last executing test programs:

5m5.575379761s ago: executing program 2 (id=2485):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x88e, 0x0, &(0x7f00000001c0)=<r0=>0x0, &(0x7f0000000240))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xffffbffc, 0x0, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsetxattr$system_posix_acl(r4, &(0x7f0000000180)='system.posix_acl_default\x00', 0x0, 0x0, 0x1)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0x3, &(0x7f0000000740)=@framed, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0xa, 0x3, 0x87)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'veth0_macvtap\x00'})
fcntl$setown(0xffffffffffffffff, 0x8, r1)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
write$UHID_INPUT(r6, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b5b09094bf70e0dd038e7ff7fc6e5539b324c078b089b3438076d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b32310d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e01000000138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12d3099dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f6dc7bcbf2a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509301815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827466cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d951061ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033095563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db87195358bfee2916580dacae008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2df086dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36ffffffff00000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817b97c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000f4ff000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1061}}, 0x1006)
socket$inet_smc(0x2b, 0x1, 0x0)

5m5.137272932s ago: executing program 2 (id=2486):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000008c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="010027bd7000000000001f200000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x24004000}, 0x0)

5m5.127205907s ago: executing program 2 (id=2487):
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5m3.165289269s ago: executing program 2 (id=2496):
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x2bc3c1f, 0xffffffffffffffff, 0x7, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x0, 0x0)
syz_usb_connect$uac1(0x1, 0x71, &(0x7f0000000080)=ANY=[@ANYBLOB="12010102000000086b1d010140000102030109025f000301bc00060904000000010100000a24010600020221"], &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x30, r1, 0x1, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x30}, 0x1, 0x0, 0x0, 0x8080}, 0x40)
mount$bind(0x0, 0x0, 0x0, 0x121498, 0x0)
r3 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000100)={0x10000, 0x1a, 0x18}, 0x18)
open_tree(r3, &(0x7f0000000500)='./file0\x00', 0x1901)
mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x1000, 0x0)

5m1.350942301s ago: executing program 2 (id=2503):
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
bind$pptp(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$pptp(0x18, 0x1, 0x2)
r1 = socket$inet6(0xa, 0x1, 0x80000003)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), r3)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, 0x0, 0x0)
writev(r1, 0x0, 0x0)
bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)

5m0.14901539s ago: executing program 2 (id=2506):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680))
r0 = syz_io_uring_setup(0x3edf, &(0x7f0000002480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000), &(0x7f0000ffd000))
io_uring_register$IORING_UNREGISTER_EVENTFD(r0, 0x5, 0x2000000, 0x0)
r1 = msgget$private(0x0, 0x1c0)
msgsnd(r1, &(0x7f0000000080)=ANY=[@ANYRES8], 0x0, 0x0)
r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x129442, 0x0)
readv(r2, &(0x7f0000000500)=[{&(0x7f0000000080)=""/110, 0x6e}], 0x1)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000000)=0x12)

4m59.342408855s ago: executing program 32 (id=2506):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680))
r0 = syz_io_uring_setup(0x3edf, &(0x7f0000002480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000002000), &(0x7f0000ffd000))
io_uring_register$IORING_UNREGISTER_EVENTFD(r0, 0x5, 0x2000000, 0x0)
r1 = msgget$private(0x0, 0x1c0)
msgsnd(r1, &(0x7f0000000080)=ANY=[@ANYRES8], 0x0, 0x0)
r2 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x129442, 0x0)
readv(r2, &(0x7f0000000500)=[{&(0x7f0000000080)=""/110, 0x6e}], 0x1)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000000)=0x12)

1m16.384809149s ago: executing program 0 (id=3157):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x64b)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = userfaultfd(0x801)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000400)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000006000000000000000000000300000000050000000200000000000000040000000000000f04000000000000005f00702446b9b4c492b37bf4c720d8"], 0x0, 0x42, 0x0, 0x1}, 0x28)
socket$xdp(0x2c, 0x3, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
fgetxattr(r0, &(0x7f0000000100)=@known='trusted.overlay.upper\x00', &(0x7f0000000440)=""/161, 0xa1)
ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4001, 0xf4, @loopback}, 0x1c)
socket$kcm(0x2, 0x200000000000001, 0x106)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r5, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="400000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0005000000000000180012800b0001006772657461700080080002800400c2c701804e34", @ANYRES32=r8, @ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)

1m15.52693783s ago: executing program 0 (id=3161):
r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000000)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, 0xfffffffffffffffe, 0x0)

1m15.397140473s ago: executing program 0 (id=3162):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x34000810)

1m15.042660015s ago: executing program 0 (id=3164):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = socket$kcm(0x10, 0x2, 0x0)
dup(r0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r3, 0x0, <r4=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, 0x0)
r5 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r5, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, 0x0, 0x0, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x34}}, @ip_tos_u8={{0x11, 0x29, 0x2}}, @ip_tos_u8={{0x11}}], 0x48}, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})
socket(0x400000000010, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_DELCHAIN={0x1c, 0x5, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_CHAIN_POLICY={0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x44}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, &(0x7f0000000240)={0x18, r3})
setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000140)=0x2, 0x4)

1m14.771007955s ago: executing program 0 (id=3165):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000000)=r0, 0x4)
socket$kcm(0xa, 0x2, 0x73)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x2, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000100)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x0, @remote, 0xf}, r2}}, 0x30)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000340)={{0x1, 0x1, 0x18, <r6=>0xffffffffffffffff, {0x4, 0x7}}, './file0\x00'})
open_tree(r6, &(0x7f0000000380)='./file0\x00', 0x80900)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e24, 0x40043, @mcast1, 0xf}, {0x2, 0xfff8, 0xc00, @empty, 0x10000}, r2, 0x9dffffff}}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x22, &(0x7f00000001c0)=0x1, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002b00)={r0, 0xe0, &(0x7f0000002a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000002800)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x3, &(0x7f0000002840)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000028c0)=[0x0, 0x0, 0x0], 0x0, 0x2b, &(0x7f0000002900)=[{}], 0x8, 0x10, &(0x7f0000002940), &(0x7f0000002980), 0x8, 0xa7, 0x8, 0x8, &(0x7f00000029c0)}}, 0x10)

