)
dup2(r7, r6) (async)
r8 = getpid()
syz_pidfd_open(r8, 0x0)

1m51.68812485s ago: executing program 2 (id=2947):
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="11000000040000000400000001"], 0x48)
openat$nullb(0xffffffffffffff9c, 0x0, 0xa4242, 0x0)
socket$kcm(0x29, 0x2, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000003580)={0x2, 0x4e27, @multicast1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r2, 0x6, 0x4, 0x0, &(0x7f0000000080))

1m51.105240642s ago: executing program 2 (id=2949):
socket$igmp6(0xa, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280), 0x13f, 0xa}}, 0x20)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, 0x0, &(0x7f0000000180), 0x4080, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r2}})
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
read$FUSE(r3, &(0x7f00000005c0)={0x2020}, 0x2020)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002540)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000340)=ANY=[@ANYRESDEC=r4, @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000020000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESOCT=0x0])
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r5 = getpid()
fcntl$setstatus(r4, 0x4, 0x40000)
syz_pidfd_open(r5, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x2000, {0x0, 0x0, 0x74, r7, {0xfffd, 0x10}, {0x1, 0xfff1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x30004804}, 0x4840)
umount2(&(0x7f0000000040)='.\x00', 0x2)
r9 = inotify_init1(0x80800)
fcntl$setown(r9, 0x8, 0xffffffffffffffff)
fcntl$getownex(r9, 0x10, &(0x7f0000000040))

1m49.379381224s ago: executing program 2 (id=2953):
gettid()
poll(0x0, 0x0, 0x7)
setitimer(0x0, 0x0, 0xffffffffffffffff)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r1 = epoll_create1(0x80000)
r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)={0x2005})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000440)={0x20000002})
epoll_pwait2(r1, &(0x7f0000000000)=[{}], 0x1, &(0x7f0000000080), 0x0, 0x0)
unshare(0x6a040000)
r3 = socket(0xa, 0x2, 0xfffffff2)
ioctl$sock_netrom_SIOCADDRT(r3, 0x6180, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000002280), 0x1, 0x841)
ioctl$EVIOCSREP(r4, 0x40084503, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000))

1m34.112237015s ago: executing program 34 (id=2953):
gettid()
poll(0x0, 0x0, 0x7)
setitimer(0x0, 0x0, 0xffffffffffffffff)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r1 = epoll_create1(0x80000)
r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000040)={0x2005})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000440)={0x20000002})
epoll_pwait2(r1, &(0x7f0000000000)=[{}], 0x1, &(0x7f0000000080), 0x0, 0x0)
unshare(0x6a040000)
r3 = socket(0xa, 0x2, 0xfffffff2)
ioctl$sock_netrom_SIOCADDRT(r3, 0x6180, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000002280), 0x1, 0x841)
ioctl$EVIOCSREP(r4, 0x40084503, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000))

9.070171797s ago: executing program 6 (id=3342):
ioctl$KDGKBLED(0xffffffffffffffff, 0x4b64, &(0x7f00000000c0))
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
r3 = socket$pppl2tp(0x18, 0x1, 0x1) (async)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) (async)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="20131d000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32)
sendmmsg(r3, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0) (rerun: 32)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000", @ANYRES16=r5, @ANYBLOB="010002000000fbdbdf2536000000"], 0x14}}, 0x0)

7.206051877s ago: executing program 7 (id=3347):
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x2000, 0x0)
ioctl$COMEDI_INSNLIST(r3, 0x8010640b, &(0x7f00000001c0)={0x1, &(0x7f0000000080)=[{0x6000004, 0x0, 0x0, 0xfff, 0x59de74f2}]})

7.173831775s ago: executing program 4 (id=3348):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00'})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r1, 0x0, 0x10000000000000}, 0x18)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000000)={0x0, 'ipvlan1\x00', {0x4}, 0x9})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000000580)=ANY=[@ANYBLOB="aa03000000aaaaaaaaaa34bb86dd6000577a00140600fe800014000000000000000006000000fe80000000060200aa00004e22000000000000000b0294d033dad89e85ea0ed13022f666686e5b985e9831c46ed62c00455c93a3fe044bca569da2f94178fa8143631d6bea2b9ccff24b47c3cdb0c4add447b427e6908c8a7f958a99a22dde01521800a977723aa49c36e941533d2df4d761ecf6d81a6552bf296e922e004ccefbdffa36b9d227ed36403b47a2dc2a086b1e334a18d76a72c50366b0c3a9231ce7fece8eba98fa54ce1b4e255915e83efe226dfdbbacc05d10974e39e377ecab076deaca8bde7e7237e15ec7f0d36d3800b7bdbfe9", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5010000090780004"], 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="01000000000000000008000000000000", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000971bac5544ad77590779467f", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x80}, 0x1, 0x0, 0x0, 0xc0}, 0x4001)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000440))
r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

7.075461626s ago: executing program 6 (id=3349):
sendmmsg(0xffffffffffffffff, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = openat$comedi(0xffffff9c, &(0x7f0000000440)='/dev/comedi0\x00', 0x101001, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000140)={'comedi_bond\x00', [0x2c, 0x0, 0x3, 0x5, 0x2f, 0x7, 0x7, 0x5, 0xffe, 0x73a, 0xa00, 0x80001, 0x1001, 0x8008, 0xffff, 0xffff, 0xffffffa8, 0x6, 0x1ff, 0x8, 0x7, 0x2, 0x8, 0xe2df, 0x746f, 0x10000008, 0x5, 0x3, 0x0, 0x1, 0x8049]})
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r4=>0x0})
sendto$packet(r3, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000040)={0x11, 0xe, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000740)='./binderfs/binder1\x00', 0x1802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r6 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, 0x0)
r7 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x2)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
ioctl$NBD_DO_IT(r7, 0xab03)
ioctl$NBD_CLEAR_SOCK(r7, 0xab04)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r6, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4b0, 0xe3, 0xffffffff, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x0, 0x1, 0xbd5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcb776f6, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62d7, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xffffff7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x80, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xff, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7357c35c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x5, 0x4, 0x40000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x800, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1cd5a44b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000001c0)={<r8=>0x0, @loopback, @remote}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@getqdisc={0x30, 0x26, 0x4, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0xf, 0xfff2}, {0x4, 0xa}, {0x3, 0x8}}, [{0x4}, {0x4}, {0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x20000001)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0x8, &(0x7f0000001f80)=ANY=[@ANYBLOB="7a0af8ff7525732cbfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000f700000000b2595285fa97ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5956fc4a33ca263e2b5d47b2b00000000b1a297cfddd73f30f2382f6c2d3ffdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000010000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc70bb30d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e3841bef895c5a637b0bf2eac3cb07b74a72291a1a2b523dd81b6651b1ee29e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e90000000001000000b6b2f25ddb8c640ab321a402058c92cdfbea882b0b18914781ceb10814cf4ee23ddb79fff5eb156e0a000000000000f2bd164a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8fdf3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0aa390d0da6972ed719d7e0efb2bb713d1890e317c8de105c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1376eda2b9c66200349e62d4d0ab1a1dc51907c980000cfb215af2c1a3c22243cce23b00000a857d61b0d66c3f6da8aed31027c33204ea0fa0620111920d3f24980e9995a510bd87b06440a0a2613"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r9, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x50)
add_key$user(&(0x7f0000006400), 0x0, 0x0, 0x0, 0xfffffffffffffffe)

4.904186735s ago: executing program 0 (id=3355):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000004c0)={0xc1, 0x101, 0x0, 'queue0\x00', 0x2})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="7961fdffffff000400007e0000e00bf6000c0099006d91000015"], 0x20}}, 0x4000054)
creat(&(0x7f0000000340)='./file0\x00', 0x14)
r3 = syz_pidfd_open(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000440), 0x1004001, &(0x7f0000000280)=ANY=[@ANYBLOB="0000000000000003497266446e6f3d", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',\x00'])
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)

4.746290378s ago: executing program 0 (id=3357):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r1=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)={0x7c, r0, 0x800, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x5}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1a0}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3c2007f}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x3b6}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x81}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16d5}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xb68b}], @NL80211_ATTR_CSA_IES={0x14, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x6, 0xba, [0x400]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x6, 0xba, [0x6]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20000800}, 0x44800)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
pipe2$watch_queue(&(0x7f0000000280)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
r6 = add_key(&(0x7f0000000040)='cifs.spnego\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r6, r4, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
sendmsg$nl_route(r8, 0x0, 0x4000040)
sendmsg$nl_xfrm(r7, 0x0, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1)
keyctl$revoke(0x3, r6)
syz_io_uring_setup(0x52d0, &(0x7f0000000580)={0x0, 0x0, 0x1, 0xfffffffe, 0x3, 0x0, r5}, &(0x7f0000000000), &(0x7f0000000100))
r11 = socket$inet_sctp(0x2, 0x1, 0x84)
r12 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r12, 0x0, 0x482, &(0x7f00000000c0)={0x84, @multicast2, 0x15, 0x3, 'rr\x00', 0x30, 0x4, 0x68}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r12, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010101, 0x4e21, 0x3, 'lc\x00', 0x11, 0x3240, 0x3d}, {@loopback, 0x4e23, 0x4, 0x8628, 0x12d5c, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_DELDEST(r11, 0x0, 0x488, &(0x7f0000000280)={{0x84, @empty, 0x4e20, 0x3, 'lblc\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffc}}, 0x44)

4.634802428s ago: executing program 4 (id=3358):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000080)='GPL\x00'}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="61123000000000006113100000000000bf2020000000000016000200071b48013f030100000000009500000000000000bc26000000000000bf67000000000000070200000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0x5, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x2, 0x3, 0x84)
socket$inet6(0xa, 0x1, 0x0)
socket(0x10, 0x803, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f0000000880)=r3}, 0x20)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, r5, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000140)=ANY=[], 0x0)

4.633749362s ago: executing program 6 (id=3359):
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000e02800850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='rxrpc_timer\x00', r0, 0x0, 0x2}, 0x1)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
write(r3, &(0x7f0000000340)="07000000010000", 0x7)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(r4, r3, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
modify_ldt$read(0x0, &(0x7f0000000300)=""/112, 0x70)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$dri(0x0, 0x1, 0x0)
io_setup(0x9, &(0x7f0000000240))
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x2, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x24}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
getrlimit(0x5, &(0x7f0000000140))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r6, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"})

4.632077863s ago: executing program 5 (id=3360):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x4, 0x4}, 0x10)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000004c0)=ANY=[@ANYRESOCT, @ANYRESOCT, @ANYBLOB="f7e74dd7e1fcef148df3f1d9ad12bb308b5e4c673c45cab39876e019f08ea2ec421f9738e982f937887691a486d902cf885bb1b6dc0e76ac29b18e6564f4be8e68dc6f340d686094b4887732507e5aa8cd880bac5f601be9e0e3483f68e5fbc408217a3b5dc93a47eb47a8d8a889dbba229ea4797c2f", @ANYRES16, @ANYRESOCT])
read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020, 0x0, <r0=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000440)={0x50, 0x0, r0, {0x7, 0x29, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x4, 0x0, 0x0, 0x0, 0x3}}, 0x50)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
syz_open_dev$vbi(0x0, 0x1, 0x2)
syz_open_dev$video(0x0, 0xc407, 0x800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x182)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000600)='./bus\x00', &(0x7f0000001080)=ANY=[], 0x0, 0x200)
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000003c0)={0x0, <r4=>0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r2, 0xc03064b7, &(0x7f0000000a00)={r6, r4, r5, 0x0, 0x1, 0x2, 0x0, 0xffffffff, 0x7, 0x1, 0x3, 0x80003f})
ioctl$TIOCGPTPEER(r1, 0x40480923, 0x7)
r7 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
add_key$user(&(0x7f0000000040), &(0x7f00000001c0)={'syz', 0x1}, &(0x7f00000002c0)="0a2bb6829d35c34050c3fd5bab2ab51e51c98a209e68d1898e3b8a776913132d10038303cd9ad71d6f5198830d4420ff681d52d0c55a9e1bcc9bdcb5f5822c68eed481ac8b3c265f6e864afc70a271c4034d94e71816df6732e05a46", 0x5c, r7)

3.943948028s ago: executing program 6 (id=3361):
mincore(&(0x7f0000bfe000/0x400000)=nil, 0x400000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000002440)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_io_uring_setup(0x53f, &(0x7f0000000440)={0x0, 0x807734, 0x400, 0xfffffff8, 0xfe}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f00000002c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) (fail_nth: 2)

3.914607932s ago: executing program 4 (id=3362):
socket$inet(0xa, 0x801, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r2, 0x0, 0x6, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x94, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x94}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x94, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TUPLE_ORIG={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}]}, 0x94}}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
writev(r7, &(0x7f0000000940), 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r8, 0x4004ae99, &(0x7f00000001c0)=0x3)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
madvise(&(0x7f000023f000/0x2000)=nil, 0x2000, 0x13)
setsockopt(r9, 0x84, 0x7f, &(0x7f0000000040), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r8, 0x4400ae8f, &(0x7f0000000380)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ffd3bf79a1f5c5dc34cf2645cbc11c4562d22db8780edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b000000fb354673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0100f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce78754182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f26df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132155fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
sched_setattr(0x0, 0x0, 0x0)

3.881701206s ago: executing program 5 (id=3363):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x4, 0x4}, 0x10)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000004c0)=ANY=[@ANYRESOCT, @ANYRESOCT, @ANYBLOB="f7e74dd7e1fcef148df3f1d9ad12bb308b5e4c673c45cab39876e019f08ea2ec421f9738e982f937887691a486d902cf885bb1b6dc0e76ac29b18e6564f4be8e68dc6f340d686094b4887732507e5aa8cd880bac5f601be9e0e3483f68e5fbc408217a3b5dc93a47eb47a8d8a889dbba229ea4797c2f", @ANYRES16, @ANYRESOCT])
read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020, 0x0, <r0=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000440)={0x50, 0x0, r0, {0x7, 0x29, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x4, 0x0, 0x0, 0x0, 0x3}}, 0x50)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
syz_open_dev$vbi(0x0, 0x1, 0x2)
syz_open_dev$video(0x0, 0xc407, 0x800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x182)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000600)='./bus\x00', &(0x7f0000001080)=ANY=[], 0x0, 0x200)
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000003c0)={0x0, <r4=>0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r2, 0xc03064b7, &(0x7f0000000a00)={r6, r4, r5, 0x0, 0x1, 0x2, 0x0, 0xffffffff, 0x7, 0x1, 0x3, 0x800300})
ioctl$TIOCGPTPEER(r1, 0x40480923, 0x7)
r7 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
add_key$user(&(0x7f0000000040), &(0x7f00000001c0)={'syz', 0x1}, &(0x7f00000002c0)="0a2bb6829d35c34050c3fd5bab2ab51e51c98a209e68d1898e3b8a776913132d10038303cd9ad71d6f5198830d4420ff681d52d0c55a9e1bcc9bdcb5f5822c68eed481ac8b3c265f6e864afc70a271c4034d94e71816df6732e05a46", 0x5c, r7)

3.748169875s ago: executing program 6 (id=3364):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00'})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=ANY=[], 0x40}}, 0x0)

3.730023555s ago: executing program 7 (id=3365):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x2, &(0x7f0000000180)=@srh={0x62, 0x0, 0x4, 0x0, 0xf8, 0x0, 0x8003}, 0x8)
syz_emit_ethernet(0x4a, &(0x7f0000000580)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd600a84350014060000000000000000000000000000000000fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="c6f5feebe8a0da813f3059be52b33718ea2f4666dcc17c8072f6ce8827959849ec32dc457d4c7ca416dbe6857eed14c7ba587737d4b865bebe628cfb289ce55d4e501e5add2f4517eccfafd40f9d184590ff1f4a1173ce96a069aa31"], 0x0)
r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000440)={0x1, @vbi={0x2, 0xffffffff, 0x31384142, 0x4c314356, [0xdf88, 0x6], [0xfffffffa, 0x8012], 0x108}})
r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x101c00, 0x0)
syz_emit_vhci(&(0x7f0000009c40)=ANY=[@ANYBLOB="04140003c9"], 0x17)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r3 = creat(&(0x7f0000000440)='./file0\x00', 0x0)
syz_open_dev$vim2m(&(0x7f0000000540), 0x1ff, 0x2)
open_by_handle_at(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="17000000fb"], 0x830200)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz1\x00', {0x1b10, 0x0, 0x1, 0x2}, 0x2f, [0x4, 0x1, 0x704d, 0x1, 0x5, 0x1, 0x2, 0x0, 0x4, 0xfffff401, 0xfffffffb, 0x8, 0x1, 0x100, 0xfe, 0x48, 0x7, 0x5, 0x2ca, 0x8, 0x76, 0x8, 0x0, 0x81, 0x40, 0x19b1, 0x8000, 0x4, 0x797, 0x4000000, 0x3, 0x3, 0xe, 0x7, 0x1, 0x1, 0x5, 0xe, 0x7, 0x10001, 0x9, 0x7f, 0x8, 0x6, 0xfffffff7, 0x4, 0x7, 0x40, 0x7f, 0x9, 0x1, 0x6, 0x3, 0x2284919, 0x4, 0x5643fa73, 0xfffeffff, 0x4a, 0x800, 0xa, 0x8a, 0x6, 0x1, 0x6], [0xfffffed2, 0x7fffffff, 0xffff, 0x8, 0xe62, 0x3, 0x3, 0x9, 0xc33, 0x3, 0x7, 0x800, 0x6c368000, 0x8, 0x1000007, 0x0, 0x10, 0x5, 0x8, 0x8001, 0x3, 0x7fff, 0x80000009, 0x0, 0x5, 0x4, 0x401, 0x8, 0x40, 0xc10, 0x80000001, 0x3, 0x3, 0x3, 0x7, 0x8, 0x8, 0x5, 0x4, 0x9, 0x5, 0x3, 0x2, 0x3, 0x0, 0x11e, 0xa4, 0x0, 0x5, 0xd69, 0x9, 0xf404, 0xf1, 0x3, 0x3, 0x1, 0x6, 0x6, 0x0, 0x6, 0x8, 0x6, 0x4, 0x1000068], [0x1, 0x1, 0x4, 0xfffffffc, 0x0, 0x7fff, 0x405, 0x9, 0x2, 0xffc, 0x7, 0x4, 0xc, 0x7, 0xa, 0xa, 0x8, 0x7, 0x5, 0x5, 0x2, 0x30000000, 0x644, 0x2, 0xfffffffd, 0x7, 0x5, 0x7f, 0x7ff, 0xd, 0x400, 0xf, 0x41, 0x81, 0xc99, 0x25a, 0x2, 0x0, 0x2, 0x5d9fffa, 0x3ff, 0x41, 0x1, 0x8, 0x10000, 0xe7, 0x200, 0x7af5, 0x0, 0xb, 0x0, 0xffff, 0x7, 0xc, 0x2, 0x81, 0x9, 0x2, 0x7, 0x100, 0x7, 0x0, 0x6, 0x10], [0xffffff80, 0xd5800000, 0x0, 0x4, 0x2, 0x62a, 0x3, 0x407, 0xb343, 0x4, 0x1, 0x8, 0x8000, 0x8, 0xffffff81, 0x80000000, 0x5, 0x3, 0x201, 0xfff, 0x3, 0xfffffffd, 0x3c63, 0x7, 0x6, 0xe6, 0xffffffff, 0x3, 0x2, 0x7, 0x1, 0x7, 0x7, 0x8, 0x1, 0xf, 0x9, 0x17cb, 0x0, 0x3, 0x6fe, 0xe, 0x7, 0x13a, 0x7, 0x0, 0xb757, 0x2, 0x11b, 0x996, 0x54, 0x8c1, 0x0, 0x5, 0x4, 0x2, 0x5, 0x10000400, 0x9, 0x5, 0x3, 0xfffffffb, 0xc, 0x6]}, 0x45c)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r4 = socket$kcm(0x2d, 0x2, 0x0)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r5, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r7, r6, <r8=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r7, r8, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
ioctl$IOMMU_GET_HW_INFO(r3, 0x3b8a, &(0x7f0000000740)={0x28, 0x0, r7, 0xee, &(0x7f0000000640)=""/238})
ioctl$sock_kcm_SIOCKCMUNATTACH(r4, 0x89e1, &(0x7f0000000140)={r4})
writev(r2, &(0x7f0000000380)=[{&(0x7f0000000040)="123989129f63a32eb21b0424dd91600395466393248b0012d29105af0f05754cb684ed18a97e052205727518fd1b3d63ca89f595ab97c813ff44a79ee5b9b8b4bf2a44d076420b915e10485cb422df7764357d5def2c93fc212c9642f42498b2baa2c599e17cebdb2a8a18ff6225a7fdc24a760d257355a340016b539bbc5263f0e608b57c72cf216dbffc79fc91939ee3baa24bfabbfabae7775449", 0x9c}, {&(0x7f0000000100)="1ac9a71ec5c95681c17520c3302c60a9ca3d56863a033b876bdd594b495e13d283de3d46a2e76be56835ae0b3483cf1a151b6199eac60566edbdee0c61721d68b0e9bd7ce07ef593244261697fb1292bee9e4e3f9c73776919b6776af6f629ccd4e99caca1f698f1b8c88d171daeb0708cd67cea006422b25cb6", 0x7a}, {&(0x7f0000000180)="17d8e4480330add15235d754e05d3154ee1a97e57821dc1efd435ee2b1b9ca3d6b5a8ea895eb35cfa3f38ddd5a5e69006f352dbd72f8e9f6ac62c90b23d41499a37daf460780700022cc7cfda5819228d900cd68459b98911e514b75225d5fb392af2227235485a4d040aa020d692e327297b00ba950be508ebe8f4e888839848598d3415409055bb80536477c4755fb22638f45e585d7b0c32657f55589f5554af2e7aa6a346ccdcf8fcca31a7af89f9b567322902351e989b95e693847fa6f47d864d84d", 0xc5}, {&(0x7f00000002c0)="9c00612fa41addc605877830c2fc8ee37e7bd4a09c334033e83912a5ccb34212eb7f9bdb58725161d44e28c59704713976d263ff9831f9fcf252524bd140f6fc0b885950", 0x44}], 0x4)
clock_nanosleep(0xfffffff2, 0x1, &(0x7f0000000340)={0x0, 0x989680}, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)