1m13.718534174s ago: executing program 0 (id=3169):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r3}, 0x18)
fanotify_mark(0xffffffffffffffff, 0x455, 0x8000003, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120110010928fc10ac059102254301020301090212000100004000090491000003e102"], 0x0)
syz_open_dev$mouse(&(0x7f000000b040), 0x1, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xffffff48)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r4, 0x0, 0xf, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @loopback}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}, 0xa, {0x2, 0x0, @broadcast}, 'lo\x00'})
socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x8c040)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
dup3(0xffffffffffffffff, r6, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x101}]})
bpf$ENABLE_STATS(0x20, &(0x7f0000000040), 0x4)
renameat2(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x5)
open(0x0, 0x141142, 0x0)

1m7.297822375s ago: executing program 1 (id=3195):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRESOCT], 0x20}, 0x1, 0x0, 0x0, 0x2000a084}, 0x0)
syz_usb_connect(0x3, 0x1c, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
r3 = socket(0x1, 0xa, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r4, 0x2, {0x3}}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r5=>0x0})
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000a00035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0)
sendmsg$nl_generic(r6, 0x0, 0xc000)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, 0x0, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[], 0x9c}, 0x1, 0x0, 0x0, 0xc8d4}, 0xc000)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r3)
r8 = syz_io_uring_complete(0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {}, {0x7, 0x2}, {0x0, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000}, 0x98)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
syz_mount_image$cramfs(&(0x7f0000000100), &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000140)=ANY=[], 0xfa, 0x154, &(0x7f00000001c0)="$eJzskL9rGmEAhp9Pzx8ttVqw0BZaCh0qFut5YrcOGiJxMAcJLpkCeiGCRlEIbvkxZ8gf4JAsmcQhZMyQmMlEIZi/wy0QyGL47k4hY/bvWe7ueV/eu/uW/49jRMCLw1Kj3mxZ7bZV+blmFvPr5xeXH6UPAEG7UW+2ZLni9K+ysC2vGkwPHH0T8gA162+5Uav4gSzEgJwGVH3oON330kWDbFVrVsp1sV8w+IztjLmTG65Lu+6bBrmw4/RnmJ3Cb7n3icXeI9Dp+tw/S8TPvnuz7gOd7p9+73Z1NCwk4j+sIyP/1T6BkiXfJWT+kBwm7pP93mQ8mu2ZRXOcNox/aT2l65mJeTcqZPaP0VY+7MKGeL3nlxslOBTQFdCz8+m1CAGDkyczGA5E34FnJwLCTYSd1IX7fU5S3vzimxsWNwqFQqFQKBQKhUKhULyVlwAAAP//qYZcdg==")
r9 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
setsockopt$inet_tcp_int(r9, 0x6, 0x3, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340), 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0)

1m5.838847831s ago: executing program 1 (id=3200):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, r0, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = socket$unix(0x1, 0x2, 0x0)
rt_sigaction(0x40, &(0x7f0000000080)={&(0x7f00000000c0)="c461f9134200c482f5293b66262465f2c543aaaa676666420fadf4c461dd6b651dc4a12966dbc461fc1069e468859a71a4000092663b663b", 0x88000000, 0x0, {[0x6]}}, 0x0, 0x8, &(0x7f00000002c0))
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_S_AUDOUT(r3, 0x40345632, &(0x7f0000000080)={0x0, "3959bae38505b6494a3cfc779b880d79fa136923747b50cd06010a66418f40ec", 0x2})
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
lseek(r4, 0x80000000457, 0x0)
r5 = syz_io_uring_setup(0x238, &(0x7f0000000740)={0x0, 0x198b, 0x20000, 0x0, 0x3aa}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r8 = socket$unix(0x1, 0x2, 0x0)
socket$inet6(0xa, 0x80f, 0x9)
connect$unix(r8, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r8, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0)
connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ppoll(&(0x7f0000000480)=[{r2, 0xc210}], 0x1, 0x0, 0x0, 0x0)
readv(r1, &(0x7f0000000000)=[{&(0x7f00000003c0)=""/150, 0x96}], 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCGIFCONF(r10, 0x8912, &(0x7f00000003c0)=@buf)

1m4.870880636s ago: executing program 1 (id=3204):
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a42, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, 0x0, 0x0)
r2 = socket$inet(0x2, 0x1, 0x100)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000740)={'tunl0\x00', <r3=>0x0, 0x40, 0x7, 0x4, 0x39, {{0x26, 0x4, 0x1, 0x37, 0x98, 0x65, 0x0, 0x7, 0x4, 0x0, @loopback, @remote, {[@timestamp_addr={0x44, 0x3c, 0xdb, 0x1, 0xc, [{@private=0xa010100, 0x4}, {@local}, {@rand_addr=0x64010102, 0x8}, {@broadcast, 0xff}, {@broadcast, 0x9a}, {@broadcast, 0x5}, {@multicast1}]}, @cipso={0x86, 0x47, 0x3, [{0x6, 0x12, "abd605985c5c4e9668dc6c9021cdbb75"}, {0x7, 0xc, "c4b6f5278201c9d4af8f"}, {0x3, 0x2}, {0x5, 0x10, "bd4d33e8662d6073dbdefbe8698c"}, {0x6, 0x2}, {0x0, 0xf, "b049a9d4c6f836b0e962ccf223"}]}]}}}}})
getsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000002dc0)={@empty, @local, <r4=>0x0}, &(0x7f0000002e00)=0xc)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r6=>0x0})
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6}, 0x80)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r7, r6, 0x25, 0x8, @void}, 0x10)
sendmmsg$inet(r1, &(0x7f0000003300)=[{{&(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000340)="280e29df288eeb35fd5a7aab48af4ea06533c149a2505dbfae997855e7234b4c3f9fb8f53e7d9abc3a30554828f62192622d26fa55be1f5e0c22647dfd85ff136bc0c7736e27a0590728c3cb57c16fbf6c1053f75fe025f252da4943d2170184a43d5141c852b7c997dbc2af53a71021c7a8044ddb57536b94d751dc52961731cc6b30d9be94e9ee9061df32e8862aa9ed9ba844db911e97f42b97536e55d1d58993ba697040f7ebbb95a3a7d14340662304e118ed55c032846a79d46141421205f9c16e15e2c851c13b8d70c2", 0xcd}, {&(0x7f0000000580)="85c1eade92383464c9f701dfcb5684d5f5ce062357ceeb7b4213df2c120631ccb4ec246ae917e7609eecc2c73a3a694d0449c89cfc72f06f9968e5e4d90ef07cb1fa7c2e131d57c8546a0f08e651034fa2fd35ab6063d91021667d559ae0f48525875ec3a2de1d75cdbb60fb63c19393c372f8f7e8e6e6c840f553535ce1a52c596d3b4dd29098753a0dd4c5b4afc9fd7969bc91be70c8ec1d2db06fa22458cd731cd1b75e20520ef03b5d2da2382ac143a75645f45f85592c1803b412945a18f653bd2b68688afeaea9eb6982a32ffe05613df0c3726c47d5cc8b8a8389af49ef5a9814bfbe5079a075b14a1fc4fff55ccffa14", 0xf4}, {0x0}], 0x3, &(0x7f0000000100)=[@ip_ttl={{0x14, 0x0, 0x2, 0x80000000}}], 0x18}}, {{&(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000200)="3745e02f57cc76ff72", 0x9}, {&(0x7f0000000240)='G', 0x1}, {&(0x7f0000000680)="256f043d374ae2724b3c46328001f940ffd2ff8fc2cc5ab273f1d286a6f7dc7661cb590943f2bac491fb5b30492c42a70f0b67b6799528fe21af7c8f8875ec82801aef03fc2062ed39afcb4bb2edd8dca8f1e4f2fde021b2658cba8c2056cb1df618a6663de1bdc69ea8aa228874fe5381c49f2fb0b6f66210d3db18b5be07d50a05f7ca968a6084002c5119d77e8fab42d7aab20c676864", 0x98}], 0x3, &(0x7f0000001880)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xe}}, @ip_ttl={{0x14, 0x0, 0x2, 0xfb}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @multicast1, @broadcast}}}], 0x50}}, {{&(0x7f0000000480)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000002900)=[{&(0x7f0000001900)="db1eb1a69765dd90c8553f3e200aa23a63c24077be78be9a39da0678f7724942f7c8f75bda4de1f1d3e57a24c9430ceecdd2b803e3496df4d7e51c1f081035be5d446fe310deb9dee6122704734acb871b7592306e4cef16aeb75de3608e2fd2f22ab2643c9f21cf2fc8b9509da6ac247ed6945b28b6010a5aaff33619aa31d706072da56183c455b25158cb2e0b7bbe9bbb94344a5efe843dab5eae1646bf60fc7d18559b84679399a56f8944b69cb8499f8308ab482d23d9ee7487842b91d1f6a24ea66ece73e5f9b847112eb5c47b974ed525204c73ffe1e6ecc9ddbea6fedd115d2672c93a09fc368df4a6ca4b0888f45be02d609ab1016f893b3948446eea655b2213d4b069b6e37cf5b7be7988d9057810110fe5d1046afa48d49a10e7caa7f1b20c867e403356313c08c510cfb316134f66f78a8455424acdab564c4c488f10d8e59c3f37f0c528a4e191162b2bc6ebfaa49ed9b72d9d8f82a1d942b70716d18588195d64d490e32c8e5dfb9691a5cbf4567ff7ff699e364bf7214d7164dd4608e292e22330c91ec3e7c52c66c2fae1450a2ce33539e6c60f8d7ee11021745c6924efffafe0d97e2944c2c9e5d5296ed6041f77e91a68421cf6696273bee1fbdf5742b00a9069104242f9663ff5581216a63385690d7cb910e5dd44185951030a2584daa2ce07874606bda03413368c7e9fcdb2152ed38d6ab4b622069994bf825bebadcd99679deaaf1426405653f16cd05a25be8e3f9d3365b091282e4d6fce20001ef0a51988b018c8722b795a8e5a68165663b3507e6cdbcf765a7988dd0b8517e0ed50476529d93591da7cf34ead21d4c5969b00ad981a6315f149dd6c835f822ea20c6cdbb08c4313a57a488e90fd47b3963eda09db9fd8a0f25e8800a6423871cbe4e3c2ff8f04101a441ce129515086b9084ce827d41c848aab31ddf123c30bc94861eb3a5a5906fd85b3a5cbb61305ae673dbcdfb87494bc0f878eab7525eea6b1d3b9e0c2a28ee049523d2496584c0bba83a02aec74d06d4623fd74996b8937bb6548e81c619be0d3ed864e682308174d2db59d8cc51e9cb12b8c270206614bba9d5cd221516f6ba51d9d6aca880f87bb0def211641e61de2a5fa5f3b43401f76d650cbe82a2b28760473901b9400ffd792e2666fbfc7503dd6800123a32052994144253727d8ff4ed4690a6c1fc8e15dd9839f711da47b40d8166181d13e7b7a17f5645793eceef6c1ed7e924453330c07b5b04b9d2bdd4d6bfa9b167c87e7ed701712a0afa8540972d7669dccbcc60d2fb06d56db5058aa54f4c7c69187767e31f1c9b8ea47b050962b818ffc7b3866d7e38d139c110d1356392ee