3.383810088s ago: executing program 6 (id=3366):
r0 = socket$inet(0xa, 0x801, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r3, 0x0, 0x6, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x94, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x94}, 0x1, 0x0, 0x0, 0x4041}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x94, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_TUPLE_ORIG={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}]}, 0x94}}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
writev(r8, &(0x7f0000000940), 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f00000001c0)=0x3)
sendmmsg$inet6(r0, &(0x7f0000002400)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x10001, @loopback, 0x9}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000300)="756d1604a67f07537f7262ca20063008223b0c5690583dd5423fb3f579902284dbefa831ca9f649db51946b01cb6", 0x2e}], 0x1, &(0x7f00000024c0)=ANY=[@ANYBLOB="1400000000000000290000003e0000000100000000000000300000000000000029000000040000008702000000000000c9100000000000eeff00000000000000000105020008000014000000000000002900000043000000f8db000000000000280000000000000029000000390000000002020900000000000000000000001d682272c000000000203100000000"], 0x88}}, {{0x0, 0x0, &(0x7f0000000c80), 0x0, &(0x7f0000000d00)}}, {{&(0x7f0000000d40)={0xa, 0x4e21, 0xd3, @local, 0x6}, 0x1c, &(0x7f0000002340)=[{&(0x7f0000000d80)="968a9e493364a5376183b3bea0c489233e9b579a44025541071a79a09ac905fffff186fc8c33cff9c628f3220fefbcc40c28c120529ad1b418eb8ab28d6e716f05e7fe8757bdd44ece46df516a5d143250ca29c618918dfa01538aafcd1081b66c684148e914eee52872648491229f050962bca2098d229786977b3f9e265910cb968023b00ec9b7725c5e303fd6e5bb065278fe01e68d30a441ff30e246d725e01d5d4e96f2e94d6ce21ee076a6aa2b3f6179bee34758a7ee8b92f3c515b5833978ce9283a20d039a9191d1c2619df0438391d10217d94eecbb22f6adc14966eb83277ce2af380b876013f8ae796c3b5e3332334e9f68def7d46ff2b3c6863a16d4f3dd7a3f6edd6c076592b11266865fb40a0be9acdb66fa70b87359cf829d0f7073d5dd477903b18825b195da3f6faf27add80d103b66c568021b5ffbd3c1a2d9dd4ebbd6b5a70a2df38d879f396b935d02bb444eb19ea633a2f8b1856ed13ade2121f5e01b61d14ac0f4a635b7dad2489c6ba668a87c36e68b7da8309b92c70974402c4cb278912e2f53f0e8852ec71fb3c762609b295a20886ddb356ad878942fbe7bd4059a12ce63cf6ff1d759b52220ca47ba239b87950adc39da2de201283cc6beb8b31c48c28f4aafd6dcc3e25a85e94c126e385bd76a40b87c53013ca34b5bb949370a6e1769717efb7290852aa32dc7ad54bca6906b5d3a751d0ba498831f45aeb0285ba981921ad6a7888d6d98331aea52d8f1dd7fc535a7a4b33822b922284059d7819cee853a6ac8274dc7ddeebf451ca60af870860880565cbcfe0201620901c56016c4fdd9832799e4619fcff2c8fbd5628a81ddcbacf9cff532a6361fe98613225af142bd3aa8ac6d917965234a22227c4bea5abdac35b6cb5944289e76616fa529099a6c64f5a8ba8929c7dafd00cb641ce0bcc261588b16c5a60a8436ae69703a71f2cbf068bba2a15b484f09cf06ee9d7d31e0f0a844c1f66b09df369f4b0eec199cffd8df3745becb4653e15039b4c4012d7008e7a759627d36f716c9e194b907a9179e385a53b5a14c414679db4c6d474bb7552053ade378391fb1fbc19ec570e104e5a15d6c1d5766669e569fb3ed9d47a7d05ae1005b001bd527eeec6982af4126d298e836c9f4bc39018f4592a3929c4683d0b3aa7443c09df850a3071ef01f0075bcb490ef3150a1cbe8f89acf0877c35fbe3d6ed83f1a0f60a667dcc81c33f032335883ff3e90e2fb4f8083dbce4b1240d8b81ce06756ad9c4dd3aaa1fc8035fd1be5de79315239d9dc27d7a84568964026978198d7e49d8fa50af857a9685cfbccebe91980eb5935d5559c1233227739c2a39ac3c251286a6aa051ae91246798cb7a8d5d62117287b3d532996ac2cc9a6aa741bafef8920659e268e317f216f637afc70d2adf96924023011d27e3df8177b1ef83731c2146e18caab03db63d8fafd675ceaec0f4424d8256a9a2a9bb32c7a386a9e3151f19ba9f6143374c1e83933c3b86444d2d446049c3d4c367be7ad4d58b8124ad06710cfd5cfb141098b91356de4ea20b6ef2b5f733727b2a941d80604c130e77ff52f343a21c62234e6be84bab060b5904613897455c8d52db95e56b7b3d2266d13bd2d01d726008b5da672680facf279cc94358cc1a2704018b5ad7e3e07b945b3a9f3c3d9ba61eecbed90af82168c9ad986508957a35751555cac21e8f4fa0d4e048f8af8e54f05d20e62f351429e69b4b8de7ec3c094fd09c4e96d3d2860087d4f758ff3b34d627c24324306a81d8f692d1bdfe49a0da536e814e746d18ae1644fbb05e720ff3d4473d19534bcbc326f04dcf2927e11da7e5d471cce0d78df6948e5b6e7045a1829b690d6152ef37f66f536f636371a855062bed9fb8bc3c63f625f503cb7eda06f7d5288b2dce66f3804d596ba446cc66b90cc1395688c1bd69b454bda4537f0f367aed7ea47a741555f1a7303f6309f4a84ce9a7ab22e181f24ea219f49eb425747d1c356ff95c6760816474af0ea78b868e119bc4ba6d20ed6c4a76bc392779bd3feac614301c5f44333a0c46136a7eabfc47e2383b7729530041d0b1ae25a849ad4ec25c20329b2460ccd37dd9673036d803109d6ad682e91e3788e8bc3e4dec812d100524c0da64fbce0145a4cb174d59c5bd074f1f689b9dca15a8b1fcd5205a6a68f55872e4eb9a98c29195862c96ead8dd169cf32e91919e7dbb4c49b5726061cf2ff24a15aa6ac0f5d833123bec42aac85f4a813e5051bb527b55889f8db5f2fbc99852cea41a27122bae5d5c7da8c4abff4aefadd40cf709a85b845b158f828fe7177c040aeb0afd5f4e0fb1d7d9009662b9998ed0f553eb688c828d88e5886fecf84f25e13c1276dd5c5c2efa49099e591c00cd745ede6089c0a6609edc6c5f3dd02860d5e4a0bcf1e7ce44fa1e8cfed58c306e5387d5566f6a61d567f6a74eee9140d962ea459d5e0489bb8eb4288be4c2f26e6ef57d3e34858f41975c59fde0c4069fc541eb52afedbecaa7c3650d8b997ffa7aa1396aa7649089f05852e625d1fcb8cda432444a1ec751a0e279fab8962d522de34a261781f2a613c61fec06fc383fbb787dda860b1ce5040933335630791f0c0369fc2aaf5ad47f117315493840140f0e5004f255a9f720dc2a601378ae97ca54799a211e82a49a97fb1076c270e0faa4361febc502692f875c6367750e1093655a7b4200d0ab1be53b528699b009e23f59b65d11e288b87685412c285c464bd740def5b762530422d5366dc010801bcdca82a65527606d5f16c3e7ff8d911429a2451071f705bfe89c307949a18660fab815ba795e0922509e5370d013322804043a3b132afe38abe99884402a52efd36a2d4ddb1115d0a8f71db84de5f30c10b7a88cd7677b0a928a793ea8f8c42db5ad7f7e11e33b85383b8a229cfb4fb80f75e4f270c610ffeea4d51bea3252b3fab7c8007eb2297f16d7bc57dd7f215df3006697c5580867311a3957160bde1adb04afa0f5c7a82d44ce7b6569a0dcb1da23f8b6ee2bca528b4420b8855d9a3263160a2fa84a198f727412ac6af101719821f26b347b75c990568b55b18ab87a535b33af543cbceec5ad9a9c08d8015a9d92d40ce5b0703dab714fd97ff7006172e96b8c5213dffcc8cdd4805c6de48d12d773de2ab13deff0eefdda6303977d1f2702931f23cfdfbf7ffeea13d8717bb3e621a13c06e6efaac08a4cc0f6f56f3b7be19698422447414943b4840d9fb1ce33f3eef43caff23c0834eee0aebad8adcca98f5b1b6299969160056e174c4b030b1de9dfe64a322d87291c62765d3afeacd4e97c2b54c5287989980d58a0473138eb4e8fc04985d914b7815e7c45634946b054558f00cccc3ea5d2d711867f5446ab13317fb700802af34c61216e80e41e6e177e40cbaccb86fcb6e6d88b7e7c892e8c224e5de0ae5f7b0ee4a9ad7aef72a8fd881a7f7ffdc3acbbcfd096bbe45085e30929bbce61dbf7d3dd1ce80faba2852ab5dcd14c680b85c88816c255da0d0b890ff7ad76f8d94497f13c6788c432c339e094e1c44b535672e97497fdd89b6a0263cb3eb51a1205989b1cbab1d46a433284c4bf5c74ebecb2a90741ccaf197098f9ec46461d78b704c405296d7c51da491554aa0f0800f0347b72c2e47bf2dc1a8760da4a36c70baaa7f577470418c69648e9099ad080f8f92f959f623e39e8e7137a6300afc0fec9c3604873b15e85c65fa590f27df7cc05665288551af1d287bcd1999257467d4ecb9b3f3b2dd4c4bdf66d05f03b0a4c9048b1da7df6c811dede8e3fba51a1a1e7e8388b8535448aac3e4bce74b76bb7588d0607a07a550a6e569182b099361bc2c6adeb71bf93f17baab256ff9cdc406074bacec232a45974567f2e5d9188c30b252349256ce53cb3d4288620eb0a85af88f3aeffaab69df7b4565e711ad7a808fca1eeea580c4abe3f20b90462b5af0e709d775843a97629e3f4026acec3c56baaa969b4b51aa6c3acd8e90f14f1f81371a9923b44ef2f05fa52439afe06da533812f0e20c7d86fc3e573f9ac934b21e8219702b2d25b9029c2fd8b35a5bcdb9ef2404dade20cf812937c2a549f37582d7621216a7a54d79030e98ccfab2e5adb3212b3521c3812ea31e6b3024b74ceb6517e642474abda4a441a032776527af07a5ebd92acab18d0a33546733da39ae3f897fbcbd21921a6c87d1a8886fec16d5d26950e72aaa60fd565e4fef3f08f2d44d2c3fb86ba722fb62b2d62a9029a281e23bb2e0a1bbd7b4222cfae38e3fa9e3b0a1c5af9a715e023209358067196a59366d9d7253b4261233d55b35c79278d8935dd23bdeef54e7fbee1ae059888c2a58ac22fbc8d42c05b5406b75538b4d826cff43c1c1a4b5bb5a4fe1e85989ea50d932566e07281099db168fee5478c4c8cf0fc87d7680eac77c0c5aaccfcc4e3b3cca459571573dc75c8b4d9e470d76c031f1b3f44fb9c96e707edf1d00f7398800cf8e6781ee62cead1ea0cceae6601f7606a628fede098e7e69a1f82f61f3e0dd5eeb5a0de0068daddb71b3705f5744a6082a1213b1c5076e33032731a4fd0e88fd311b43e8f1c0fc794e9f547453685e288342bab2663197e9b6956c8dd48d138859137c289e900052eee1772071535b60317bf17f9966f3dc7e9b857528e26e35d7093947b0aad0a7c0a137c0a77060d7e7f37dc10ab794e46e9251895925c4051c662c5a9a063efa8bf720bafc46f91adfc6543c2aac3413d2f4395eb170cb916b29fe7479de417a3bec6d0812ddfed9dd0d0cffdd66f74d3166975c7565b6ba68d4c735bf0b80816e0f5bdd3debb2950eee0b9a3b32cac65a1163b2b81f2ae6a7cd9a1265a1577f93d1161469e31a3c147d9786e9b511481ca6a73e1e7210581224aefb1c60ce1832d5aa4ee40c51088c1014107d35666036cc80294f7c4881e64ae295dbfcc9137cf69cb47b5f209fa4d668bdeb0058c974018402277493934947c3e855849dc80d6de158f3eb7455cfa4d120ccdf3132ca53082628173f348bfb2c7f89ccba5b1059d533b5b1612bf3f89c54b3387c782f2f8d4d957ad9b1be129dddbf6016e3d3ae9b435ea65204bd880d4f55fcb815251b21c23bdf81abfb80822cf14dd82ff66033e34262129040059b5d76ace877fba206d861484a9c4c30c13211103c5383f8f80f3509c289f546c41b1dbaf99b61c897e8089597d590d6c238a0f073363bad9cb135241f6ea8687250cdbff13967ec5a0165421671aa1ba6a720c5cca037701f6b06ed82d9d689a499c2996d28c502a2f88921d6969efd6752d7d9c1b3ff7ddaf6ea806dfb753504ab034b7ba9317deed63c7b2eaf0626c5cb8b991ef8965ee8e4219e7b3abc4826cc77d3ed3ec03dcfd539d04a5fb0dd84d8ae7abaa2e63ab3", 0xf00}, {&(0x7f0000001d80)="d9d76fc5ed020d14daf16e666402dbb34f05b4293387ef500b7cb520f6793263dd5369b0f4cb8e6c7926cc9c87cc554a87eba5b7601a88ac1f573a5b982e5b45c7fe50ea5a7d8a108919fbffc364aa55cbcaae546c8ae84d403ab1a0af8c0d26dc8be137ce008383bf83d8a680f8272274dd452ca6b12b008ac8598018e0f986fecb67fd70f75ada71da", 0x8a}, {&(0x7f0000001e40)="be73b1adabf81e11053abd04faa65d584eb03391f69032035298178735ce2cad57b5290067243fe92d944a6c97f600de029e94469d3172b9db1e9edf7da4cf09e7757b1146", 0x45}, {&(0x7f0000001ec0)="3894f7d8dbc8611565b635820f7c3b6116293e9332fbd549f799d0c8625ed345cd744d3e19abbfa9a4f4da0bcd16031706db9a6eb122b66315d4b82077d5d717c5dbcec7da6e485c4e8348aec53ab8d436d36afa3dfaa3f733f56012e4792f7c8065ad640f85b481a86ad1844434cb84d8ee76eadf940930d1fea6a577dbd4c209f745b36f54bf12695a46f282e80cc47caf73f2cabcba24c3c1c5e2b1354ed8087d8737ebc98068560a30b50974cd030894f0e9512832160618a9504da9826777dd465b55b3", 0xc6}, {&(0x7f0000001fc0)="6831d9f619d45c9031160ad3d489f5516c785212fcad7436bed3d1db37d32372ff276339e825f3ad2ccf35c60d983d0250d5af37656cbf19b559289025646ab907f142275cb5c447187a5753e6884b45e778547b619cc5b96bd566a84af776a6d3029647518b9da5216d7a9c677be98c3e9eda7262ea5d78d6832221919d7975858dfbb18bada33f8226defd1e47e8044d22bbd9db615ee3af770db11eda97", 0x9f}, {&(0x7f0000002080)="bd125cd87d153cc9d7cf1dd23621d5b8b13ae183cf743c9ce235438e65c1e472", 0x20}, {&(0x7f0000002140)="5e524fd284594b99fa79db342eca2bb6a8aec42644e5d6ea95d0ebcc3ed56f831192e360a823606bf763504cb9acc0a8ac9939e5b548f7515c1de88601a7eb9d521f4145c57bf310a839f72c24b0854629741b76dde90bc363d259ed04a50e944057b2ed530491a7e4fadab338994c6025d0754ace849582530f0213c7f4534a5c6094c3f7c6afb3e62e75e6b37de94b8d8cbab5ad3592ca7d5052ed548eb29de5ada56a3206358290490a2c11d3b6a03dcb5f65dba61e06688c89535038f302b43ae1cff638b4ae06b7e9f1a48f132f4c", 0xd1}, {&(0x7f0000002240)="f1d5800257c36a8d791446172cc51b75e318d481fe0097c02922b137de327916cd2015ca9af608aced8dd1aaa1625be3c36eab74cc117ff4dd7e17d5381026a26d9f3b894e6a68e406e2bfd498e0096019c623a88823d42dcac546ad684c026bbfac61ccadec4eff90d57b7593a48bb998d877a084dff7cafd00e858699b7342d916d230b610fe292245a16c5343a8879c8a69fd67feb033dcc9bfb0cbded8668cf6e04a479a287c6a1bdadb95a2480c1872284c79", 0xb5}], 0x8}}], 0x3, 0x24000809)
madvise(&(0x7f000023f000/0x2000)=nil, 0x2000, 0x13)
setsockopt(0xffffffffffffffff, 0x84, 0x7f, &(0x7f0000000040), 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r9, 0x4400ae8f, &(0x7f0000000380)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ffd3bf79a1f5c5dc34cf2645cbc11c4562d22db8780edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b000000fb354673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0100f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce78754182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f26df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132155fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
sched_setattr(0x0, 0x0, 0x0)

3.365265259s ago: executing program 0 (id=3367):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet(0x2, 0x2, 0x1)
shutdown(r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r4, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)

3.25730421s ago: executing program 5 (id=3368):
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000004c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r2, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r2, 0x0, <r3=>0xffffffffffffffff})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r1, 0x3ba0, &(0x7f0000000300)={0x48, 0x8, r3, 0x0, 0x2fff, 0x1, &(0x7f0000000380)="9b", 0x5})
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"])
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008b04"])
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
r10 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x3)
bind$inet6(r10, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r10, &(0x7f0000000040)={0xa, 0x3, 0x7, @loopback, 0x800000}, 0x1c)

3.25413631s ago: executing program 7 (id=3369):
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000004c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r2, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r2, 0x0, <r3=>0xffffffffffffffff})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r1, 0x3ba0, &(0x7f0000000300)={0x48, 0x8, r3, 0x0, 0x2fff, 0x1, &(0x7f0000000380)="9b", 0x5})
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x1a9d42, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"])
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008b04"])
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r7, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x3)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r9, &(0x7f0000000040)={0xa, 0x3, 0x7, @loopback, 0x800000}, 0x1c)

2.854068943s ago: executing program 0 (id=3370):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8800}, 0x4880)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000200)={0xa, 0xe22, 0x0, @empty, 0x40}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0xd2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffbfff00000000000086dd600489f1002f1100fc010000000000000025030000000000ff02000000000000000000000000000100000e22"], 0x0)

2.659733178s ago: executing program 0 (id=3371):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000700)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x97}]}, &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xb5)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r3, &(0x7f0000000380)={r5, r4, 0x7})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r4, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000080)="d2ff03076003008cb89e08f086dd", 0x0, 0xd8a8, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x219a, 0x4)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f00000001c0)=0x1, 0x4)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1b, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r6, 0xc, &(0x7f00000000c0)={0x0, 0x1}, 0x8}, 0x94)

2.592540121s ago: executing program 5 (id=3372):
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x8, 0x1, 0x3d4}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {}, 0xa6f0cb7b0c62215d})
io_uring_enter(r0, 0x5d3b, 0x3, 0x23, 0x0, 0x49)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x7, &(0x7f0000000100), 0x81)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x77, 0x4)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140), 0x0)
r6 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$alg(r6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x28000054)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$unix(0x1, 0x2, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r9, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000000c0)={@in={{0x2, 0x4e22, @empty}}, 0x0, 0x0, 0x2, 0x0, "de2170420b42866d263a524b8f533db671e3fb462f6e152472578c7e9359d81409d1a02b9c2248e87414c4cfec9913387fd71cf21f357c8ca38ffddab5d147e98ea2b1cdfaf4e9530630c66996c4905b"}, 0xd8)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10)

1.743978513s ago: executing program 0 (id=3373):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000080)='GPL\x00'}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="61123000000000006113100000000000bf2020000000000016000200071b48013f030100000000009500000000000000bc26000000000000bf67000000000000070200000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0x5, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x2, 0x3, 0x84)
socket$inet6(0xa, 0x1, 0x0)
socket(0x10, 0x803, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f0000000880)=r3}, 0x20)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, r5, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000140)=ANY=[], 0x0)

1.684428561s ago: executing program 7 (id=3374):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='contention_end\x00'}, 0x18)
mount(&(0x7f0000000000)=@filename='./cgroup\x00', &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='gfs2meta\x00', 0x20c400, 0x0)

1.310520289s ago: executing program 7 (id=3375):
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x8, 0x1, 0x3d4}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {}, 0xa6f0cb7b0c62215d})
io_uring_enter(r0, 0x5d3b, 0x3, 0x23, 0x0, 0x49)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x7, &(0x7f0000000100), 0x81)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x77, 0x4)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140), 0x0)
r6 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$alg(r6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x28000054)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$unix(0x1, 0x2, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r9, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000000c0)={@in={{0x2, 0x4e22, @empty}}, 0x0, 0x0, 0x2, 0x0, "de2170420b42866d263a524b8f533db671e3fb462f6e152472578c7e9359d81409d1a02b9c2248e87414c4cfec9913387fd71cf21f357c8ca38ffddab5d147e98ea2b1cdfaf4e9530630c66996c4905b"}, 0xd8)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10)

1.300369407s ago: executing program 4 (id=3376):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)

905.078168ms ago: executing program 4 (id=3377):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="400000001400b59500000000000000000a000000", @ANYRES32=r1], 0x40}}, 0x0)

748.886869ms ago: executing program 5 (id=3378):
mincore(&(0x7f0000bfe000/0x400000)=nil, 0x400000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000002440)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_io_uring_setup(0x53f, &(0x7f0000000440)={0x0, 0x807734, 0x400, 0xfffffff8, 0xfe}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f00000002c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47bc, 0x7000000, 0x0, 0x0, 0x0)

192.592703ms ago: executing program 4 (id=3379):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0xb0880, 0x0)
ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000080)=r1)
socket$packet(0x11, 0x3, 0x300) (async)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) (async)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000002a00), r4)
sendmsg$NFC_CMD_DEP_LINK_UP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010025bd7000fbdbdf250400000008000100", @ANYRES32, @ANYBLOB="05000a00fa"], 0x24}, 0x1, 0x0, 0x0, 0x8000000}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) (async)
r6 = socket$inet(0x2, 0x2, 0x2) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r9 = open_tree(0xffffffffffffffff, 0x0, 0x89901)
r10 = syz_io_uring_setup(0x49a, &(0x7f0000000100)={0x0, 0x3f73, 0x2, 0x0, 0x19, 0x0, r9}, &(0x7f0000000340), &(0x7f0000000600)) (async)
r11 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0)
ioctl$CEC_S_MODE(r11, 0x40046109, &(0x7f0000000080)=0xf0)
ioctl$CEC_S_MODE(r11, 0x40046109, &(0x7f0000000100)=0xd0)
io_uring_register$IORING_REGISTER_PBUF_RING(r10, 0x16, &(0x7f0000000040)={&(0x7f0000001000), 0x0, 0x1}, 0x1) (async)
r12 = socket$netlink(0x10, 0x3, 0x0) (async)
r13 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r13, &(0x7f00000000c0), 0x10) (async)
sendmsg$can_bcm(r13, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYRESOCT, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRESHEX=r6, @ANYBLOB="000000000100000000000000063fae8a9ad451"], 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async)
sendmsg$can_bcm(r13, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x5, 0x609f, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @canfd={{0x4, 0x1, 0x1}, 0x35, 0x1, 0x0, 0x0, "f4c85ce4c20804e4a35d1a9231da27fa45a40cffef5c91e8c1c1ba8e3ef95b45784eb8c2d442dedaa507840944258c9fc8b348958eeb1a341e581f39b3f9efba"}}, 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x0)
writev(r12, &(0x7f00000000c0)=[{&(0x7f0000000040)="3900000013000318680907070000000f0000ff3f3f000000170a001700000000040037000d00030001332564aa58b9a64411f6bbf44dc48f57", 0x39}], 0x1)

98.746339ms ago: executing program 7 (id=3380):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$key(0xf, 0x3, 0x2)
gettid()
timer_create(0x2, 0x0, &(0x7f0000000100)=<r1=>0x0)
timer_settime(r1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x100000001, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r6, @ANYBLOB="f7ffffffffffffffb7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r7, r4, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x46, &(0x7f0000000680)=ANY=[], 0x0)
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
sendmsg$key(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x2, 0x4, 0x6, 0x0, 0x4, 0x0, 0x70bd25, 0x25dfdbfc, [@sadb_sa={0x2, 0x1, 0x4d4, 0x80, 0x5, 0x3c, 0x1, 0xe0000000}]}, 0x20}}, 0x40000)
r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_GETOSPACE(r8, 0x8010500c, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
r9 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

0s ago: executing program 5 (id=3381):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x3, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00'}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="61123000000000006113100000000000bf2020000000000016000200071b48013f030100000000009500000000000000bc26000000000000bf67000000000000070200000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0x5, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x2, 0x3, 0x84)
socket$inet6(0xa, 0x1, 0x0)
socket(0x10, 0x803, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f0000000880)=r3}, 0x20)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, r5, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000140)=ANY=[], 0x0)

kernel console output (not intermixed with test programs):