41377d93f4a694b3cb30a2561da7be52b6d255844e71fb1020f14f2be905b20b6787c7cd4d94787ef19da9267286808a17da1c21e8175d667fe71bd543057aa3d68d2e9f0cb56f96056aaf3c62002904679ef7bb4fdb9523c83c52d4da1fcf4ad7b93a0f1cc4f311a7c80dc76f5bca093c0ad4d9b30e636a82c42857a7a0f9814f536cf075ed9e9240ff3da86c95520ced5b84e2527acf9dc592d72930d57c4f61aed6249fac332b4985dfbce3244e6bba78fcdba174b5b15e9bb1b3c66900e7fb035f94c95b7cd78bdc8a437dbc563b16ddf3b376cdcf2e1170921dce67d5d7e7db90c0e735889a3e7b6cc4bf801159b8b2822762cca0b2dcddc918dbc198a03be9e88a5428870d126428b56a2e6377598aab6b448260824dda668ae6281be1d9c39093b07e7aeb5122a580fa0b9ad703d3285c9bd001ca474a385c344198bccac47e9240abccf2f6efbf670f9fb0dbe43173a26adab0f6ef412ba7b55cb78b63520a14f6ede7cf5ca640f808ac6924df9864d2391f63ca5ebe9c7ff7469550c1cf868b3e3190397440d157201c878bc1d0d84fcbcfc66ae42aca50612f157272f2173eb82f9cd4a4bc5d38f3078224d06a2a96f381cda739ab640a0c892802afbc706a30ae333854012321faff6aba27fb00c8b2ffb278c3f0d057bb8dde807d1bf797c7c91141aba1658f645f1ea7c465f17e69113caa74763f6a5625983e6da06a23a6c91229f19bcd3537a3aaccf57f1ab8f5af2d30dfc048ff6513dfdb3fc7f9726cb5ac6b8cc31afdb86c91e8ada634639ec753d89056ad4ac03677f3ff8b3b1b7ba87b806ec24f31cefc6a98848e4aec10897cf6c417c0f4caa27e021361c568490f9e8c2781a7494f73bf6e5db8d65896e1fe08c09bd229fdbaa7d0bca765b266b19e555807e51ef687c0ad3adde17ea28b9800208016146c9ab06e18e06fe4f53b65cbc593573c508a338d117abd671a5d53550107912758b25269de0a69375bf6a3756f4772c355c692540d74962368a418b60c7c58dac2e480ba1d94eb76b65181f36801a94cfd0d8abbec01fe5a128756e6d472caa664d09e80569a8a812aac4c76204423128e948152b76a7c0ba85c7a60b5b34f839e389ba5d04503e4047286b91d5a13b6bbcb4ef6a9338b60403be3cdec1ed0d9659e3479c44e671ba917618253fd2b6cdae19030b671a2add81c6b486e37eb1af3679c96726d08af04a7869f6aeccd2b233e19d78cbecd19faa981dc568e1c8d616b559931fe5c96c701dd5f2b661cdc358891aba3d4f40182687bd5af806429508f349b71a970321a6f8e9eefeff725b41d76949f8c82dacfb622450cf13b1c89180596df2b8fb444f22cb00b51ff99d3b1e7320242dc9256bfc102240bb76a09fb27641393ffc464f8dd8d06ddd388e75a60428af5d4b7467cbc761e32521a6c128ffdbdf340b679bf6c0ba331bbcdbdf7056eea71218e12e8438621944e3fabb6a7310f27c4acb9db84de71d8d54a82f8f2c390e10dc6d3b6eb5ab9edb1df348a4bcc02a0db5339517d8f7f51ae4538743608efc5bcd03cd5c1e6088367718273200dd110a55966ea365ce42b6d12ceae3482158d260e4e21d8565fa3ec323ef309599f763139cfa7151e9f618bc4fa0343f33f7651eb6e1aea6da5d8b0ed12ad8c8126eee06fb9fdf8eaa7eec23315bb17b919bc8590bb876642a6a0d4b1c8221f89f664e4dbda5e3259c6b43a8a804886635fb57416a642faed4bed7bed547b8293d968053343e515290a091abde1ca985242050292500d090e1d2ce23013a7b87932fadad9e2ac387219756eb294af9fa1687b5a5b13cd047d03346904801050d37943b88d84b65db2cd9457a3f64e0ab4a5955b3d40d291914acab3a82f03b310588c67b41865ba535c533abeeccf4627ce00faedda804852024a080325c6f49ca37a46d77c794bf22a3ba5f61613c5d7684d2c4db5d14afc0023af0b5b5a5404d719612a70c4eae5b0736aa7fd8de9b29d2ae67165b375012d704ae1533e7d18419681fb02dfad3e6ad1359bcea2de32f2d98cb88c1546571282f9c59ab2519a26126b8a383216c13f73dbf7ffe1f9ac38c37eef856c2a88e7d341abe5d5d1c851ac4c4b287392265368b9b175e6273668dd7987abcfcab4b97e327b3d266609fbb2372d01deabf8ee0442965d8a4c5805b5c5aa8014e145635481e7daaa467eccf83faf5d307d1fcef2de3cc67742532645e60f3d45b881ce850e519f1da21e48a569b0362e6f986f2e539b029f563e063d43ae30d4ebc885ae7da6d16cbd042b0eb774ad368beb93be07b5fa2b35df0dd4f869cfb00f6d86786b51acbd44d4ff3ce9e6294aafbcd4e57e22044e1df4f5d4e044e16c1f94d37242af324949fc53687e1fd2e332e452cbc5736599375cddfe76ced0c4b5a5c1c252c80eeeb0af539832e3a2c2722a728f95b873cf4467174c20a9bc009876752ba60afaf93b991279fd4e86aa7ac9fa63983baf39d9013eb397aa6602e147ff1445dc5ef2775e15594d338594aa72937ba1482654df7fc68142f2a4682142a9c2c61ac87d1442bcfa919ff8c26eb7f9adef1220611d9634410ed5e2581dc90d4ae032b8590b2bcb2b8939f4526ec29ae932f02c377fe4135b37b9cd3f2c8cc5515e6742bb188928e117365a7957054de4611246711e258f7569cb41a1a39f1ffcc297d64b0eaf22b6527d101d72cd01de1c519fa761fa7a5a6a3ab8badbfa87889d9d35b75e76715d9908ba9bcf7bf80e312f6e7861080d5e5658901b45452e5adeeb4a5a25dac724d5e3381cb6dfe167b868dbd4c628fc8fe5e8c4fdbe825e218af112c7d41b808866a17ea6f658e9dfc39388e4bbd8c408fb62f1fbab984a3554fb6a2c521aa7c0be9a7a03414c2934a0147f2d356a37a211c958cbebbcf59d313c0a77ef0592221b7b34cb3960b675cac5fcc2195d063bda26fc235b568b4b49c4e802296f42709c3749747e7131c6fc5618ef8f73f944b324f9cf071840cd54701682417ba65a78499869381a8107e7abf18f031e4eee8ba74b4bbeca59dfdc3bbc8cffeb1dbf14b70bcec17281fe29990f18ae24f508c59fc2d89f3152003fbb7f41b5ba9fd40aa05928533b18db23903c8be564a3c50bd9dda664452a65b5029c1b8c9c16b4c2f38f2bf6d9033610c906803933bfcf8e95a3478a3d584cb9552620a9c555e6760f3374aa8377cc538f3f20bcc9f060dd580d9e3bc9cb2c7ef5dcc2e10f413218ce4634d00e640fb8ca94a17930191e8f8f6f3fb9031e7bfcbf033fdc99027a95b48bcaf66e4c9b45a50b4edf0641b2dbc78bcd41be8c6c70c5bf386b2bc7037a50c166fd45ca2376f90ec1035822ea2af23a2acc7d8587934b58804da4dd367848b99431aa93e2157ad4f60207fce94d2ca1c9bbd1dd5712b02905c1c008e08e7469b9f3b86838e20c9cca23242c2c85071f2987cebd6220e1e21a4469507e32b9e221ab2a1a85005be2ef35d905d79dd7df85a5188c7742665b45151e45bafb564324aba2398b87fb73aa410c01708004a532bb16c5c5dde714052f5bea024caeb316149c1b749e590c982b241fc0113eba0f6f321c056989369d973e27896997e3dd0a33d7fc5bed7e4ddaee5d978ab8e99b7a0e5942faf324ba8c4054ef01c7ac160f9a6ad6e4d883c958d928f8635aa23a5d448fc78c687cdf6a5f9eb8545a7e72163b8e4ff009ba7b012f34b2667c4c7d0f478b1f2ee11550dbbb28d184a5057b76e5a2359c12788dfa7546ef0fc114a5413737c52e1ff2c40b943a086481f7eb2a7247a81d1f723262d7fbd3077aa7b5108ef3b20dda0ec6396594c853de8b9d9ac985a9b849c1718e4dae13932c88f949ebf77f0516ee245aec338e11363107903610742343f55e63540cc162469201ef058205c7348863855ebb26378bc376a54d14ff5edd0fb23a2454bf920f77425766ac4b201daac252cb082a607a571d4a881d4f9596152bf24af32363373e481224a99d0ee7f90ad9e1a3209b19e4e0647d346a0bf1735dee3c1fe384a50f265367d7242c1", 0xf00}, {&(0x7f0000000500)="9d84e5c9237cb13b26edc758d38a32461ae7ed0ddb1a63e8ee9ca7a6c9d592067c0e429f3f43ee2ee2", 0x29}], 0x2, &(0x7f0000002940)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xf8}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x25}}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}, @ip_ttl={{0x14, 0x0, 0x2, 0x8000}}, @ip_ttl={{0x14}}], 0x80}}, {{&(0x7f00000029c0)={0x2, 0x4e24, @private=0xa010100}, 0x10, &(0x7f0000002d80)=[{&(0x7f0000002a00)="2ec31d27045e0dc95e9d16bb07d76cd473dc474c019703dbd55dd3b7d9ed4846d4a83d7710201f1eba2fc2cec9e187476503a0292be2a6f2125aa42a67ebc8f1a5f4c05ed811114be094c4e112a48112c79df1eb8d44014cb0c678f92b27591c9ae35b3f28d7b0e73e0f0c3853757ccdee6b3ec33579032465b22a39b4f5e8e470968351ba85aef8c51776610e61798c21199bef8b701ed1c29a1ef50d220c71e87e06c198a128a5eaa0c9327fb05ef69c8df4b24cef0c69c29601081b95b6b5ae44761324c511797b", 0xc9}, {&(0x7f0000002b00)="3cf04891cf88515fb4abc986f3ec233aa5c5c6afed968707f235d5c301d885170a5f749edeeecea069283ae6086ac2a7f10a223f1c5161d48f8ae56dd253cbb9eb3c19b6de06cfe839cc15423c9c394fe4f0e5b86ff8eb8598e98059f6c3a7c7dc2c5d17449ee0f737c159fc4692d258bbe6865db8c302a51dc47d14dd993868a83ecd66a808314e7829bebd728b458d92348a460fc346d1800ef6055e4017859a1c8d115d00a9264bd2148dc70dadae06563af825f8186ec20311dbf898", 0xbe}, {&(0x7f0000002bc0)="26dcab2d24f3445b152a22de063db64bc7dd914124ed06443fc649c41fae2d694fdbb69a601749d3c0684760b410f8008966e820fbb2f4b20f4c7c5fbcf510bac038371496deddd1c36acc7c9496f2e2dc5efeb402dc5629b41e6db618fe23a4d0634a94b7b903b82e5bc28b59ac104a50795b8bebcae8045217d78eaf34973af7863082bc91a5c3be6d234811ff0d6362da98569f6c7369eb7960a65f0c2032d2df43f526f8bb24de78161d5d3a2e518e115c6d77123d55ccbb8e5235f142e54dfc17b76fc8e8cc7416fd81cababddd3807fb2ac5", 0xd5}, {&(0x7f0000002cc0)="86f21d5b89464d64ff09fd225710476983eacb6331f7f172e36362ba9b77b9466bf0cfbc8adb778f8e9da0fcc621435168f523369cc25fda9e1782a0ee83cc566c610bb7a3e74f5bccdaa52f32107b4b468b76103c19d955c36b7599f59f3f2083a7a7576cec646d7c5654535ebee86eb534b22f89f6aa05a3a4a8ce98e899627fbb2fe4f2f5a4535c69801750f167c64785e007d50d0b46b0414cc99a7852a4e0d44563548c2bc0a84616e980", 0xad}], 0x4, &(0x7f0000002e40)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @loopback, @multicast1}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@rr={0x7, 0xb, 0xa4, [@multicast1, @remote]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7fff}}], 0x58}}, {{&(0x7f0000002ec0)={0x2, 0x4e22, @private=0xa010100}, 0x10, &(0x7f0000003200)=[{&(0x7f0000002f00)="196919445773b2e1e9514c83a6faf7efe602f9ad6902c2c82eba94d92a3d4ab878f60edca831eadde08f0bf9d31ecffba7009b93ae7ba06737618fe2965d16eb5663fe6b3f07ce7cd3bc6e056b9da804bf8ad13dfbf5142ad496fd307a84e512ea687604908a414ce9b628c2b4f6e2d4c976431ceb1235116fb4051af2baa8757b4c6bcd81eb7f912c4a2679cc", 0x8d}, {&(0x7f0000002fc0)="d2cdc1dd43af8da19a3521a9406c31eeaaa5055735a78c914a00b502775b2166dcace0e34b120d2834f9744d8db4269067119c755126248e1c9664a072106528c2cb54d6a179d5a2b37cc704b218", 0x4e}, {&(0x7f0000003040)="acfdfe28d53da028854bed3d8249421584937fe6194bbc2dd49bb3bf950721b8dc15241ccf7d6741732dab17dbd3380fd6fbbf0716e0d52afa505ae709d49046856e6d17557b236f8ec6b50bfc1d8ead9eeec90186a900fb3ec93a4a622f2c681f13d8e87b372eb96d53d1c8e45a2ea3c52be638b31ecbfe9d772be3a3a5a42f85ba07ea82e732855ddc4a957a8de2354178bd6e14750db01bad1a34975a458e65edfc62560204cef9", 0xa9}, {&(0x7f0000003100)="81584871416eae1eeae1a2c8c80d85546ae864eec0518d33b01098593d1d71040d47d61dddb581a27b3203a2861a8f583ac79700d14b1f04cfbab47fa1e6d8bb090b7ae4c6d084e3075ad6bda68d0ea615b50ef65bb4ed3921350586a6716c580f82ddc2fa9d65c4705b1ea7fe925733eec4950bb0fde524c7ed911f8260c67368dc1e0a387a2cfc2e8c56d6d12a7dd8088808ae08a6b02add4dc8073cca8c5893fe7eb1ed848f8c4ac7", 0xaa}, {&(0x7f00000031c0)="27789b037dea672acbd9b9fa2824ef9eb30dc8108f1f77a438903e782ffb28cd4a361ed0727398bd098359eb95071c4b211d25db938ba6283324", 0x3a}], 0x5, &(0x7f0000003280)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x8}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x8a0}}], 0x50}}], 0x5, 0x20000000)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8000, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x2}, 0x0, 0x0)