rom the descriptor's value: 66
[  856.068528][ T5921] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  856.112803][ T5921] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  856.189267][ T5921] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  856.199424][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  856.279752][ T5921] usb 3-1: Product: syz
[  856.290010][ T5921] usb 3-1: Manufacturer: syz
[  856.306404][ T5921] cdc_wdm 3-1:1.0: skipping garbage
[  856.311688][ T5921] cdc_wdm 3-1:1.0: skipping garbage
[  856.657308][T16822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  856.657497][ T5921] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  856.690213][T16822] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  856.710602][ T5921] cdc_wdm 3-1:1.0: Unknown control protocol
[  856.808754][   T30] audit: type=1400 audit(1759044559.786:1333): avc:  denied  { map } for  pid=16844 comm="syz.0.2761" path="socket:[52695]" dev="sockfs" ino=52695 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  856.847335][T16848] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2762'.
[  856.879598][T16848] netlink: 'syz.4.2762': attribute type 1 has an invalid length.
[  856.892353][T16848] netlink: 'syz.4.2762': attribute type 2 has an invalid length.
[  856.992991][T16848] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2762'.
[  857.010886][ T5921] usb 3-1: USB disconnect, device number 77
[  857.105548][T16853] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2763'.
[  857.879994][    T9] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[  858.104336][    T9] usb 6-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  858.121938][T16864] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  858.143695][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  858.198465][    T9] usb 6-1: config 0 descriptor??
[  858.206573][    T9] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  858.265521][T16866] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  858.567310][T16869] (unnamed net_device) (uninitialized): down delay (7) is not a multiple of miimon (3), value rounded to 6 ms
[  858.765946][T16869] 8021q: adding VLAN 0 to HW filter on device bond3
[  858.861579][    T9] gp8psk: usb in 128 operation failed.
[  858.999878][T13723] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  859.207499][T16887] nfs: Unknown parameter 'm���bz#h�5[W"'
[  859.250423][T13723] usb 4-1: Using ep0 maxpacket: 16
[  859.640849][T13723] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  859.975099][T13723] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  860.015262][T13723] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  860.046344][T13723] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  860.071053][   T30] audit: type=1400 audit(1759044563.046:1334): avc:  denied  { map } for  pid=16894 comm="syz.2.2775" path="socket:[52862]" dev="sockfs" ino=52862 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  860.094307][    C0] vkms_vblank_simulate: vblank timer overrun
[  860.129769][T13723] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  860.210931][T13723] usb 4-1: config 0 descriptor??
[  860.487938][T16910] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2776'.
[  860.563097][T16876] netlink: 'syz.3.2771': attribute type 6 has an invalid length.
[  860.890173][    T9] gp8psk: usb in 137 operation failed.
[  860.922582][T16876] lo speed is unknown, defaulting to 1000
[  860.922770][    T9] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  860.928376][T16876] lo speed is unknown, defaulting to 1000
[  860.941198][    T9] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  860.958782][T16876] lo speed is unknown, defaulting to 1000
[  861.034386][T16876] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  861.054865][T16876] lo speed is unknown, defaulting to 1000
[  861.252676][T16876] lo speed is unknown, defaulting to 1000
[  861.291209][T16876] lo speed is unknown, defaulting to 1000
[  861.297952][T16876] lo speed is unknown, defaulting to 1000
[  861.304611][T16876] lo speed is unknown, defaulting to 1000
[  861.641044][T16923] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2780'.
[  862.316555][T16936] netlink: 'syz.2.2784': attribute type 6 has an invalid length.
[  862.722074][    T9] usb 6-1: USB disconnect, device number 23
[  863.924795][T16966] tmpfs: Unknown parameter 'uslqu'
[  864.542444][T16976] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  864.549987][T16976] IPv6: NLM_F_CREATE should be set when creating new route
[  864.584548][T16978] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=19207 sclass=netlink_route_socket pid=16978 comm=syz.5.2795
[  864.597814][ T5966] usb 5-1: new full-speed USB device number 92 using dummy_hcd
[  864.740438][ T5966] usb 5-1: device descriptor read/64, error -71
[  864.767543][T16983] netlink: 'syz.2.2796': attribute type 32 has an invalid length.
[  864.980415][ T5966] usb 5-1: new full-speed USB device number 93 using dummy_hcd
[  865.181037][T16986] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2797'.
[  865.308105][T13723] usbhid 4-1:0.0: can't add hid device: -32
[  865.315252][T13723] usbhid 4-1:0.0: probe with driver usbhid failed with error -32
[  865.329781][ T5966] usb 5-1: device descriptor read/64, error -71
[  865.442034][ T5966] usb usb5-port1: attempt power cycle
[  865.599821][T16989] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2798'.
[  865.949877][ T5966] usb 5-1: new full-speed USB device number 94 using dummy_hcd
[  866.050872][ T5966] usb 5-1: device descriptor read/8, error -71
[  866.345228][ T5966] usb 5-1: new full-speed USB device number 95 using dummy_hcd
[  866.371435][ T5966] usb 5-1: device descriptor read/8, error -71
[  866.461772][T17006] nfs: Unknown parameter 'm���bz#h�5[W"'
[  866.803232][ T5966] usb usb5-port1: unable to enumerate USB device
[  867.446489][    T9] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  867.609956][    T9] usb 3-1: Using ep0 maxpacket: 32
[  867.622538][    T9] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  867.642790][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=4002, bcdDevice= 0.40
[  867.656421][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  867.938385][    T9] usb 3-1: Product: ␊
[  867.943016][    T9] usb 3-1: Manufacturer: Ђ
[  867.948279][    T9] usb 3-1: SerialNumber: ࡠ
[  868.571427][    T9] usb 3-1: USB disconnect, device number 78
[  868.590024][ T1206] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  868.867740][ T1206] usb 5-1: config 252 has an invalid interface number: 163 but max is 0
[  868.876321][ T1206] usb 5-1: config 252 has no interface number 0
[  868.882614][ T1206] usb 5-1: config 252 interface 163 altsetting 1 endpoint 0x6 has invalid wMaxPacketSize 0
[  868.970583][   T30] audit: type=1800 audit(1759044571.946:1335): pid=17048 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.5.2813" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  868.992370][    C0] vkms_vblank_simulate: vblank timer overrun
[  868.998465][ T1206] usb 5-1: config 252 interface 163 altsetting 1 bulk endpoint 0x6 has invalid maxpacket 0
[  869.009380][ T1206] usb 5-1: config 252 interface 163 altsetting 1 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[  869.089362][ T1206] usb 5-1: config 252 interface 163 has no altsetting 0
[  869.100600][ T1206] usb 5-1: New USB device found, idVendor=0bfd, idProduct=000e, bcdDevice=c9.a8
[  869.110055][ T1206] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  869.118010][ T1206] usb 5-1: Product: syz
[  869.122233][ T1206] usb 5-1: Manufacturer: syz
[  869.126803][ T1206] usb 5-1: SerialNumber: syz
[  869.145721][ T1206] kvaser_usb 5-1:252.163: error -ENODEV: Cannot get usb endpoint(s)
[  869.384078][T13723] usb 5-1: USB disconnect, device number 96
[  869.631743][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  869.638132][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  870.165860][T17060] nfs: Unknown parameter 'm���bz#h�5[W"'
[  872.558884][T17087] 9pnet_fd: Insufficient options for proto=fd
[  874.280123][T17108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2829'.
[  874.658445][T17116] nfs: Unknown parameter 'm���bz#h�5[W"'
[  875.245453][ T1206] IPVS: starting estimator thread 0...
[  875.409985][T17125] IPVS: using max 45 ests per chain, 108000 per kthread
[  875.628705][ T5845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  875.639028][ T5845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  875.646787][ T5845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  875.654959][ T5845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  875.803081][ T5845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  875.916704][T17132] lo speed is unknown, defaulting to 1000
[  876.122396][T17137] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  876.165678][T17132] chnl_net:caif_netlink_parms(): no params data found
[  876.215840][T17141] netlink: 'syz.5.2836': attribute type 2 has an invalid length.
[  876.296312][T17132] bridge0: port 1(bridge_slave_0) entered blocking state
[  876.310415][T17132] bridge0: port 1(bridge_slave_0) entered disabled state
[  876.317608][T17132] bridge_slave_0: entered allmulticast mode
[  876.324986][T17132] bridge_slave_0: entered promiscuous mode
[  876.333138][T17132] bridge0: port 2(bridge_slave_1) entered blocking state
[  876.343895][T17132] bridge0: port 2(bridge_slave_1) entered disabled state
[  876.351169][T17132] bridge_slave_1: entered allmulticast mode
[  876.358428][T17132] bridge_slave_1: entered promiscuous mode
[  876.424704][T17132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  876.534591][T17132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  876.574004][T17132] team0: Port device team_slave_0 added
[  876.582196][T17132] team0: Port device team_slave_1 added
[  877.118721][T17132] batman_adv: batadv0: Adding interface: batadv_slave_0
[  877.139352][T17132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  877.168545][T17132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  877.194925][T17132] batman_adv: batadv0: Adding interface: batadv_slave_1
[  877.206188][T17132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  877.238515][T17132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  877.372675][T17132] hsr_slave_0: entered promiscuous mode
[  877.386174][T17132] hsr_slave_1: entered promiscuous mode
[  877.392822][T17132] debugfs: 'hsr0' already exists in 'hsr'
[  877.398608][T17132] Cannot create hsr debugfs directory
[  877.625420][T17152] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2838'.
[  877.851043][ T5845] Bluetooth: hci5: command tx timeout
[  877.963844][T17132] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  877.995606][T17132] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  878.101099][T17132] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  879.204003][T17132] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  879.363615][   T30] audit: type=1400 audit(1759044582.326:1336): avc:  denied  { read write } for  pid=17173 comm="syz.0.2844" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  879.679960][   T30] audit: type=1400 audit(1759044582.326:1337): avc:  denied  { open } for  pid=17173 comm="syz.0.2844" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  879.924110][T17196] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  879.931961][ T5845] Bluetooth: hci5: command tx timeout
[  879.981616][T17132] 8021q: adding VLAN 0 to HW filter on device bond0
[  880.041739][T17198] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2846'.
[  880.308812][T17132] 8021q: adding VLAN 0 to HW filter on device team0
[  880.348016][   T30] audit: type=1400 audit(1759044583.326:1338): avc:  denied  { setopt } for  pid=17200 comm="syz.5.2849" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  880.386280][T15191] bridge0: port 1(bridge_slave_0) entered blocking state
[  880.389448][   T30] audit: type=1400 audit(1759044583.326:1339): avc:  denied  { getopt } for  pid=17200 comm="syz.5.2849" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  880.393420][T15191] bridge0: port 1(bridge_slave_0) entered forwarding state
[  880.448680][T15191] bridge0: port 2(bridge_slave_1) entered blocking state
[  880.455811][T15191] bridge0: port 2(bridge_slave_1) entered forwarding state
[  880.456096][   T30] audit: type=1326 audit(1759044583.326:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17200 comm="syz.5.2849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e7558eec9 code=0x7ffc0000
[  880.495538][   T30] audit: type=1326 audit(1759044583.326:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17200 comm="syz.5.2849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f6e7558eec9 code=0x7ffc0000
[  880.630555][   T30] audit: type=1400 audit(1759044583.616:1342): avc:  denied  { bind } for  pid=17202 comm="syz.4.2848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  880.820805][   T30] audit: type=1400 audit(1759044583.636:1343): avc:  denied  { bind } for  pid=17202 comm="syz.4.2848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  880.871246][   T30] audit: type=1400 audit(1759044583.746:1344): avc:  denied  { setopt } for  pid=17202 comm="syz.4.2848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  880.933541][   T30] audit: type=1400 audit(1759044583.776:1345): avc:  denied  { write } for  pid=17202 comm="syz.4.2848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  880.954817][    C0] vkms_vblank_simulate: vblank timer overrun
[  881.159438][T17217] tmpfs: Unknown parameter '01777777777777777777777��d
�p}�[��F�{���5l��T�C�)�i�ڵv7����6~����X�@�g'5�i��;'
[  881.230143][ T5966] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  881.325842][T17132] 8021q: adding VLAN 0 to HW filter on device batadv0
[  881.381553][ T5966] usb 3-1: config index 0 descriptor too short (expected 6436, got 36)
[  881.391731][ T5966] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  881.702764][ T5966] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  881.742962][ T5966] usb 3-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00
[  881.779703][ T5966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  881.806706][ T5966] usb 3-1: config 0 descriptor??
[  881.898917][T17237] netlink: 80 bytes leftover after parsing attributes in process `syz.5.2854'.
[  882.012615][ T5845] Bluetooth: hci5: command tx timeout
[  882.071211][T17244] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  882.264131][ T5966] hid-led 0003:1D34:0004.0020: unknown main item tag 0x0
[  882.399150][T17132] veth0_vlan: entered promiscuous mode
[  882.424431][ T5966] hid-led 0003:1D34:0004.0020: probe with driver hid-led failed with error -71
[  882.437493][T17132] veth1_vlan: entered promiscuous mode
[  882.456305][ T5966] usb 3-1: USB disconnect, device number 79
[  882.477798][T17132] veth0_macvtap: entered promiscuous mode
[  882.512997][T17132] veth1_macvtap: entered promiscuous mode
[  882.538266][T17132] batman_adv: batadv0: Interface activated: batadv_slave_0
[  882.602101][T17132] batman_adv: batadv0: Interface activated: batadv_slave_1
[  882.620109][T17258] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2859'.
[  882.638619][T15191] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  882.656620][T15191] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  882.666932][T15191] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  882.680330][T15191] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  882.743104][T17259] netlink: 'syz.0.2859': attribute type 4 has an invalid length.
[  882.806946][T15191] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  882.810710][T17259] netlink: 'syz.0.2859': attribute type 4 has an invalid length.
[  882.872063][T15191] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  883.176579][T14678] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  883.205516][T14678] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  884.119730][ T5845] Bluetooth: hci5: command tx timeout
[  884.479406][T17291] loop6: detected capacity change from 0 to 63
[  884.496654][T17291] buffer_io_error: 1070 callbacks suppressed
[  884.496686][T17291] Buffer I/O error on dev loop6, logical block 0, async page read
[  884.511378][T17291] Buffer I/O error on dev loop6, logical block 1, async page read
[  884.519975][T17291] Buffer I/O error on dev loop6, logical block 2, async page read
[  884.528730][T17291] Buffer I/O error on dev loop6, logical block 3, async page read
[  884.537620][T17291] Buffer I/O error on dev loop6, logical block 4, async page read
[  884.551280][T17291] Buffer I/O error on dev loop6, logical block 5, async page read
[  884.559522][T17291] Buffer I/O error on dev loop6, logical block 6, async page read
[  884.568149][T17291] Buffer I/O error on dev loop6, logical block 7, async page read
[  884.576397][T17292] Buffer I/O error on dev loop6, logical block 0, async page read
[  884.584346][T17292] Buffer I/O error on dev loop6, logical block 1, async page read
[  884.697751][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  884.697769][   T30] audit: type=1400 audit(1759044587.473:1347): avc:  denied  { map } for  pid=17288 comm="syz.2.2866" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  884.745704][   T30] audit: type=1400 audit(1759044587.473:1348): avc:  denied  { execute } for  pid=17288 comm="syz.2.2866" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  884.770012][    C0] vkms_vblank_simulate: vblank timer overrun
[  884.821308][   T30] audit: type=1400 audit(1759044587.793:1349): avc:  denied  { map } for  pid=17279 comm="syz.5.2864" path="socket:[55371]" dev="sockfs" ino=55371 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  884.894975][T17283] bridge0: port 2(bridge_slave_1) entered disabled state
[  884.903482][T17283] bridge0: port 1(bridge_slave_0) entered disabled state
[  885.009477][T17283] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  885.154965][T17283] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  885.369129][T17303] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2869'.
[  885.453860][T17304] nfs: Unknown parameter 'm���bz#h�5[W"'
[  886.068277][T17283] vlan1: left promiscuous mode
[  886.132325][   T68] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  886.165294][   T68] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  886.199013][   T68] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  886.240687][   T68] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  886.800167][ T5966] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  886.963178][ T5966] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE6, changing to 0x86
[  887.175394][ T5966] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 78, changing to 7
[  887.243471][ T5966] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid maxpacket 25841, setting to 1024
[  887.271145][ T5966] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  887.396622][ T5966] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  887.405793][ T5966] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  887.432977][ T5966] usb 1-1: config 0 descriptor??
[  887.447144][ T5966] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  887.618543][T17347] ip6tnl2: entered promiscuous mode
[  887.623803][T17347] ip6tnl2: entered allmulticast mode
[  887.711341][T17348] fuse: Unknown parameter 'f'
[  888.163659][T17319] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  888.181540][T17319] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  888.269152][ T5966] usb 1-1: USB disconnect, device number 73
[  888.466956][T17357] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  888.559051][T17363] netlink: 80 bytes leftover after parsing attributes in process `syz.5.2885'.
[  889.671839][ T5845] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  889.690351][ T5845] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  889.699031][ T5845] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  889.707212][ T5845] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  889.717519][ T5845] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  889.898784][T17379] lo speed is unknown, defaulting to 1000
[  890.442884][T17388] ceph: No mds server is up or the cluster is laggy
[  891.495954][   T30] audit: type=1400 audit(1759044593.913:1350): avc:  denied  { connect } for  pid=17403 comm="syz.6.2896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  891.589855][   T30] audit: type=1400 audit(1759044594.573:1351): avc:  denied  { read } for  pid=17391 comm="syz.4.2894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  891.628409][T17411] btrfs: Unknown parameter 'barr�er'
[  891.810136][T16697] Bluetooth: hci6: command tx timeout
[  892.087686][T17379] chnl_net:caif_netlink_parms(): no params data found
[  892.757601][T16697] Bluetooth: hci5: unexpected event 0x14 length: 20 > 6
[  893.706626][   T68] bond0 (unregistering): Released all slaves
[  893.727540][   T68] bond1 (unregistering): Released all slaves
[  893.823570][T17454] IPv6: addrconf: prefix option has invalid lifetime
[  893.843199][   T30] audit: type=1400 audit(1759044596.833:1352): avc:  denied  { listen } for  pid=17450 comm="syz.2.2907" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  893.864612][   T68] bond2 (unregistering): Released all slaves
[  893.871165][T16697] Bluetooth: hci6: command tx timeout
[  893.969474][   T68] bond3 (unregistering): Released all slaves
[  894.074678][T17463] netlink: 'syz.4.2909': attribute type 4 has an invalid length.
[  894.143868][T17466] netlink: 'syz.4.2909': attribute type 4 has an invalid length.
[  894.218729][   T68] tipc: Left network mode
[  894.401685][T17379] bridge0: port 1(bridge_slave_0) entered blocking state
[  894.424997][T17462] trusted_key: encrypted_key: master key parameter 'use' is invalid
[  894.553393][T17379] bridge0: port 1(bridge_slave_0) entered disabled state
[  894.561556][T17379] bridge_slave_0: entered allmulticast mode
[  894.603074][T17473] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  894.648887][T17379] bridge_slave_0: entered promiscuous mode
[  894.660676][T17379] bridge0: port 2(bridge_slave_1) entered blocking state
[  894.673570][T17379] bridge0: port 2(bridge_slave_1) entered disabled state
[  894.683153][T17379] bridge_slave_1: entered allmulticast mode
[  894.691071][T17379] bridge_slave_1: entered promiscuous mode
[  894.766852][T17478] binder: Bad value for 'max'
[  894.794943][   T30] audit: type=1400 audit(1759044597.753:1353): avc:  denied  { remount } for  pid=17474 comm="syz.2.2912" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  895.252944][T17379] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  895.391052][T17379] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  895.887501][T17379] team0: Port device team_slave_0 added
[  895.940933][T16697] Bluetooth: hci6: command tx timeout
[  896.002262][T17379] team0: Port device team_slave_1 added
[  896.100365][T17379] batman_adv: batadv0: Adding interface: batadv_slave_0
[  896.122184][T17379] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  896.390077][T17379] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  896.422521][T17379] batman_adv: batadv0: Adding interface: batadv_slave_1
[  896.429525][T17379] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  896.459641][T17379] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  896.555477][T17379] hsr_slave_0: entered promiscuous mode
[  896.567785][T17379] hsr_slave_1: entered promiscuous mode
[  896.590210][T17379] debugfs: 'hsr0' already exists in 'hsr'
[  896.606458][T17379] Cannot create hsr debugfs directory
[  896.963760][T17492] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  897.003684][T17492] picdev_read: 77 callbacks suppressed
[  897.003721][T17492] kvm: pic: non byte read
[  897.068614][T17492] kvm: pic: level sensitive irq not supported
[  897.068726][T17492] kvm: pic: non byte read
[  897.110975][T17492] kvm: pic: single mode not supported
[  897.111043][T17492] kvm: pic: non byte read
[  897.146072][T17492] kvm: pic: single mode not supported
[  897.146172][T17492] kvm: pic: non byte read
[  897.156749][T17492] kvm: pic: single mode not supported
[  897.156802][T17492] kvm: pic: non byte read
[  897.167972][T17492] kvm: pic: single mode not supported
[  897.167984][T17492] kvm: pic: level sensitive irq not supported
[  897.187195][T17492] kvm: pic: non byte read
[  897.371739][T17379] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  897.423914][T17379] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  897.471364][T17379] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  897.532098][ T5966] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  897.902619][ T5966] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  897.911767][ T5966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  897.954459][ T5966] usb 3-1: config 0 descriptor??
[  897.954943][T17379] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  898.019707][T16697] Bluetooth: hci6: command tx timeout
[  898.213954][ T5966] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  898.681343][T17379] 8021q: adding VLAN 0 to HW filter on device bond0
[  898.876762][T17379] 8021q: adding VLAN 0 to HW filter on device team0
[  899.007047][T15194] bridge0: port 1(bridge_slave_0) entered blocking state
[  899.014242][T15194] bridge0: port 1(bridge_slave_0) entered forwarding state
[  899.031235][ T9922] bridge0: port 2(bridge_slave_1) entered blocking state
[  899.039837][ T9922] bridge0: port 2(bridge_slave_1) entered forwarding state
[  899.078730][T17536] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  899.097948][T16697] Bluetooth: hci5: unexpected event 0x14 length: 20 > 6
[  899.452076][T17543] FAULT_INJECTION: forcing a failure.
[  899.452076][T17543] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  899.505703][T17543] CPU: 1 UID: 0 PID: 17543 Comm: syz.6.2928 Not tainted syzkaller #0 PREEMPT(full) 
[  899.505730][T17543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  899.505740][T17543] Call Trace:
[  899.505747][T17543]  <TASK>
[  899.505755][T17543]  dump_stack_lvl+0x16c/0x1f0
[  899.505787][T17543]  should_fail_ex+0x512/0x640
[  899.505815][T17543]  _copy_to_user+0x32/0xd0
[  899.505844][T17543]  simple_read_from_buffer+0xcb/0x170
[  899.505866][T17543]  proc_fail_nth_read+0x197/0x240
[  899.505889][T17543]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  899.505912][T17543]  ? rw_verify_area+0xcf/0x6c0
[  899.505938][T17543]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  899.505959][T17543]  vfs_read+0x1e4/0xcf0
[  899.505982][T17543]  ? __pfx___mutex_lock+0x10/0x10
[  899.506005][T17543]  ? __pfx_vfs_read+0x10/0x10
[  899.506031][T17543]  ? __fget_files+0x20e/0x3c0
[  899.506049][T17543]  ? rcu_watching_snap_stopped_since+0x50/0x110
[  899.506083][T17543]  ksys_read+0x12a/0x250
[  899.506101][T17543]  ? __pfx_ksys_read+0x10/0x10
[  899.506129][T17543]  do_syscall_64+0xcd/0x4e0
[  899.506155][T17543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  899.506173][T17543] RIP: 0033:0x7f351a18d8dc
[  899.506188][T17543] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  899.506205][T17543] RSP: 002b:00007f351b073030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  899.506222][T17543] RAX: ffffffffffffffda RBX: 00007f351a3e5fa0 RCX: 00007f351a18d8dc
[  899.506234][T17543] RDX: 000000000000000f RSI: 00007f351b0730a0 RDI: 0000000000000008
[  899.506244][T17543] RBP: 00007f351b073090 R08: 0000000000000000 R09: 0000000000000000
[  899.506254][T17543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  899.506265][T17543] R13: 00007f351a3e6038 R14: 00007f351a3e5fa0 R15: 00007fffb43aa5d8
[  899.506290][T17543]  </TASK>
[  900.033074][ T5966] [drm:udl_init] *ERROR* Selecting channel failed
[  900.132638][T17379] 8021q: adding VLAN 0 to HW filter on device batadv0
[  900.172026][T17379] veth0_vlan: entered promiscuous mode
[  900.185717][T17379] veth1_vlan: entered promiscuous mode
[  900.338734][T17558] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2932'.
[  900.413302][ T5966] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2
[  900.618578][T17379] veth0_macvtap: entered promiscuous mode
[  900.632180][ T5966] [drm] Initialized udl on minor 2
[  901.038841][T17560] syz.5.2930 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  901.268220][T17379] veth1_macvtap: entered promiscuous mode
[  901.279566][T17379] batman_adv: batadv0: Interface activated: batadv_slave_0
[  901.293448][T17379] batman_adv: batadv0: Interface activated: batadv_slave_1
[  901.327241][T17562] IPv6: addrconf: prefix option has invalid lifetime
[  901.336307][ T5966] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  901.356008][T15204] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  901.366125][ T5966] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  901.374124][   T57] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  901.523539][   T57] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  901.682820][ T5966] usb 3-1: USB disconnect, device number 80
[  901.706593][   T57] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  901.729454][T15204] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  901.746148][T15204] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  901.797383][T15204] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  901.917670][   T30] audit: type=1400 audit(1759044604.903:1354): avc:  denied  { mount } for  pid=17569 comm="syz.4.2936" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  902.452667][   T30] audit: type=1400 audit(1759044604.933:1355): avc:  denied  { mounton } for  pid=17569 comm="syz.4.2936" path="/611/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[  902.814524][T17578] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  903.168825][T17584] comedi comedi0: Minor 44 could not be opened
[  903.222618][T14678] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  903.233903][T14678] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  903.262889][T14678] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  903.272975][T14678] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  903.359756][   T30] audit: type=1400 audit(1759044606.343:1356): avc:  denied  { unmount } for  pid=5846 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  904.865677][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  904.881788][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  904.890460][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  904.898034][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  904.905766][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  904.934231][T17602] lo speed is unknown, defaulting to 1000
[  904.964876][T17612] IPv6: addrconf: prefix option has invalid lifetime
[  905.449794][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  905.590441][ T6298] syz_tun (unregistering): left allmulticast mode
[  906.475532][T16697] Bluetooth: hci5: unexpected event 0x14 length: 20 > 6
[  906.482358][T17634] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  906.594933][T17632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2949'.
[  906.598578][T17602] chnl_net:caif_netlink_parms(): no params data found
[  907.011612][T16697] Bluetooth: hci3: command tx timeout
[  907.649160][T17602] bridge0: port 1(bridge_slave_0) entered blocking state
[  907.662184][T17602] bridge0: port 1(bridge_slave_0) entered disabled state
[  907.671712][T17602] bridge_slave_0: entered allmulticast mode
[  907.685911][T17602] bridge_slave_0: entered promiscuous mode
[  907.698299][T17651] lo speed is unknown, defaulting to 1000
[  907.698999][T17602] bridge0: port 2(bridge_slave_1) entered blocking state
[  907.719090][T17602] bridge0: port 2(bridge_slave_1) entered disabled state
[  907.729175][T17602] bridge_slave_1: entered allmulticast mode
[  907.736460][T17602] bridge_slave_1: entered promiscuous mode
[  907.998273][T17602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  908.019094][T17602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  908.110557][  T975] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  908.191025][T17602] team0: Port device team_slave_0 added
[  908.280682][  T975] usb 1-1: Using ep0 maxpacket: 8
[  908.297453][  T975] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[  908.318397][T17602] team0: Port device team_slave_1 added
[  908.364481][  T975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  908.400222][  T975] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  908.416915][  T975] usb 1-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad
[  908.432777][T17602] batman_adv: batadv0: Adding interface: batadv_slave_0
[  908.445274][  T975] usb 1-1: New USB device strings: Mfr=55, Product=237, SerialNumber=3
[  908.455752][T17602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  908.483224][  T975] usb 1-1: Product: syz
[  908.499763][  T975] usb 1-1: Manufacturer: syz
[  908.512075][  T975] usb 1-1: SerialNumber: syz
[  908.529457][  T975] usb 1-1: config 0 descriptor??
[  908.536497][T17602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  908.550966][  T975] smsusb:smsusb_probe: board id=2, interface number 0
[  908.566721][  T975] smsusb:smsusb_probe: Device initialized with return code -19
[  908.690818][T17602] batman_adv: batadv0: Adding interface: batadv_slave_1
[  908.708924][T17602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  908.770785][T17602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  908.804223][T17661] mac80211_hwsim hwsim20 wlan0: entered promiscuous mode
[  908.815897][T17661] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2954'.
[  908.874061][T17602] hsr_slave_0: entered promiscuous mode
[  908.880521][T17602] hsr_slave_1: entered promiscuous mode
[  908.886384][T17602] debugfs: 'hsr0' already exists in 'hsr'
[  908.894813][T17602] Cannot create hsr debugfs directory
[  909.049784][T16697] Bluetooth: hci3: command tx timeout
[  909.250769][T17602] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  909.261481][T17602] netdevsim netdevsim4 eth3 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0
[  909.272641][T17602] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.291597][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  909.370216][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  909.443622][T17602] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  909.466177][  T975] usb 1-1: USB disconnect, device number 74
[  909.525055][T17602] netdevsim netdevsim4 eth2 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0
[  909.627385][T17602] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.891868][T16697] Bluetooth: hci6: unexpected event 0x14 length: 20 > 6
[  909.902584][T17684] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  909.987406][T17602] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  910.004885][T17602] netdevsim netdevsim4 eth1 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0
[  910.017429][T17602] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  910.055914][   T30] audit: type=1400 audit(1759044613.043:1357): avc:  denied  { append } for  pid=17687 comm="syz.0.2963" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  910.092234][T17602] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  910.103507][T17602] netdevsim netdevsim4 eth0 (unregistering): unset [0, 1] type 1 family 0 port 2816 - 0
[  910.123346][T17602] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  910.299969][  T975] usb 6-1: new low-speed USB device number 24 using dummy_hcd
[  910.454756][  T975] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  910.537863][  T975] usb 6-1: config 179 has no interface number 0
[  910.575640][T17696] netlink: 'syz.6.2964': attribute type 10 has an invalid length.
[  910.626116][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  910.636566][  T975] usb 6-1: config 179 interface 65 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  910.665883][  T975] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  910.677467][  T975] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x87 has invalid maxpacket 65535, setting to 8
[  910.689284][  T975] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 10
[  910.700741][  T975] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  910.708893][T17696] veth0_vlan: left promiscuous mode
[  910.711377][  T975] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  910.717970][T17696] veth0_vlan: entered promiscuous mode
[  910.733627][  T975] usb 6-1: New USB device found, idVendor=12ab, idProduct=0000, bcdDevice=1e.eb
[  910.744766][  T975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  910.756452][T17686] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  910.758498][T17696] team0: Device veth0_vlan failed to register rx_handler
[  910.827805][T17602] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  910.839238][T17602] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  910.858954][T17602] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  910.869512][T17602] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  910.916794][T17700] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  911.009118][T17602] 8021q: adding VLAN 0 to HW filter on device bond0
[  911.070496][T17602] 8021q: adding VLAN 0 to HW filter on device team0
[  911.130267][T16697] Bluetooth: hci3: command tx timeout
[  911.160156][T15191] bridge0: port 1(bridge_slave_0) entered blocking state
[  911.167381][T15191] bridge0: port 1(bridge_slave_0) entered forwarding state
[  911.246174][T17711] IPv6: addrconf: prefix option has invalid lifetime
[  911.442578][ T9935] bridge0: port 2(bridge_slave_1) entered blocking state
[  911.449719][ T9935] bridge0: port 2(bridge_slave_1) entered forwarding state
[  911.691915][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  912.021391][T16697] Bluetooth: hci6: unexpected event 0x14 length: 20 > 6
[  912.131995][T17602] 8021q: adding VLAN 0 to HW filter on device batadv0
[  912.330728][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  912.659016][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  912.669729][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  912.786169][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  913.273486][T16697] Bluetooth: hci3: command tx timeout
[  913.316387][ T1206] usb 6-1: USB disconnect, device number 24
[  913.588625][   T30] audit: type=1800 audit(1759044616.563:1358): pid=17752 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.5.2975" name="SYSV798dd82a" dev="tmpfs" ino=0 res=0 errno=0
[  913.785006][T17602] veth0_vlan: entered promiscuous mode
[  913.806389][T17602] veth1_vlan: entered promiscuous mode
[  914.061307][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  914.067295][T17602] veth0_macvtap: entered promiscuous mode
[  914.099417][T17602] veth1_macvtap: entered promiscuous mode
[  914.133079][T17602] batman_adv: batadv0: Interface activated: batadv_slave_0
[  914.152935][T17602] batman_adv: batadv0: Interface activated: batadv_slave_1
[  914.175056][ T9950] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  914.184158][ T9950] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  914.213010][ T9950] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  914.257661][ T9950] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  914.376309][ T9950] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  914.404850][ T9950] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  914.471511][T14678] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  914.482082][T14678] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  914.844953][T17772] overlayfs: missing 'lowerdir'
[  915.050130][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  915.109850][T13723] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  915.256833][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  915.391279][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  915.536242][T17785] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2984'.
[  915.757870][T13723] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x1B, changing to 0xB
[  915.812352][T13723] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 53628, setting to 64
[  915.857121][T17788] netlink: 72 bytes leftover after parsing attributes in process `syz.6.2986'.
[  916.043209][T17792] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2985'.
[  916.134116][T17788] netlink: 72 bytes leftover after parsing attributes in process `syz.6.2986'.
[  916.180666][T13723] usb 1-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  916.244328][T13723] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  916.331828][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  916.381772][T13723] usb 1-1: Product: syz
[  916.386010][T13723] usb 1-1: Manufacturer: syz
[  916.416650][T13723] usb 1-1: SerialNumber: syz
[  916.477400][T13723] usb 1-1: config 0 descriptor??
[  916.501223][T13723] powermate 1-1:0.0: probe with driver powermate failed with error -5
[  916.700907][ T1206] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  916.818330][T17805] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2989'.
[  917.242059][   T30] audit: type=1400 audit(1759044620.223:1359): avc:  denied  { mount } for  pid=17806 comm="syz.6.2990" name="/" dev="hugetlbfs" ino=58196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  917.334314][ T1206] usb 5-1: Using ep0 maxpacket: 32
[  917.343266][ T1206] usb 5-1: unable to read config index 0 descriptor/start: -61
[  917.355855][ T1206] usb 5-1: can't read configurations, error -61
[  917.367486][T17808] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2990'.
[  917.377114][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  917.498972][ T1206] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[  917.819969][ T1206] usb 5-1: Using ep0 maxpacket: 32
[  917.846102][ T1206] usb 5-1: unable to read config index 0 descriptor/start: -61
[  917.857301][ T1206] usb 5-1: can't read configurations, error -61
[  917.860825][T17819] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  917.867250][ T1206] usb usb5-port1: attempt power cycle
[  917.984849][T17820] netlink: 48 bytes leftover after parsing attributes in process `syz.6.2994'.
[  918.075282][T17826] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2995'.
[  918.259309][T16697] Bluetooth: hci5: unexpected event 0x14 length: 20 > 6
[  918.266255][T17829] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  918.282096][ T1206] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[  918.290990][T17829] FAULT_INJECTION: forcing a failure.
[  918.290990][T17829] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  918.304060][T17829] CPU: 0 UID: 0 PID: 17829 Comm: syz.6.2996 Not tainted syzkaller #0 PREEMPT(full) 
[  918.304074][T17829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  918.304080][T17829] Call Trace:
[  918.304084][T17829]  <TASK>
[  918.304088][T17829]  dump_stack_lvl+0x16c/0x1f0
[  918.304105][T17829]  should_fail_ex+0x512/0x640
[  918.304121][T17829]  _copy_from_user+0x2e/0xd0
[  918.304137][T17829]  mctp_ioctl_tag_copy_from_user+0xaf/0x340
[  918.304152][T17829]  ? __pfx_mctp_ioctl_tag_copy_from_user+0x10/0x10
[  918.304171][T17829]  ? kasan_quarantine_put+0x10a/0x240
[  918.304183][T17829]  ? lockdep_hardirqs_on+0x7c/0x110
[  918.304199][T17829]  mctp_ioctl+0x135/0x6e0
[  918.304214][T17829]  ? __pfx_mctp_ioctl+0x10/0x10
[  918.304227][T17829]  ? tomoyo_path_number_perm+0x18d/0x580
[  918.304246][T17829]  sock_do_ioctl+0x118/0x280
[  918.304263][T17829]  ? __pfx_sock_do_ioctl+0x10/0x10
[  918.304282][T17829]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  918.304299][T17829]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  918.304317][T17829]  sock_ioctl+0x227/0x6b0
[  918.304328][T17829]  ? __pfx_sock_ioctl+0x10/0x10
[  918.304336][T17829]  ? hook_file_ioctl_common+0x145/0x410
[  918.304351][T17829]  ? selinux_file_ioctl+0x180/0x270
[  918.304365][T17829]  ? selinux_file_ioctl+0xb4/0x270
[  918.304382][T17829]  ? __pfx_sock_ioctl+0x10/0x10
[  918.304393][T17829]  __x64_sys_ioctl+0x18e/0x210
[  918.304410][T17829]  do_syscall_64+0xcd/0x4e0
[  918.304425][T17829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  918.304436][T17829] RIP: 0033:0x7f351a18eec9
[  918.304445][T17829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  918.304456][T17829] RSP: 002b:00007f351b073038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  918.304466][T17829] RAX: ffffffffffffffda RBX: 00007f351a3e5fa0 RCX: 00007f351a18eec9
[  918.304473][T17829] RDX: 0000200000000140 RSI: 00000000000089e1 RDI: 0000000000000008
[  918.304479][T17829] RBP: 00007f351b073090 R08: 0000000000000000 R09: 0000000000000000
[  918.304485][T17829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  918.304491][T17829] R13: 00007f351a3e6038 R14: 00007f351a3e5fa0 R15: 00007fffb43aa5d8
[  918.304505][T17829]  </TASK>
[  918.409967][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  918.412099][    C0] vkms_vblank_simulate: vblank timer overrun
[  918.541441][    C0] vkms_vblank_simulate: vblank timer overrun
[  918.565010][   T10] usb 1-1: USB disconnect, device number 75
[  918.574518][ T1206] usb 5-1: Using ep0 maxpacket: 32
[  918.797836][ T1206] usb 5-1: unable to read config index 0 descriptor/start: -61
[  918.818912][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  918.845047][ T1206] usb 5-1: can't read configurations, error -61
[  918.849717][ T5966] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  918.865734][T17831] macvlan2: entered promiscuous mode
[  918.873470][T17831] macvlan2: entered allmulticast mode
[  918.989670][ T1206] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  918.999673][ T5966] usb 6-1: Using ep0 maxpacket: 8
[  919.025857][ T5966] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  919.040210][ T5966] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  919.063007][ T5966] usb 6-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  919.080534][ T1206] usb 5-1: Using ep0 maxpacket: 32
[  919.083703][ T5966] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  919.097173][ T5966] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  919.109129][ T1206] usb 5-1: unable to read config index 0 descriptor/start: -61
[  919.112833][ T5966] usbtmc 6-1:16.0: bulk endpoints not found
[  919.143159][ T1206] usb 5-1: can't read configurations, error -61
[  919.161876][ T1206] usb usb5-port1: unable to enumerate USB device
[  919.554192][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  919.571711][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  919.849246][T17850] netlink: 'syz.0.3003': attribute type 6 has an invalid length.
[  919.889835][T17851] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3001'.
[  920.652067][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  920.872676][T17856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  920.886111][T17856] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  921.228686][T17863] fuse: Unknown parameter '0x0000000000000003'
[  921.375160][T17864] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  921.627949][T17867] comedi comedi0: Minor 44 could not be opened
[  921.690250][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  922.090066][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  922.122271][T17876] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3009'.
[  922.457907][T16697] Bluetooth: hci5: unexpected event 0x14 length: 20 > 6
[  922.514677][ T1206] usb 6-1: USB disconnect, device number 25
[  922.570724][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  922.730306][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  922.738403][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  923.119962][   T10] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  923.614737][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  923.625310][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  923.635179][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  923.645929][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  923.657139][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  923.680464][   T10] usb 1-1: device descriptor read/64, error -71