1m2.930235038s ago: executing program 1 (id=3208):
setns(0xffffffffffffffff, 0x8020000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0, <r0=>0x0}, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000000500)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[], [{@context={'context', 0x3d, 'sysadm_u'}}, {@uid_gt}, {@fowner_lt}, {@appraise_type}, {@fowner_gt={'fowner>', r0}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}]}})
write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000080)={0x2a, 0x6, 0x0, {0x1, 0x200000000004, 0x1, 0x2, '\x00', 0x8}}, 0x2a)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000240)=0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001aa40)=""/102400, 0x19000)
r2 = dup(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r4}, &(0x7f0000000040), &(0x7f0000000140)=r3}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, 0x0, 0x0)
fsopen(&(0x7f00000000c0)='tracefs\x00', 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000380), 0x4)
syz_emit_ethernet(0x7a, &(0x7f0000004540)={@link_local, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "9a83c9", 0x4, 0x2f, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6558}}}}}}}, 0x0)

1m2.426670105s ago: executing program 1 (id=3210):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
fsopen(&(0x7f0000000040)='devtmpfs\x00', 0x1)
r0 = getpid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@file={0x1, './file0\x00'}, 0x6e)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r2)
sendmsg$NLBL_MGMT_C_ADDDEF(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)={0x1c, r3, 0x1, 0x703d25, 0x25dfdbfb, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044040}, 0x8842)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="d800000018008105e00212ba0d8105040a020200020f100b067c55a1bc000900b80006990200000015000500fc038178a80015000338004002000c0901ac040000d67f6f947a7100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e970300000000000000000000000000000000000000008dc5fb510162", 0xd8}], 0x1}, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = socket$inet6(0xa, 0x3, 0x3e)
sendmmsg$inet6(r7, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c, 0x0, 0xfffffd17, &(0x7f0000000500)=ANY=[], 0x28}}], 0x1, 0x4000004)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000070a00006a0a00fe0000000c850000003d000000b70000000000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x200000, 0x10, &(0x7f0000000000), 0x143}, 0x48)