[  923.730866][T17900] lo speed is unknown, defaulting to 1000
[  923.859672][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  924.910196][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  924.921032][   T10] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  925.309024][   T10] usb 1-1: device descriptor read/64, error -71
[  925.430276][   T10] usb usb1-port1: attempt power cycle
[  925.610138][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  925.713509][T17900] chnl_net:caif_netlink_parms(): no params data found
[  925.769817][ T5845] Bluetooth: hci1: command tx timeout
[  925.933182][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  925.939925][   T10] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[  926.243816][T17900] bridge0: port 1(bridge_slave_0) entered blocking state
[  926.335474][T17939] comedi comedi0: Minor 44 could not be opened
[  926.405043][   T10] usb 1-1: device not accepting address 78, error -71
[  926.415262][T17900] bridge0: port 1(bridge_slave_0) entered disabled state
[  926.422604][T17900] bridge_slave_0: entered allmulticast mode
[  926.441103][T17900] bridge_slave_0: entered promiscuous mode
[  926.459087][T17900] bridge0: port 2(bridge_slave_1) entered blocking state
[  926.472588][T17900] bridge0: port 2(bridge_slave_1) entered disabled state
[  926.481937][T17900] bridge_slave_1: entered allmulticast mode
[  926.488623][T17900] bridge_slave_1: entered promiscuous mode
[  926.528893][T17900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  926.541789][T17900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  926.578966][T17900] team0: Port device team_slave_0 added
[  926.589518][T17900] team0: Port device team_slave_1 added
[  926.654139][T17900] batman_adv: batadv0: Adding interface: batadv_slave_0
[  926.662724][T17900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  926.759924][   T10] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  926.780128][   T10] usb 1-1: Using ep0 maxpacket: 8
[  926.786423][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  926.793009][T17900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  926.800993][   T10] usb 1-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  926.939134][T17900] batman_adv: batadv0: Adding interface: batadv_slave_1
[  926.947028][T17900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  927.065189][T17952] comedi comedi0: Minor 44 could not be opened
[  927.118031][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  927.170370][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  927.180037][   T10] usb 1-1: Product: syz
[  927.189670][   T10] usb 1-1: Manufacturer: syz
[  927.195347][   T10] usb 1-1: SerialNumber: syz
[  927.204629][   T10] usb 1-1: config 0 descriptor??
[  927.220865][   T10] gspca_main: stk014-2.14.0 probing 05e1:0893
[  927.221765][T17900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  927.245667][   T10] usb 1-1: selecting invalid altsetting 1
[  927.387087][T17954] overlayfs: overlapping lowerdir path
[  927.425141][   T10] gspca_stk014: reg_r err -71
[  927.433260][   T10] stk014 1-1:0.0: probe with driver stk014 failed with error -71
[  927.482381][   T10] usb 1-1: USB disconnect, device number 79
[  927.505898][T17900] hsr_slave_0: entered promiscuous mode
[  927.538626][T17900] hsr_slave_1: entered promiscuous mode
[  927.553466][T17900] debugfs: 'hsr0' already exists in 'hsr'
[  927.574077][T17900] Cannot create hsr debugfs directory
[  927.721601][T17957] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3030'.
[  927.850896][ T5845] Bluetooth: hci1: command tx timeout
[  928.174433][T17977] nfs: Unknown parameter 'm���bz#h�5[W"'
[  928.650144][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  928.737300][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  929.753602][T17900] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  929.766279][T17900] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  929.775894][   T30] audit: type=1400 audit(1759044632.750:1360): avc:  denied  { connect } for  pid=17985 comm="syz.0.3040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  929.776248][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  929.796710][   T30] audit: type=1400 audit(1759044632.760:1361): avc:  denied  { bind } for  pid=17985 comm="syz.0.3040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  929.828652][T17900] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  929.837513][   T30] audit: type=1400 audit(1759044632.760:1362): avc:  denied  { write } for  pid=17985 comm="syz.0.3040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  929.869153][T17900] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  929.963916][ T5845] Bluetooth: hci1: command tx timeout
[  930.110744][T18010] comedi comedi0: Minor 44 could not be opened
[  930.519215][T18017] netlink: 'syz.6.3046': attribute type 6 has an invalid length.
[  930.580112][   T30] audit: type=1400 audit(1759044633.550:1363): avc:  denied  { append } for  pid=18018 comm="syz.6.3048" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  930.644443][T17900] 8021q: adding VLAN 0 to HW filter on device bond0
[  930.758657][T17900] 8021q: adding VLAN 0 to HW filter on device team0
[  930.812364][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  931.068527][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  931.084696][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  931.131580][T14678] bridge0: port 1(bridge_slave_0) entered blocking state
[  931.138767][T14678] bridge0: port 1(bridge_slave_0) entered forwarding state
[  931.177794][   T30] audit: type=1400 audit(1759044634.160:1364): avc:  denied  { setopt } for  pid=18030 comm="syz.5.3051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  931.199414][T14678] bridge0: port 2(bridge_slave_1) entered blocking state
[  931.206537][T14678] bridge0: port 2(bridge_slave_1) entered forwarding state
[  931.287474][T17900] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  931.700590][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  931.851521][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  932.010008][ T5845] Bluetooth: hci1: command tx timeout
[  932.078962][T17900] 8021q: adding VLAN 0 to HW filter on device batadv0
[  932.330657][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  932.580111][T18067] netlink: 'syz.4.3056': attribute type 1 has an invalid length.
[  932.759936][T18067] netlink: 228 bytes leftover after parsing attributes in process `syz.4.3056'.
[  932.894879][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  932.965526][T17900] veth0_vlan: entered promiscuous mode
[  932.987340][T17900] veth1_vlan: entered promiscuous mode
[  933.120060][ T5845] Bluetooth: hci5: unexpected event 0x14 length: 20 > 6
[  933.135878][T17900] veth0_macvtap: entered promiscuous mode
[  933.166195][T17900] veth1_macvtap: entered promiscuous mode
[  933.196057][T18078] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3062'.
[  933.265146][T17900] batman_adv: batadv0: Interface activated: batadv_slave_0
[  933.296267][   T30] audit: type=1400 audit(1759044636.280:1365): avc:  denied  { ioctl } for  pid=18080 comm="syz.6.3063" path="socket:[60079]" dev="sockfs" ino=60079 ioctlcmd=0x8941 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  933.300615][T17900] batman_adv: batadv0: Interface activated: batadv_slave_1
[  933.321139][    C0] vkms_vblank_simulate: vblank timer overrun
[  933.348122][   T30] audit: type=1400 audit(1759044636.330:1366): avc:  denied  { read } for  pid=18080 comm="syz.6.3063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  933.388350][T15191] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  933.407441][T15191] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  933.515326][ T9935] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  933.524788][ T9935] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  934.013099][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  934.115605][ T9935] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  934.134211][ T9935] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  934.251214][ T9950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  934.268355][ T9950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  934.370381][  T975] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  934.538078][  T975] usb 6-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config
[  934.539386][T18098] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3068'.
[  934.549479][  T975] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  934.579673][T18098] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3068'.
[  934.584442][  T975] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  934.620213][T18098] veth0_macvtap: left promiscuous mode
[  934.673742][  T975] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  934.705907][  T975] usb 6-1: SerialNumber: syz
[  934.740089][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  935.032072][ T5845] Bluetooth: hci5: unexpected event 0x14 length: 20 > 6
[  935.050326][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  935.192461][T18108] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3012'.
[  935.367663][ T5845] Bluetooth: hci3: unexpected event 0x14 length: 20 > 6
[  935.511663][ T5845] Bluetooth: hci5: unexpected event 0x14 length: 20 > 6
[  936.093721][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  936.462201][   T30] audit: type=1800 audit(1759044639.120:1367): pid=18129 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.6.3074" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  937.144634][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  937.260838][  T975] usb 6-1: 0:2 : does not exist
[  937.283011][  T975] usb 6-1: USB disconnect, device number 26
[  937.340470][ T5908] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[  937.489736][ T5908] usb 5-1: Using ep0 maxpacket: 16
[  937.492795][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  937.693308][ T5908] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  937.742936][ T5908] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice=5f.00
[  937.782218][ T5908] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  937.795448][ T5908] usb 5-1: config 0 descriptor??
[  937.809045][ T5908] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input50
[  938.099183][T18150] comedi comedi0: Minor 44 could not be opened
[  938.170473][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  939.211157][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  939.325405][ T5845] Bluetooth: hci6: unexpected event 0x14 length: 20 > 6
[  939.558747][ T5204] bcm5974 5-1:0.0: could not read from device
[  939.778875][ T5845] Bluetooth: hci1: unexpected event 0x14 length: 20 > 6
[  939.789896][ T5908] bcm5974 5-1:0.0: could not read from device
[  939.842648][ T5204] bcm5974 5-1:0.0: could not read from device
[  940.191304][ T5908] input: failed to attach handler mousedev to device input50, error: -5
[  940.224331][T18176] vivid-003: =================  START STATUS  =================
[  940.234337][ T5204] bcm5974 5-1:0.0: could not read from device
[  940.252856][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  940.263810][ T5908] usb 5-1: USB disconnect, device number 101
[  940.269871][T18176] vivid-003: Radio HW Seek Mode: Bounded
[  940.279471][ T5204] bcm5974 5-1:0.0: could not read from device
[  940.308371][T18176] vivid-003: Radio Programmable HW Seek: false
[  940.348359][T18176] vivid-003: RDS Rx I/O Mode: Block I/O
[  940.444141][T18176] vivid-003: Generate RBDS Instead of RDS: false
[  940.460057][   T30] audit: type=1400 audit(1759044643.440:1368): avc:  denied  { map } for  pid=18172 comm="syz.4.3089" path="socket:[60287]" dev="sockfs" ino=60287 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  940.572319][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  940.581067][   T30] audit: type=1400 audit(1759044643.440:1369): avc:  denied  { read } for  pid=18172 comm="syz.4.3089" path="socket:[60287]" dev="sockfs" ino=60287 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  940.635294][T18176] vivid-003: RDS Reception: true
[  940.682060][T18176] vivid-003: RDS Program Type: 0 inactive
[  940.742381][T18176] vivid-003: RDS PS Name:  inactive
[  940.798302][T18176] vivid-003: RDS Radio Text:  inactive
[  940.808980][T18192] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  940.821085][T18182] IPVS: stopping master sync thread 18192 ...
[  940.828904][T18176] vivid-003: RDS Traffic Announcement: false inactive
[  940.836655][T18176] vivid-003: RDS Traffic Program: false inactive
[  940.856248][T18176] vivid-003: RDS Music: false inactive
[  940.863656][T18176] vivid-003: ==================  END STATUS  ==================
[  940.906017][T18187] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  941.473536][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  941.653559][T18203] FAULT_INJECTION: forcing a failure.
[  941.653559][T18203] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  941.667201][T18203] CPU: 0 UID: 0 PID: 18203 Comm: syz.7.3094 Not tainted syzkaller #0 PREEMPT(full) 
[  941.667225][T18203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  941.667236][T18203] Call Trace:
[  941.667242][T18203]  <TASK>
[  941.667249][T18203]  dump_stack_lvl+0x16c/0x1f0
[  941.667275][T18203]  should_fail_ex+0x512/0x640
[  941.667301][T18203]  _copy_to_user+0x32/0xd0
[  941.667327][T18203]  simple_read_from_buffer+0xcb/0x170
[  941.667348][T18203]  proc_fail_nth_read+0x197/0x240
[  941.667369][T18203]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  941.667392][T18203]  ? rw_verify_area+0xcf/0x6c0
[  941.667418][T18203]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  941.667438][T18203]  vfs_read+0x1e4/0xcf0
[  941.667460][T18203]  ? __pfx___mutex_lock+0x10/0x10
[  941.667483][T18203]  ? __pfx_vfs_read+0x10/0x10
[  941.667509][T18203]  ? __fget_files+0x20e/0x3c0
[  941.667536][T18203]  ksys_read+0x12a/0x250
[  941.667553][T18203]  ? __pfx_ksys_read+0x10/0x10
[  941.667579][T18203]  do_syscall_64+0xcd/0x4e0
[  941.667605][T18203]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  941.667623][T18203] RIP: 0033:0x7f2453b8d8dc
[  941.667637][T18203] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  941.667654][T18203] RSP: 002b:00007f2454a47030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  941.667671][T18203] RAX: ffffffffffffffda RBX: 00007f2453de6090 RCX: 00007f2453b8d8dc
[  941.667682][T18203] RDX: 000000000000000f RSI: 00007f2454a470a0 RDI: 0000000000000006
[  941.667692][T18203] RBP: 00007f2454a47090 R08: 0000000000000000 R09: 0000000000000000
[  941.667702][T18203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  941.667711][T18203] R13: 00007f2453de6128 R14: 00007f2453de6090 R15: 00007ffe2fb98068
[  941.667735][T18203]  </TASK>
[  941.949803][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  942.491162][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  942.495143][T18205] ceph: No mds server is up or the cluster is laggy
[  942.928553][T18220] comedi comedi0: Minor 44 could not be opened
[  943.454637][ T5845] Bluetooth: hci3: unexpected event 0x14 length: 20 > 6
[  943.530783][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  943.610968][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  943.928839][T18235] xt_l2tp: missing protocol rule (udp|l2tpip)
[  944.399804][ T5966] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  944.492303][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  944.605993][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  945.296558][ T5966] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  945.628755][T18256] netlink: 92 bytes leftover after parsing attributes in process `syz.6.3107'.
[  946.019719][ T5966] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  946.093929][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  946.103928][ T5966] usb 1-1: config 0 descriptor??
[  946.468448][T18266] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3111'.
[  946.482686][ T5966] usb 1-1: can't set config #0, error -71
[  946.610505][ T5966] usb 1-1: USB disconnect, device number 80
[  947.046572][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  947.130412][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  947.215962][T18272] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  947.597914][T18281] nfs: Unknown parameter 'm���bz#h�5[W"'
[  947.700373][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  947.708516][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  947.820531][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  948.274559][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  949.169680][   T10] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  949.200071][T18296] Bluetooth: MGMT ver 1.23
[  949.290352][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  949.345564][   T10] usb 1-1: Using ep0 maxpacket: 16
[  949.373347][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  949.539719][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  949.564406][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  949.604412][   T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  949.624399][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  949.645712][   T10] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  949.657203][   T10] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  949.680655][   T10] usb 1-1: Manufacturer: syz
[  949.686864][   T10] usb 1-1: config 0 descriptor??
[  949.864402][T18312] comedi comedi0: Minor 44 could not be opened
[  949.965782][T18292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  950.005342][T18292] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  950.008793][T18314] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3122'.
[  950.340609][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  951.281308][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  951.372365][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  952.427952][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  952.440033][   T10] rc_core: IR keymap rc-hauppauge not found
[  952.529390][   T10] Registered IR keymap rc-empty
[  952.563406][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  952.589504][   T30] audit: type=1400 audit(1759044655.570:1370): avc:  denied  { prog_load } for  pid=18349 comm="syz.0.3133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  952.593285][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  952.715627][   T30] audit: type=1400 audit(1759044655.600:1371): avc:  denied  { bpf } for  pid=18349 comm="syz.0.3133" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  952.741139][   T30] audit: type=1400 audit(1759044655.600:1372): avc:  denied  { perfmon } for  pid=18349 comm="syz.0.3133" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  952.776798][   T30] audit: type=1400 audit(1759044655.760:1373): avc:  denied  { read } for  pid=18343 comm="syz.4.3132" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  952.846819][T18353] nfs: Unknown parameter 'm���bz#h�5[W"'
[  953.213590][   T30] audit: type=1400 audit(1759044655.760:1374): avc:  denied  { open } for  pid=18343 comm="syz.4.3132" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  953.238540][   T30] audit: type=1400 audit(1759044655.830:1375): avc:  denied  { mounton } for  pid=18349 comm="syz.0.3133" path="/44" dev="tmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  953.430459][   T10] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  953.443981][   T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input51
[  953.500954][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  953.511580][   T30] audit: type=1400 audit(1759044655.840:1376): avc:  denied  { map_create } for  pid=18349 comm="syz.0.3133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  953.531493][   T30] audit: type=1400 audit(1759044655.840:1377): avc:  denied  { map_read map_write } for  pid=18349 comm="syz.0.3133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  953.729284][   T30] audit: type=1400 audit(1759044656.360:1378): avc:  denied  { prog_run } for  pid=18343 comm="syz.4.3132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  953.754278][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  953.760082][   T30] audit: type=1400 audit(1759044656.410:1379): avc:  denied  { setopt } for  pid=18343 comm="syz.4.3132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  953.812008][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  953.871504][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  953.919794][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  954.139854][T18365] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3135'.
[  954.239935][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  954.266528][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  954.277435][T18368] netlink: 'syz.5.3137': attribute type 6 has an invalid length.
[  954.330058][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  954.339739][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  954.392276][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  954.433546][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  954.457292][T18370] gfs2: gfs2 mount does not exist
[  954.469713][   T10] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  954.511296][   T10] mceusb 1-1:0.0: Registered  with mce emulator interface version 1
[  954.584786][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  954.669088][   T10] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  954.685575][   T10] usb 1-1: USB disconnect, device number 81
[  955.610658][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  956.280280][ T5966] usb 8-1: new low-speed USB device number 2 using dummy_hcd
[  956.409890][ T5966] usb 8-1: device descriptor read/64, error -71
[  956.653212][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  956.680311][ T5966] usb 8-1: new low-speed USB device number 3 using dummy_hcd
[  956.852912][ T5966] usb 8-1: device descriptor read/64, error -71
[  956.974714][T18409] netlink: 92 bytes leftover after parsing attributes in process `syz.0.3149'.
[  957.320851][ T5966] usb usb8-port1: attempt power cycle
[  957.333830][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  957.370244][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  957.473424][ T5845] Bluetooth: hci3: unexpected event 0x14 length: 20 > 6
[  957.691700][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  957.714634][ T5966] usb 8-1: new low-speed USB device number 4 using dummy_hcd
[  957.810887][ T5966] usb 8-1: device descriptor read/8, error -71
[  957.830672][   T30] kauditd_printk_skb: 61 callbacks suppressed
[  957.830687][   T30] audit: type=1400 audit(1759044660.820:1441): avc:  denied  { create } for  pid=18415 comm="syz.0.3152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  957.887424][   T30] audit: type=1400 audit(1759044660.820:1442): avc:  denied  { bind } for  pid=18415 comm="syz.0.3152" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  957.933706][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  957.984332][   T30] audit: type=1400 audit(1759044660.820:1443): avc:  denied  { ioctl } for  pid=18415 comm="syz.0.3152" path="socket:[61197]" dev="sockfs" ino=61197 ioctlcmd=0x48e7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  958.189651][ T5966] usb 8-1: new low-speed USB device number 5 using dummy_hcd
[  958.332086][   T30] audit: type=1400 audit(1759044661.310:1444): avc:  denied  { read } for  pid=18413 comm="syz.6.3151" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  958.354739][    C1] vkms_vblank_simulate: vblank timer overrun
[  958.386677][T18414] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3151'.
[  958.512019][ T5966] usb 8-1: device descriptor read/8, error -71
[  959.305513][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  959.359984][T18414] bridge_slave_1: left allmulticast mode
[  959.364357][   T30] audit: type=1400 audit(1759044661.310:1445): avc:  denied  { open } for  pid=18413 comm="syz.6.3151" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  959.365647][T18414] bridge_slave_1: left promiscuous mode