1m1.354041127s ago: executing program 1 (id=3212):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000003040))
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x28, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)

58.658887657s ago: executing program 33 (id=3169):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r3}, 0x18)
fanotify_mark(0xffffffffffffffff, 0x455, 0x8000003, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120110010928fc10ac059102254301020301090212000100004000090491000003e102"], 0x0)
syz_open_dev$mouse(&(0x7f000000b040), 0x1, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0xffffff48)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r4, 0x0, 0xf, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @loopback}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}, 0xa, {0x2, 0x0, @broadcast}, 'lo\x00'})
socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x8c040)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
dup3(0xffffffffffffffff, r6, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x101}]})
bpf$ENABLE_STATS(0x20, &(0x7f0000000040), 0x4)
renameat2(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x5)
open(0x0, 0x141142, 0x0)

21.058096552s ago: executing program 5 (id=3297):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_open_dev$dri(0x0, 0x1, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xc}, {0xffff, 0xffff}, {0x4, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_TARGET={0x8, 0x1, 0xa000}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x404c810}, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4)
sendmmsg(r0, &(0x7f0000001c40)=[{{&(0x7f0000000380)=@l2={0x1f, 0x2, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x8, 0x2}, 0x80, &(0x7f0000000780)=[{&(0x7f0000001dc0)="7ba653e6fd95e12bacdee9b975d11b259255170c851666ff4e410cc8771cc2f27cf9e780e07a058a073f2b06ec80dce04a1b532ffff95835d67c220bfacc4612891d0fca6f7955d0539f9cbed4cb9213f1479d9c0693adceebf4771cd7983bed997b1492f53fc78cf449caa2ed9d0cacda5df42fce27a38278e9ca57e6d41e9f8e127fbc720a911530da46392517552b6e1630b8cb1d3a06f5479aa68d0959213354131771b55ca890f2660a1580d45d0f9e06d3e933d13fd99f162ff84e5c0ff46fc12ee8e921d0ecc59758413bb7edaaea03e8a8b680155b49e7640bd792b67ac42a61b019cbac2937e2b1471f54fd02c41b1da8a5505b7a2edb85cbc10912bcce3e622e584c66f5478105a7beb0e4632b43c0f806dd1d1f57cd92f72c287c4ea233f15b4c29c524f3b0d770606f5e13a0729d281f", 0x136}, {&(0x7f0000000540)="7a1e9b386aa397aed107c51579833e5035e57b10a1e14678b30c936435f6d8e5dbd628a90462fbdf306fa1f589781985f7c8b9516ac989b5a5f735d08b74617082be692761e967d53dcce52dce0da498b6d106eb6c0307eef5664248053f6553e91d1ee37c16aa32aad7aab85b11fc5a76bff9d3b7f6f158d37b497047198aa3b4763d027f7ea8e1881e2fa3baa4f4030706fa4b12c785cee6ee1359c05b8cc450a693be68124ab4d1542a2849e67c846db76c73c1071c2442c1f27a0d87cd90c55ca2b6369c333f3336206fc0d9a00fa19458a2f3ed4bd1492d12d6611ed0bc5413705540453f6d", 0xe8}, {&(0x7f0000000640)="1583cbe8267c01816f3e724eec840f58000ccbffb74d120ca2346669f453d76a9b25568fe872624f55f8f1ca95cdc268c5d761c5248ba3f4f788f95a22a877148cf3a6d671640bc8719cc6e691dbe0f9b3a9a8847435dbb1c86e90ff2f7bca7b40ade593996bacef75d6c879a596d64a084c88e746893a9446662b91", 0x7c}, {&(0x7f00000006c0)="ee6f623c972dc9115902593c9e3f30cce82daf8027aef3612bf4dd689904b310fb56bb61ae9f5bfcc340b82c15ef9603868b0f95cc019a45791fa3059435df0b3cf287b0f06789d6f6d0f2681da75bdce58a4775abc5346abcceb1cc01ddc424b85d4ae03c6a2b420aa0ad716d5a8b86f30f0ee229b060811f6a9b3a0a428163367a5b6a", 0x84}, {&(0x7f0000000300)="fa675752d6276b1a05f8358a55e60db8d2198ef455d84e3bc61b2077288ef23347fa8c83ae6cf4fc92027187a5336f328eb67f55f14a006b", 0x38}], 0x5, &(0x7f0000000800)=[{0x1010, 0x113, 0x2, "4f2b754713d360bf39ea62aca964783074b57dcf57158b41e3710eb1f044bdad578b241e4cf460dbcd0eb707e45a196e774bad5becc48b8bd91c2b054b3527aca3443c21e923663b227303f1ba5e65551ccfafd2c272a5c8051f77adb396be661d3ffce8e087ca1dd1305dc5242529200252bb7b315498b32e83d3a131e522abf4899b22534231ed03d985a8ba73e79d9ac87e0595419b43cf22852e3d74c4a324d4590e95ff77d484f0e06844891f5552f578ba29adb302e531b75bcc31312009f13195bcf6d6e82e61e3ccb8cf699c8bf9c0452e421b06da54c52545da9511791b0f2e4028a844b9534ed6fd3029b6ee9f2a1d01c24b28b4d4038b30a96ca0c2932d7e2045928f60fceb1efdf304a76f7639f25d979e49e5b5ebe31ce8d6c71cf8c5d5cf63e18af831841a5324ab27a2ab638fba714aefc34071075ddc4ce403440e1621c42650af64bf20fdd32f82ce4cbb50aeddca3dac867fcb6357244be6f7afa8856b1a293c3bfa29752127bd96990977298d6c5eb63ddc4d3bfaeea3c5982906847ddd7ffab8bd67e79710b3db820e8a92b67ec91acceadeab13b085ddcb94673344c1c3f2c383b1221adc5da7d7e5546450612574dfeda4a8fcb63444e9f9ff45384380048077307a7037c655e8fd6d8743a7c64fb838da9cab378744e6d5a5cf76b7c7cc0ebe82f3f7a696