[  959.388709][    C1] vkms_vblank_simulate: vblank timer overrun
[  959.994499][   T30] audit: type=1400 audit(1759044661.310:1446): avc:  denied  { ioctl } for  pid=18413 comm="syz.6.3151" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  960.086064][ T5966] usb usb8-port1: unable to enumerate USB device
[  960.100655][T18414] bridge0: port 2(bridge_slave_1) entered disabled state
[  960.101398][   T30] audit: type=1400 audit(1759044661.370:1447): avc:  denied  { ioctl } for  pid=18413 comm="syz.6.3151" path="socket:[61275]" dev="sockfs" ino=61275 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  960.144790][   T30] audit: type=1400 audit(1759044661.540:1448): avc:  denied  { module_request } for  pid=18425 comm="syz.0.3156" kmod="net-pf-2-proto-254-type-0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  960.167828][    C1] vkms_vblank_simulate: vblank timer overrun
[  960.322904][ T5845] Bluetooth: hci1: unexpected event 0x14 length: 20 > 6
[  960.442351][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  960.457375][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  960.552382][T18414] bridge_slave_0: left allmulticast mode
[  960.571517][T18414] bridge_slave_0: left promiscuous mode
[  960.589057][ T5845] Bluetooth: hci6: unexpected event 0x14 length: 20 > 6
[  960.598905][T18414] bridge0: port 1(bridge_slave_0) entered disabled state
[  961.005913][   T30] audit: type=1400 audit(1759044663.990:1449): avc:  denied  { sys_module } for  pid=18440 comm="syz.0.3158" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  961.249924][T18453] IPv6: addrconf: prefix option has invalid lifetime
[  961.320684][T18454] nfs: Unknown parameter 'm���bz#h�5[W"'
[  961.672239][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  961.725488][   T30] audit: type=1400 audit(1759044664.710:1450): avc:  denied  { read write } for  pid=18455 comm="syz.0.3162" name="radio0" dev="devtmpfs" ino=955 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  961.813133][T18457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3162'.
[  961.869139][T18457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3162'.
[  961.941110][T18457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3162'.
[  961.950710][T18457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3162'.
[  961.960066][T18457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3162'.
[  962.291027][ T5845] Bluetooth: hci1: unexpected event 0x14 length: 20 > 6
[  962.631908][T18473] fuse: Unknown parameter '0x0000000000000003'
[  963.154357][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  963.160568][T18477] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  963.450087][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  963.552107][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  963.552123][   T30] audit: type=1400 audit(1759044666.540:1459): avc:  denied  { create } for  pid=18479 comm="syz.5.3172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  964.170315][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  964.613789][T18484] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  964.639697][   T30] audit: type=1400 audit(1759044667.590:1460): avc:  denied  { write } for  pid=18474 comm="syz.0.3170" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  965.232339][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  965.545844][T18496] gfs2: gfs2 mount does not exist
[  966.322844][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  966.498444][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  966.592605][ T5845] Bluetooth: hci3: unexpected event 0x14 length: 20 > 6
[  968.142314][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  968.157319][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  968.235653][   T30] audit: type=1400 audit(1759044671.220:1461): avc:  denied  { read } for  pid=18531 comm="syz.7.3185" name="vhost-net" dev="devtmpfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  968.281505][   T30] audit: type=1400 audit(1759044671.250:1462): avc:  denied  { open } for  pid=18531 comm="syz.7.3185" path="/dev/vhost-net" dev="devtmpfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  968.720154][   T30] audit: type=1400 audit(1759044671.660:1463): avc:  denied  { write } for  pid=18531 comm="syz.7.3185" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  969.161826][   T30] audit: type=1400 audit(1759044671.670:1464): avc:  denied  { ioctl } for  pid=18531 comm="syz.7.3185" path="socket:[61990]" dev="sockfs" ino=61990 ioctlcmd=0x5532 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  969.231627][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  969.534862][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  969.534961][   T30] audit: type=1400 audit(1759044671.680:1465): avc:  denied  { create } for  pid=18531 comm="syz.7.3185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  969.569904][   T30] audit: type=1400 audit(1759044671.690:1466): avc:  denied  { ioctl } for  pid=18531 comm="syz.7.3185" path="socket:[61993]" dev="sockfs" ino=61993 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  969.598008][   T30] audit: type=1400 audit(1759044671.690:1467): avc:  denied  { bind } for  pid=18531 comm="syz.7.3185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  969.722024][   T30] audit: type=1400 audit(1759044671.690:1468): avc:  denied  { write } for  pid=18531 comm="syz.7.3185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  969.752592][   T30] audit: type=1400 audit(1759044671.690:1469): avc:  denied  { read } for  pid=18531 comm="syz.7.3185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  970.141859][   T30] audit: type=1400 audit(1759044672.890:1470): avc:  denied  { setopt } for  pid=18541 comm="syz.0.3187" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  970.163215][   T30] audit: type=1400 audit(1759044672.900:1471): avc:  denied  { firmware_load } for  pid=18541 comm="syz.0.3187" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  970.201607][   T30] audit: type=1400 audit(1759044673.190:1472): avc:  denied  { read } for  pid=18548 comm="syz.7.3190" name="sg0" dev="devtmpfs" ino=755 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  970.253148][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  971.059644][T18549] sd 0:0:1:0: device reset
[  971.290283][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  971.399720][ T5845] Bluetooth: hci3: unexpected event 0x14 length: 20 > 6
[  972.335188][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  972.436318][T18570] FAULT_INJECTION: forcing a failure.
[  972.436318][T18570] name failslab, interval 1, probability 0, space 0, times 0
[  972.540330][T18570] CPU: 0 UID: 0 PID: 18570 Comm: syz.0.3195 Not tainted syzkaller #0 PREEMPT(full) 
[  972.540356][T18570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  972.540368][T18570] Call Trace:
[  972.540374][T18570]  <TASK>
[  972.540381][T18570]  dump_stack_lvl+0x16c/0x1f0
[  972.540409][T18570]  should_fail_ex+0x512/0x640
[  972.540441][T18570]  should_failslab+0xc2/0x120
[  972.540463][T18570]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  972.540482][T18570]  ? skb_clone+0x190/0x3f0
[  972.540508][T18570]  skb_clone+0x190/0x3f0
[  972.540530][T18570]  netlink_deliver_tap+0xabd/0xd30
[  972.540559][T18570]  netlink_unicast+0x64c/0x870
[  972.540586][T18570]  ? __pfx_netlink_unicast+0x10/0x10
[  972.540608][T18570]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  972.540636][T18570]  netlink_sendmsg+0x8d1/0xdd0
[  972.540663][T18570]  ? __pfx_netlink_sendmsg+0x10/0x10
[  972.540692][T18570]  ____sys_sendmsg+0xa98/0xc70
[  972.540718][T18570]  ? copy_msghdr_from_user+0x10a/0x160
[  972.540738][T18570]  ? __pfx_____sys_sendmsg+0x10/0x10
[  972.540774][T18570]  ___sys_sendmsg+0x134/0x1d0
[  972.540796][T18570]  ? __pfx____sys_sendmsg+0x10/0x10
[  972.540846][T18570]  __sys_sendmsg+0x16d/0x220
[  972.540867][T18570]  ? __pfx___sys_sendmsg+0x10/0x10
[  972.540905][T18570]  do_syscall_64+0xcd/0x4e0
[  972.540929][T18570]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  972.540947][T18570] RIP: 0033:0x7f180858eec9
[  972.540961][T18570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  972.540978][T18570] RSP: 002b:00007f18094dd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  972.540995][T18570] RAX: ffffffffffffffda RBX: 00007f18087e5fa0 RCX: 00007f180858eec9
[  972.541006][T18570] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  972.541017][T18570] RBP: 00007f18094dd090 R08: 0000000000000000 R09: 0000000000000000
[  972.541027][T18570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  972.541037][T18570] R13: 00007f18087e6038 R14: 00007f18087e5fa0 R15: 00007ffedeb026e8
[  972.541062][T18570]  </TASK>
[  972.541137][T18570] netlink: 'syz.0.3195': attribute type 6 has an invalid length.
[  972.758373][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  973.370929][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  974.410527][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  974.421672][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  974.421687][   T30] audit: type=1400 audit(1759044677.410:1477): avc:  denied  { bind } for  pid=18589 comm="syz.6.3201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  974.727134][   T30] audit: type=1400 audit(1759044677.410:1478): avc:  denied  { accept } for  pid=18589 comm="syz.6.3201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  974.835552][   T30] audit: type=1400 audit(1759044677.740:1479): avc:  denied  { read } for  pid=18573 comm="syz.4.3197" name="binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  974.858344][    C0] vkms_vblank_simulate: vblank timer overrun
[  974.925954][   T30] audit: type=1400 audit(1759044677.740:1480): avc:  denied  { open } for  pid=18573 comm="syz.4.3197" path="/dev/binderfs/binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  974.933178][ T5972] hid-generic 0005:16BF:5505.0021: unknown main item tag 0x0
[  974.989198][ T5972] hid-generic 0005:16BF:5505.0021: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  975.055048][   T30] audit: type=1400 audit(1759044677.740:1481): avc:  denied  { connect } for  pid=18573 comm="syz.4.3197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  975.116054][   T30] audit: type=1400 audit(1759044677.900:1482): avc:  denied  { mounton } for  pid=18594 comm="syz.5.3203" path="/176/file0" dev="tmpfs" ino=951 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  975.153167][   T30] audit: type=1400 audit(1759044678.090:1483): avc:  denied  { unlink } for  pid=17379 comm="syz-executor" name="file1" dev="tmpfs" ino=336 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  975.240685][ T5845] Bluetooth: hci3: unexpected event 0x14 length: 20 > 6
[  975.464390][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  975.577909][   T30] audit: type=1400 audit(1759044678.520:1484): avc:  denied  { create } for  pid=18610 comm="syz.0.3205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  975.822753][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  976.853933][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  976.871810][   T30] audit: type=1400 audit(1759044678.520:1485): avc:  denied  { ioctl } for  pid=18610 comm="syz.0.3205" path="socket:[62115]" dev="sockfs" ino=62115 ioctlcmd=0x9439 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  976.910279][T18624] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18624 comm=syz.4.3210
[  977.187475][   T30] audit: type=1400 audit(1759044680.170:1486): avc:  denied  { bind } for  pid=18619 comm="syz.0.3209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  977.492230][T18635] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  977.780020][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  977.930569][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  978.904135][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  978.976718][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  979.001827][T18655] netlink: 284 bytes leftover after parsing attributes in process `syz.6.3218'.
[  979.471615][ T5845] Bluetooth: hci5: unexpected event 0x14 length: 20 > 6
[  980.010565][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  980.031327][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  980.031342][   T30] audit: type=1400 audit(1759044683.020:1491): avc:  denied  { connect } for  pid=18668 comm="syz.6.3222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  980.494500][   T30] audit: type=1400 audit(1759044683.190:1492): avc:  denied  { write } for  pid=18672 comm="syz.4.3223" path="socket:[62686]" dev="sockfs" ino=62686 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  980.555359][   T30] audit: type=1400 audit(1759044683.290:1493): avc:  denied  { setopt } for  pid=18672 comm="syz.4.3223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  980.663850][ T5845] Bluetooth: hci6: unexpected event 0x14 length: 20 > 6
[  981.019807][ T5845] Bluetooth: hci1: unexpected event 0x14 length: 20 > 6
[  981.051150][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  981.456574][T18688] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3227'.
[  981.948897][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  981.996223][   T30] audit: type=1400 audit(1759044684.980:1494): avc:  denied  { write } for  pid=18693 comm="syz.0.3232" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  982.140897][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  982.153776][T18704] fuse: Unknown parameter '0x0000000000000003'
[  983.236315][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  984.272478][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  984.602902][   T30] audit: type=1400 audit(1759044687.370:1495): avc:  denied  { override_creds } for  pid=18726 comm="syz.6.3240" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  984.731793][T16697] Bluetooth: hci7: command 0xfc11 tx timeout
[  984.780441][ T5845] Bluetooth: hci7: Entering manufacturer mode failed (-110)
[  984.807218][T18710] sp0: Synchronizing with TNC
[  984.858662][T18732] comedi comedi0: Minor 44 could not be opened
[  984.867106][   T30] audit: type=1400 audit(1759044687.850:1496): avc:  denied  { write } for  pid=18727 comm="syz.5.3239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  984.911601][   T30] audit: type=1400 audit(1759044687.880:1497): avc:  denied  { write } for  pid=18727 comm="syz.5.3239" name="binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  984.934369][    C1] vkms_vblank_simulate: vblank timer overrun
[  984.974315][   T30] audit: type=1400 audit(1759044687.880:1498): avc:  denied  { ioctl } for  pid=18727 comm="syz.5.3239" path="/dev/binderfs/binder1" dev="binder" ino=8 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  984.999695][    C1] vkms_vblank_simulate: vblank timer overrun
[  984.999810][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  985.292427][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  985.539730][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  985.548552][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  985.646653][   T30] audit: type=1400 audit(1759044687.880:1499): avc:  denied  { set_context_mgr } for  pid=18727 comm="syz.5.3239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  986.331027][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  986.650388][T13723] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  986.785070][T18769] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3250'.
[  986.842079][   T10] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[  986.872792][T13723] usb 8-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice= 8.8f
[  986.894100][T13723] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  986.903519][ T5972] IPVS: starting estimator thread 0...
[  986.911949][T13723] usb 8-1: config 0 descriptor??
[  986.922546][T13723] gspca_main: pac7311-2.14.0 probing 093a:2601
[  986.999751][T18771] IPVS: using max 41 ests per chain, 98400 per kthread
[  987.011153][   T10] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  987.023501][   T10] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  987.034335][   T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  987.046568][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  987.056725][T18761] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  987.073848][   T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  987.139694][ T5966] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  987.187659][   T30] audit: type=1400 audit(1759044690.150:1500): avc:  denied  { create } for  pid=18753 comm="syz.7.3246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  987.210161][T13723] gspca_pac7311: reg_w() failed index 0x78, value 0x40, error -71
[  987.229698][T18776] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3252'.
[  987.248574][T13723] pac7311 8-1:0.0: probe with driver pac7311 failed with error -71
[  987.290825][T13723] usb 8-1: USB disconnect, device number 6
[  987.296433][   T10] usb 5-1: USB disconnect, device number 102
[  987.371103][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  987.379220][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  987.435459][ T5966] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  987.519435][ T5966] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  987.783937][ T5966] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  987.800655][ T5966] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  987.814567][ T5966] usb 1-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  987.826654][ T5966] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  987.890191][ T5966] usb 1-1: config 0 descriptor??
[  988.019668][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  988.412589][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  988.538751][T18795] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  988.547807][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  989.092470][T18803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  989.101190][T18803] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  989.308373][ T5966] hdpvr 1-1:0.0: firmware version 0xd dated 
[  989.323508][T18795] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  989.472200][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  989.527200][ T5966] hdpvr 1-1:0.0: device init failed
[  989.563639][ T5966] hdpvr 1-1:0.0: probe with driver hdpvr failed with error -12
[  989.603861][ T5966] usb 1-1: USB disconnect, device number 82
[  989.631747][T18806] IPv6: addrconf: prefix option has invalid lifetime
[  990.514697][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  990.880749][   T30] audit: type=1400 audit(1759044693.863:1501): avc:  denied  { append } for  pid=18827 comm="syz.5.3266" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  990.922532][T18828] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  991.091514][   T30] audit: type=1400 audit(1759044694.073:1502): avc:  denied  { name_bind } for  pid=18827 comm="syz.5.3266" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  991.112689][    C1] vkms_vblank_simulate: vblank timer overrun
[  991.535581][ T5966] net_ratelimit: 1 callbacks suppressed
[  991.535598][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  991.549662][   T30] audit: type=1400 audit(1759044694.283:1503): avc:  denied  { getopt } for  pid=18835 comm="syz.4.3268" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  991.574915][   T30] audit: type=1400 audit(1759044694.283:1504): avc:  denied  { ioctl } for  pid=18835 comm="syz.4.3268" path="socket:[63656]" dev="sockfs" ino=63656 ioctlcmd=0x7452 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  991.607728][ T5966] IPVS: starting estimator thread 0...
[  991.749760][T18840] IPVS: using max 40 ests per chain, 96000 per kthread
[  991.928027][T18849] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  992.235990][   T30] audit: type=1400 audit(1759044695.223:1505): avc:  denied  { create } for  pid=18853 comm="syz.6.3272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  992.268915][T18854] lo speed is unknown, defaulting to 1000
[  992.324983][   T30] audit: type=1400 audit(1759044695.253:1506): avc:  denied  { ioctl } for  pid=18853 comm="syz.6.3272" path="socket:[63676]" dev="sockfs" ino=63676 ioctlcmd=0x89e5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  992.520063][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  992.526579][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  992.526586][   T30] audit: type=1400 audit(1759044695.253:1507): avc:  denied  { create } for  pid=18853 comm="syz.6.3272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  992.570249][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  992.652300][   T30] audit: type=1400 audit(1759044695.303:1508): avc:  denied  { write } for  pid=18853 comm="syz.6.3272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  992.654217][T18862] gfs2: gfs2 mount does not exist
[  992.673077][   T30] audit: type=1400 audit(1759044695.503:1509): avc:  denied  { read } for  pid=18853 comm="syz.6.3272" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  992.717282][   T30] audit: type=1400 audit(1759044695.503:1510): avc:  denied  { open } for  pid=18853 comm="syz.6.3272" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  992.887780][ T5845] Bluetooth: hci3: unexpected event 0x14 length: 20 > 6
[  993.611570][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  994.102372][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  994.650817][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  995.003805][ T5845] Bluetooth: hci6: unexpected event 0x14 length: 20 > 6
[  995.578200][T18900] IPv6: addrconf: prefix option has invalid lifetime
[  995.690935][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  995.797051][T18907] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3287'.
[  996.093882][T18911] comedi comedi0: Minor 44 could not be opened
[  996.730327][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  996.980155][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  997.099372][ T5845] Bluetooth: hci6: unexpected event 0x14 length: 20 > 6
[  997.278566][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  997.515244][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  997.515260][   T30] audit: type=1400 audit(1759044700.473:1515): avc:  denied  { getopt } for  pid=18924 comm="syz.0.3293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  997.618131][T15957] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  997.783860][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  997.809563][   T10] usb 8-1: new low-speed USB device number 7 using dummy_hcd
[  998.035526][   T10] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  998.108212][   T10] usb 8-1: config 179 has no interface number 0
[  998.347745][T16697] Bluetooth: hci6: unexpected event 0x14 length: 20 > 6
[  998.347827][   T10] usb 8-1: config 179 interface 65 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  998.450670][    T9] usb 5-1: new low-speed USB device number 103 using dummy_hcd
[  998.460618][   T10] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  998.500050][   T10] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x87 has invalid maxpacket 65535, setting to 8
[  998.515036][   T10] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  998.562914][   T10] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  998.579588][   T10] usb 8-1: New USB device found, idVendor=12ab, idProduct=0000, bcdDevice=1e.eb
[  998.628863][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  998.659152][T18931] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  998.670033][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  998.691625][T18949] fuse: Unknown parameter '0x0000000000000003'
[  998.791020][T18951] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  998.851416][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  999.029905][    T9] usb 5-1: too many configurations: 14, using maximum allowed: 8
[  999.126353][   T30] audit: type=1400 audit(1759044702.083:1516): avc:  denied  { mount } for  pid=18929 comm="syz.7.3294" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  999.343676][    T9] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  999.472132][T15957] usb 8-1: USB disconnect, device number 7
[  999.531172][    T9] usb 5-1: config 7 has 0 interfaces, different from the descriptor's value: 1
[  999.665093][    T9] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  999.689975][T16697] Bluetooth: hci5: command 0x0406 tx timeout
[  999.711774][    T9] usb 5-1: config 7 has 0 interfaces, different from the descriptor's value: 1
[  999.722637][    T9] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  999.730368][T18958] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3302'.
[  999.733641][    T9] usb 5-1: config 7 has 0 interfaces, different from the descriptor's value: 1
[  999.751948][    T9] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  999.762420][    T9] usb 5-1: config 7 has 0 interfaces, different from the descriptor's value: 1
[  999.775088][    T9] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  999.793687][    T9] usb 5-1: config 7 has 0 interfaces, different from the descriptor's value: 1
[  999.823712][    T9] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  999.844352][    T9] usb 5-1: config 7 has 0 interfaces, different from the descriptor's value: 1
[  999.868086][    T9] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  999.888839][    T9] usb 5-1: config 7 has 0 interfaces, different from the descriptor's value: 1
[  999.909332][ T5845] Bluetooth: hci5: unexpected event 0x14 length: 20 > 6
[  999.911772][    T9] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  999.934970][  T975] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  999.948298][    T9] usb 5-1: config 7 has 0 interfaces, different from the descriptor's value: 1
[ 1000.085198][    T9] usb 5-1: string descriptor 0 read error: -22
[ 1000.091637][    T9] usb 5-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16
[ 1000.101485][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1000.157089][T18966] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3305'.
[ 1000.233378][T18976] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1000.242058][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1000.319469][T18941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1000.369093][T18941] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1000.399891][T18941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1000.419320][T18941] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1000.437991][T18941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1000.450016][T18978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1000.485468][   T30] audit: type=1400 audit(1759044703.381:1517): avc:  denied  { setopt } for  pid=18936 comm="syz.4.3298" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1000.525372][T18941] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1000.604110][T18978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1000.652639][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1000.691200][    T9] usb 5-1: USB disconnect, device number 103
[ 1001.367090][   T30] audit: type=1400 audit(1759044704.351:1518): avc:  denied  { connect } for  pid=18987 comm="syz.5.3311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1001.380703][T18991] netlink: 'syz.7.3312': attribute type 6 has an invalid length.
[ 1001.398180][T18991] FAULT_INJECTION: forcing a failure.
[ 1001.398180][T18991] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1001.415938][T18991] CPU: 1 UID: 0 PID: 18991 Comm: syz.7.3312 Not tainted syzkaller #0 PREEMPT(full) 
[ 1001.415961][T18991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1001.415971][T18991] Call Trace:
[ 1001.415977][T18991]  <TASK>
[ 1001.415984][T18991]  dump_stack_lvl+0x16c/0x1f0
[ 1001.416010][T18991]  should_fail_ex+0x512/0x640
[ 1001.416034][T18991]  _copy_to_user+0x32/0xd0
[ 1001.416059][T18991]  simple_read_from_buffer+0xcb/0x170
[ 1001.416078][T18991]  proc_fail_nth_read+0x197/0x240
[ 1001.416098][T18991]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1001.416117][T18991]  ? rw_verify_area+0xcf/0x6c0
[ 1001.416139][T18991]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1001.416155][T18991]  vfs_read+0x1e4/0xcf0
[ 1001.416174][T18991]  ? __pfx___mutex_lock+0x10/0x10
[ 1001.416195][T18991]  ? __pfx_vfs_read+0x10/0x10
[ 1001.416218][T18991]  ? __fget_files+0x20e/0x3c0
[ 1001.416247][T18991]  ksys_read+0x12a/0x250
[ 1001.416263][T18991]  ? __pfx_ksys_read+0x10/0x10
[ 1001.416286][T18991]  do_syscall_64+0xcd/0x4e0
[ 1001.416306][T18991]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1001.416321][T18991] RIP: 0033:0x7f2453b8d8dc
[ 1001.416335][T18991] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1001.416349][T18991] RSP: 002b:00007f2454a68030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1001.416365][T18991] RAX: ffffffffffffffda RBX: 00007f2453de5fa0 RCX: 00007f2453b8d8dc
[ 1001.416375][T18991] RDX: 000000000000000f RSI: 00007f2454a680a0 RDI: 0000000000000004
[ 1001.416385][T18991] RBP: 00007f2454a68090 R08: 0000000000000000 R09: 0000000000000000
[ 1001.416394][T18991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1001.416403][T18991] R13: 00007f2453de6038 R14: 00007f2453de5fa0 R15: 00007ffe2fb98068
[ 1001.416423][T18991]  </TASK>
[ 1001.724176][T18999] 8021q: VLANs not supported on ipvlan1
[ 1002.010595][ T5966] net_ratelimit: 2 callbacks suppressed
[ 1002.010611][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1002.079594][ T5972] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[ 1002.212334][ T5845] Bluetooth: hci1: unexpected event 0x14 length: 20 > 6
[ 1002.248572][ T5845] Bluetooth: hci1: unexpected event 0x14 length: 20 > 6
[ 1002.263732][   T30] audit: type=1400 audit(1759044705.241:1519): avc:  denied  { mount } for  pid=19017 comm="syz.7.3320" name="/" dev="overlay" ino=308 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1002.315280][ T5972] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[ 1002.323770][ T5972] usb 5-1: config 0 has no interface number 0
[ 1002.363982][ T5972] usb 5-1: config 0 interface 51 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1002.396084][T19023] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[ 1002.407466][T19023] VFS: Can't find a romfs filesystem on dev nullb0.
[ 1002.407466][T19023] 
[ 1002.414483][ T5972] usb 5-1: config 0 interface 51 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1002.434406][T19023] overlayfs: failed to decode file handle (len=5, type=8443, flags=0, err=-22)
[ 1002.439630][ T5972] usb 5-1: New USB device found, idVendor=061c, idProduct=c084, bcdDevice=f5.fc
[ 1002.454910][ T5972] usb 5-1: New USB device strings: Mfr=1, Product=18, SerialNumber=3
[ 1002.465027][ T5972] usb 5-1: Product: syz
[ 1002.473318][ T5972] usb 5-1: Manufacturer: syz
[ 1002.478033][ T5972] usb 5-1: SerialNumber: syz
[ 1002.484086][ T5972] usb 5-1: config 0 descriptor??
[ 1002.489752][    T9] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1002.652359][    T9] usb 6-1: Using ep0 maxpacket: 16
[ 1002.658746][    T9] usb 6-1: unable to get BOS descriptor set
[ 1002.667126][    T9] usb 6-1: config 1 interface 0 altsetting 2 endpoint 0x2 has an invalid bInterval 101, changing to 10
[ 1002.678314][    T9] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1002.686692][    T9] usb 6-1: New USB device found, idVendor=056a, idProduct=0038, bcdDevice= 0.40
[ 1002.786494][T18999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1002.795400][T18999] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1002.808072][ T1206] usb 5-1: USB disconnect, device number 104
[ 1002.814861][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1002.855265][    T9] usb 6-1: Product: 逓曖㹵។㭊엁鶝浵襏턿푸見⣪딢簵橺純ⅲ᧎佝줖ㅛᅓ됦䑒텈᱁㣆ྦ杦༣쎭㛴﬜庐钘䶇뻞䵌闃쨽憈鑒甎ڲ
[ 1002.874015][    T9] usb 6-1: Manufacturer: Т
[ 1002.878608][    T9] usb 6-1: SerialNumber: ࡠ
[ 1003.050345][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1003.166783][T19016] netlink: 'syz.5.3319': attribute type 1 has an invalid length.
[ 1003.174653][   T30] audit: type=1400 audit(1759044706.081:1520): avc:  denied  { unmount } for  pid=17900 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1003.439046][T19030] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3322'.
[ 1003.698562][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1004.134093][ T5845] Bluetooth: hci3: unexpected event 0x14 length: 20 > 6
[ 1004.159921][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1004.292368][T19016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1004.317192][T19016] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1004.357293][T19032] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1004.395502][T19032] bond1: (slave vxcan3): Error -95 calling set_mac_address
[ 1004.468711][T19036] gretap1: entered promiscuous mode
[ 1004.513959][T19036] bond1: (slave gretap1): making interface the new active one
[ 1004.556854][T19036] bond1: (slave gretap1): Enslaving as an active interface with an up link
[ 1004.851781][    T9] usbhid 6-1:1.0: can't add hid device: -71
[ 1004.868061][    T9] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[ 1004.890395][    T9] usb 6-1: USB disconnect, device number 27
[ 1005.207473][T19065] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3331'.
[ 1005.241835][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1005.860929][T19082] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3334'.
[ 1006.270640][ T5966] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1006.457935][T19071] netlink: 80 bytes leftover after parsing attributes in process `syz.7.3332'.
[ 1006.600703][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1006.730201][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1007.313371][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1007.797647][T19115] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3341'.
[ 1007.850646][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1007.871729][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1007.893062][T15191] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1007.906052][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1007.932555][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1008.159670][ T5908] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1008.331598][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1008.366237][ T5908] usb 6-1: device descriptor read/64, error -71
[ 1008.609610][ T5908] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1008.635952][ T5845] Bluetooth: hci3: unexpected event 0x14 length: 20 > 6
[ 1008.864178][ T5908] usb 6-1: device descriptor read/64, error -71
[ 1009.019810][ T5908] usb usb6-port1: attempt power cycle
[ 1009.370687][ T5908] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 1009.387221][ T5972] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1009.875865][ T5908] usb 6-1: device descriptor read/8, error -71
[ 1009.967835][T19144] comedi comedi0: Minor 44 could not be opened
[ 1010.410053][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1010.890289][ T1206] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1011.179499][T19154] 8021q: VLANs not supported on ipvlan1
[ 1012.731283][ T5908] net_ratelimit: 1 callbacks suppressed
[ 1012.731299][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1012.970065][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1013.310360][T19200] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[ 1013.319305][ T5845] Bluetooth: hci1: unexpected event 0x14 length: 20 > 6
[ 1013.370376][   T30] audit: type=1400 audit(1759044716.330:1521): avc:  denied  { ioctl } for  pid=19197 comm="syz.7.3365" path="socket:[64410]" dev="sockfs" ino=64410 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[ 1013.402067][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1013.525904][T19205] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1013.831964][T15191] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1013.841301][ T5908] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1013.849443][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1013.865150][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1013.930135][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1013.942378][T19209] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1013.974914][T19218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1013.983549][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1013.986242][T19219] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1014.958514][T13723] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1015.086074][T19228] gfs2: gfs2 mount does not exist
[ 1016.009166][T19237] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3377'.
[ 1016.811314][   T31] INFO: task syz.3.2771:16912 blocked for more than 143 seconds.
[ 1016.819117][   T31]       Not tainted syzkaller #0
[ 1016.853459][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1017.088306][   T31] task:syz.3.2771      state:D stack:25408 pid:16912 tgid:16874 ppid:5851   task_flags:0x400140 flags:0x00004006
[ 1017.112305][   T31] Call Trace:
[ 1017.129963][   T31]  <TASK>
[ 1017.133028][   T31]  __schedule+0x1190/0x5de0
[ 1017.138134][   T31]  ? __pfx___schedule+0x10/0x10
[ 1017.143453][   T31]  ? find_held_lock+0x2b/0x80
[ 1017.148142][   T31]  ? schedule+0x2d7/0x3a0
[ 1017.153608][   T31]  schedule+0xe7/0x3a0
[ 1017.157741][   T31]  schedule_timeout+0x257/0x290
[ 1017.164372][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[ 1017.174381][   T31]  ? _raw_spin_unlock_irq+0x29/0x50
[ 1017.179715][   T31]  __wait_for_common+0x2ff/0x4e0
[ 1017.184762][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[ 1017.193201][   T31]  ? __pfx___wait_for_common+0x10/0x10
[ 1017.198761][   T31]  ? ib_cq_pool_cleanup+0x220/0x360
[ 1017.204694][   T31]  disable_device+0x16f/0x280
[ 1017.209469][   T31]  ? __pfx_disable_device+0x10/0x10
[ 1017.219662][   T31]  ? __lock_acquire+0xb97/0x1ce0
[ 1017.224666][   T31]  __ib_unregister_device+0x2b4/0x480
[ 1017.235396][   T31]  ? __pfx_ib_device_get_by_index+0x10/0x10
[ 1017.242263][   T31]  ib_unregister_device_and_put+0x5a/0x80
[ 1017.248039][   T31]  nldev_dellink+0x21f/0x320
[ 1017.252922][   T31]  ? __pfx_nldev_dellink+0x10/0x10
[ 1017.258144][   T31]  ? cap_capable+0xb3/0x250
[ 1017.263367][   T31]  ? bpf_lsm_capable+0x9/0x10
[ 1017.268093][   T31]  ? security_capable+0x7e/0x260
[ 1017.274036][   T31]  ? ns_capable+0xd7/0x110
[ 1017.278496][   T31]  ? __pfx_nldev_dellink+0x10/0x10
[ 1017.283828][   T31]  rdma_nl_rcv_msg+0x38a/0x6e0
[ 1017.288679][   T31]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[ 1017.294695][   T31]  ? __lock_acquire+0x62e/0x1ce0
[ 1017.299815][   T31]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2d0/0x430
[ 1017.306289][   T31]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[ 1017.313389][   T31]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1017.318729][   T31]  ? selinux_netlink_send+0x578/0x830
[ 1017.324832][   T31]  ? is_vmalloc_addr+0x86/0xa0
[ 1017.329776][   T31]  netlink_unicast+0x5aa/0x870
[ 1017.334612][   T31]  ? __pfx_netlink_unicast+0x10/0x10
[ 1017.340610][   T31]  netlink_sendmsg+0x8d1/0xdd0
[ 1017.345530][   T31]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1017.350993][   T31]  ____sys_sendmsg+0xa98/0xc70
[ 1017.355807][   T31]  ? copy_msghdr_from_user+0x10a/0x160
[ 1017.361583][   T31]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1017.366937][   T31]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1017.374277][   T31]  ___sys_sendmsg+0x134/0x1d0
[ 1017.379094][   T31]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1017.385262][   T31]  __sys_sendmsg+0x16d/0x220
[ 1017.390101][   T31]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1017.395268][   T31]  ? __x64_sys_futex+0x1e0/0x4c0
[ 1017.400704][   T31]  do_syscall_64+0xcd/0x4e0
[ 1017.405207][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1017.411172][   T31] RIP: 0033:0x7f6d8bb8eec9
[ 1017.415585][   T31] RSP: 002b:00007f6d8caa6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1017.423990][   T31] RAX: ffffffffffffffda RBX: 00007f6d8bde6090 RCX: 00007f6d8bb8eec9
[ 1017.432213][   T31] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000007
[ 1017.440218][   T31] RBP: 00007f6d8bc11f91 R08: 0000000000000000 R09: 0000000000000000
[ 1017.448832][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1017.461149][   T31] R13: 00007f6d8bde6128 R14: 00007f6d8bde6090 R15: 00007ffd1eadca68
[ 1017.469144][   T31]  </TASK>
[ 1017.472288][   T31] 
[ 1017.472288][   T31] Showing all locks held in the system:
[ 1017.482904][   T31] 1 lock held by khungtaskd/31:
[ 1017.487750][   T31]  #0: ffffffff8e5c16a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[ 1017.497786][   T31] 4 locks held by kworker/u8:4/68:
[ 1017.503348][   T31]  #0: ffff88801c6f4148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1017.518789][   T31]  #1: ffffc9000215fd10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1017.531324][   T31]  #2: ffffffff9036f310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890
[ 1017.555622][   T31]  #3: ffff888022f10700 (&device->unregistration_lock){+.+.}-{4:4}, at: rdma_dev_change_netns+0x30/0x320
[ 1017.567310][   T31] 2 locks held by getty/5607:
[ 1017.572020][   T31]  #0: ffff88803601e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 1017.581779][   T31]  #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[ 1017.592044][   T31] 3 locks held by kworker/u8:14/7456:
[ 1017.597394][   T31]  #0: ffff88803113c148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1017.608948][   T31]  #1: ffffc9001ca77d10 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1017.624698][   T31]  #2: ffffffff90385608 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x12/0x30
[ 1017.634200][   T31] 3 locks held by kworker/u8:53/9957:
[ 1017.639568][   T31]  #0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1017.651618][   T31]  #1: ffffc9001b667d10 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1017.662702][   T31]  #2: ffffffff8e5ccb00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0
[ 1017.672636][   T31] 5 locks held by kworker/u8:57/9961:
[ 1017.678000][   T31] 2 locks held by syz.3.2771/16912:
[ 1017.683503][   T31]  #0: ffffffff9b1a5ad8 (&rdma_nl_types[idx].sem){.+.+}-{4:4}, at: rdma_nl_rcv_msg+0x169/0x6e0
[ 1017.693900][   T31]  #1: ffff888022f10700 (&device->unregistration_lock){+.+.}-{4:4}, at: __ib_unregister_device+0x23b/0x480
[ 1017.705291][   T31] 2 locks held by syz.2.2953/17651:
[ 1017.710766][   T31]  #0: ffffffff9036f310 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0
[ 1017.720194][   T31]  #1: ffff888022f10700 (&device->unregistration_lock){+.+.}-{4:4}, at: rdma_dev_change_netns+0x30/0x320
[ 1017.731596][   T31] 2 locks held by syz.4.3379/19260:
[ 1017.736781][   T31]  #0: ffffffff90385608 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[ 1017.745948][   T31]  #1: ffffffff8e5ccc38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[ 1017.756391][   T31] 1 lock held by syz.5.3381/19256:
[ 1017.761509][   T31]  #0: ffffffff90385608 (rtnl_mutex){+.+.}-{4:4}, at: bpf_xdp_link_release+0x1d/0x7c0
[ 1017.771415][   T31] 1 lock held by syz.0.3373/19265:
[ 1017.776505][   T31]  #0: ffffffff90385608 (rtnl_mutex){+.+.}-{4:4}, at: bpf_xdp_link_attach+0x10a/0x930
[ 1017.786073][   T31] 
[ 1017.788397][   T31] =============================================
[ 1017.788397][   T31] 
[ 1017.803008][   T31] NMI backtrace for cpu 0
[ 1017.803022][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1017.803042][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1017.803052][   T31] Call Trace:
[ 1017.803058][   T31]  <TASK>
[ 1017.803065][   T31]  dump_stack_lvl+0x116/0x1f0
[ 1017.803090][   T31]  nmi_cpu_backtrace+0x27b/0x390
[ 1017.803106][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1017.803126][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1017.803153][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[ 1017.803171][   T31]  watchdog+0xf0e/0x1260
[ 1017.803194][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1017.803210][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1017.803231][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1017.803253][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1017.803267][   T31]  kthread+0x3c2/0x780
[ 1017.803281][   T31]  ? __pfx_kthread+0x10/0x10
[ 1017.803295][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1017.803312][   T31]  ? __pfx_kthread+0x10/0x10
[ 1017.803326][   T31]  ret_from_fork+0x56a/0x730
[ 1017.803338][   T31]  ? __pfx_kthread+0x10/0x10
[ 1017.803351][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1017.803376][   T31]  </TASK>
[ 1017.803532][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1017.928589][    C1] NMI backtrace for cpu 1
[ 1017.928603][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[ 1017.928618][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1017.928627][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 1017.928647][    C1] Code: 3d 61 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 16 15 00 fb f4 <e9> cc 09 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[ 1017.928659][    C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c2
[ 1017.928670][    C1] RAX: 0000000005b595ed RBX: 0000000000000001 RCX: ffffffff8b94fb49
[ 1017.928679][    C1] RDX: 0000000000000000 RSI: ffffffff8de52fc1 RDI: ffffffff8c163380
[ 1017.928687][    C1] RBP: ffffed1003c56488 R08: 0000000000000001 R09: ffffed10170a6655
[ 1017.928695][    C1] R10: ffff8880b85332ab R11: 0000000000000000 R12: 0000000000000001
[ 1017.928703][    C1] R13: ffff88801e2b2440 R14: ffffffff90ab7690 R15: 0000000000000000
[ 1017.928712][    C1] FS:  0000000000000000(0000) GS:ffff8881247b1000(0000) knlGS:0000000000000000
[ 1017.928732][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1017.928740][    C1] CR2: 00007ffe2fb96b48 CR3: 0000000076449000 CR4: 00000000003526f0
[ 1017.928748][    C1] Call Trace:
[ 1017.928753][    C1]  <TASK>
[ 1017.928757][    C1]  default_idle+0x13/0x20
[ 1017.928775][    C1]  default_idle_call+0x6d/0xb0
[ 1017.928792][    C1]  do_idle+0x391/0x510
[ 1017.928811][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1017.928826][    C1]  ? trace_sched_exit_tp+0x2f/0x120
[ 1017.928842][    C1]  cpu_startup_entry+0x4f/0x60
[ 1017.928858][    C1]  start_secondary+0x21d/0x2b0
[ 1017.928876][    C1]  ? __pfx_start_secondary+0x10/0x10
[ 1017.928896][    C1]  common_startup_64+0x13e/0x148
[ 1017.928916][    C1]  </TASK>
[ 1017.942758][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1017.942774][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1017.942792][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1017.942801][   T31] Call Trace:
[ 1017.942808][   T31]  <TASK>
[ 1017.942815][   T31]  dump_stack_lvl+0x3d/0x1f0
[ 1017.942840][   T31]  vpanic+0x6e8/0x7a0
[ 1017.942855][   T31]  ? __pfx_vpanic+0x10/0x10
[ 1017.942871][   T31]  ? __pfx___irq_work_queue_local+0x10/0x10
[ 1017.942892][   T31]  panic+0xca/0xd0
[ 1017.942905][   T31]  ? __pfx_panic+0x10/0x10
[ 1017.942919][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1017.942942][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[ 1017.942959][   T31]  ? watchdog+0xd78/0x1260
[ 1017.942981][   T31]  ? watchdog+0xd6b/0x1260
[ 1017.942998][   T31]  watchdog+0xd89/0x1260
[ 1017.943018][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1017.943034][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1017.943054][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1017.943077][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1017.943093][   T31]  kthread+0x3c2/0x780
[ 1017.943109][   T31]  ? __pfx_kthread+0x10/0x10
[ 1017.943125][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1017.943144][   T31]  ? __pfx_kthread+0x10/0x10
[ 1017.943160][   T31]  ret_from_fork+0x56a/0x730
[ 1017.943175][   T31]  ? __pfx_kthread+0x10/0x10
[ 1017.943191][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1017.943219][   T31]  </TASK>
[ 1018.236650][   T31] Kernel Offset: disabled
[ 1018.240948][   T31] Rebooting in 86400 seconds..