ef3e40c88b8a09e5aee4965976aaa2961179251e2c10a574d9155623f6cce476e244f664f97cb0a2cc99f6527650ca2c12897c3227e7ec85569e880471113daf1658bee0f6478c707c2b797ea7d7d3171b9f3d650142177e5ff6ce2786b2ce97e46f8ef289e068ce285d0d73e064d47ead4494ce240f9c04270e322930dc87990164c707be10adfe9b4aecea6e32cf7f49bab8566b89693a6d6e44c1a7546865ef73f416cb1009b79b25be089d0f43b4f717a4f7adf8f1a03d1ebea53c1068cc558c9d57d9d90cc6e26a703747e081fa9da3c0c5db2f6d3255d1a512c9d21cb88700652a54deec7203d821a8159d1b2b50f10b50afb931aa9fd461f24d8349d250c2ec6ae66bba87e9513cfcf6b79acb6a484cd5c8025f8dd58e4cdae39500f58c8a344fcce0138ba69071225428eced6814d9b35bcf64df04b065af22dfed5625d3ceaa7443eec6d91cc3cddf0622b7ca2587fe099e8b45c4cb0277afd08ec1b746bc3f284c6acc536381ffd1f252912b12edaf381c70c9ca137b0b67e50b44f5e736f166c35882b912f24f1106a3a491c639976ba09ba5302065400f1959722aac4972c7b6792c7ade75a19ef3396caafd8915daf161b81b5b46bbdccd911200b36852d478369d27bdea21fc615c4fc4053423c2f4034902dc94e5596f9e1793a61bea53478d2470321ee00db876e251b006eaa8325de62bc140093f2651f6ae5e7b9d072e834c778ab30c06fd09269de4291faea72eac4a6d025f17d31542a3509cb1252928d36dc333f5d799ca45de858979880f60180b1dc0ec938cee42d6658161f70395b4973c8a015a5a67313cfa789d212b0abbd5989eb6c5869d11f60aee128912833a2a5a24782251669f3adc64e94fcdc144e1a98777cbb56935d52277e62be8be3d62c166f25b31111ece711a5ed85348af20411763604fb5b9fd4fa72fdef71018d1a99f0c17e230751167124ab4df34d9224906fb546c8b1ddb38f013f643c0891529cf2720b14b3f5695828c62707c5dac5ae61afd83fb5eb48b0cf3346ff29f94eec7021829eee7d14cfc8773bc81fb92b4f3c535751d665546c7d1fab1e9f90ce9c9dd1883da490e52552996f8cfc06a352ff01d6fc95eb23b3b03f8bb6e1017baa54a3f98ceb2e6641578e1935b7da413d6fdc8f452514544b0de58748264f02dc5d589aeb73f33e1b6311a28ad3589f92ed885a32cb7f428655e09dbb2f40c1295956e5f51075a43dfb615e8a059c97634070e2347f2296e2c30ca635967d453ccdb9fb8a2d14aafd5d3b590c8c3edc77088d1488736f19c1c8ea1c71a21cbe30ff66a830780df844eb0ce693cd4e3d3204edca5a3e7bbcda73b971fab883ca449d7eea7fdb62fc9e8282f670c8b9d9134360c2cf541278d86e84fbaf336709ea9f821a0288c24ed237793cf1523bff92ed71b729b18941bbec43dede9fcd9075692b96ee1c863de5ba1c35b6a055553a4a6abaa95dbfc76a52aa2cc95f77d55562b5279be8e64e75ffef7fb0571edaba0feb9deb06259014e69bf6eb8cbb0c3f4e3b53fd6a4024b2e5810b65bad25303605fcdba5669daf7fbd609d7425bf3c0634d58ecaca9c1e4814063788fd620f71ac6983a2f557f7f405e03ebb0e1dfc6c0ba1d9682578b2e8b4402a7b6485943f5f678efb7837cb10ccd64b445fff78c8cbe3397ac4316a3a3dbaac82efba6a9ad47c0795fd8bce97d7c352a4662f084c43a04344dec41fb7f70958638d31c31b158c58ddd3d8a6af1311eea46e4c038390681e4ac3b341eb5f3b9769137887020947d75a25dccb1d016ea3e7e7cc5e0546b94ce7ac80a76672a472c60b46df03aafe448cbd0053f252e583e57f2e247ac457f7eaeb707e02079b1e2a4251646f54af4dd8721a70da936eea9a995fb4aeb827a7c681ae5689c226416a4a80a4882a58d3a52ceaca1d290af9af6897ef0e4e88d624b4b9f3d816b52f5edf5bee2c23a39fed7c06d82141d075479fb80759b145373688596d6fd5993bbb6021f3f935fff42bae6a29914029c28f6c924a6ac90e1fcd2f5aedfd2bf48380cd592e504e6f0ff16eed97c943186ca08f024f000834ce0fef406b84acc064ab6ddd640f5a66e7366d4cf14f815a62c037e0fe9fbbce2f292782ad7965a4d9b19236bd8c55d9f0543c60d0cf8c2655b935f7877d6d8c4f573aa92a7ceb6bab78cbbaedade2eb5d34a27a27e3fe9250fa03af90b6f252fcfabc86e97c21b9f10f8211635b86f04c381179f66751c28e559ae0fb5c90f5d7d9fc603de86d63840d5a938e8cca2bc3c05a9d6c1bc6af0f3e4352d73642993a9b090b466ce08574ff05bb3c95b9f91db2212a5e1e7ae24b26dc34b2197f9d622d526465d7193dd5e6344b5806138ff5998f8aa8d72f4451076c2316d6ae75d6982efa9981a1f68570b59dc85066a4b4866bdedaaa5dc969a93f095f6325dd39da8d8c36abd07aa16a029e73fc698cd6c367e6357165ea7c72c9694a6fb134ce0dae2035a690acd6c745cc205d074ac9a861f393794fb1e839b10bff896f8f53b486a69a0d8938a945739f915cfa75224ce30840023f3e0f12a7d306304e25303bf9c2321eec56f5dd2cc7cba5434a2fcfd36336fd8e0f5e605b8694f3c3a43b0feb536456a2e92ba1cd21e304a4684ffdb6c87d3f57114b6bdab898d54617126f400204dfbf39751b85235582348725f79c5dfd9951636af42d2a3501ecb0e30922a02c66b9990c8d7840a306c9cc75d548c23ef94503d86e46e9fa112ebb557747e6146afe70ae9c8810ac402f811b0283f817c28c9ba6ed08a4ab17d93dc9683f5fb6f0608c2748042e368306c5cbb6e166ad777c45c240220af82541a1c25f1dd5550a0aa0a6dc94bd62806fa55f7c78d7b176d0523b42599036e96c2718f8034ef0bf6ed331b593df5b4df87f80c1a21d70de26f6d93847c2a09990c985118d4e8dedc2a3ea7df00be36196355b9e88eb12b3794e172dbe2a6687737374565281dd9ba168c1f0961913eacdb3f97870bb22f17cf8a26198559f5091f3bf8aa6e04469ab02891625c7667ac1a34bb5ea68e502710f3478cb15da47d43182e17e85d91e524372ed059185bcf139e9f48319077e2847eea76e739d34fba0a6723685aaac5cc9113201d575c43cf17bb014b401db190eaff2ee6046efd96a1c240ec964f747019aaca8443a6510f7efea929d7d31d2abb3047cb648b52069f31d1b463dc6b4512cf68c7b100bb4373b52eac6ad844f5ca81200aa9411f5463e8d761159526d55c3f1df22e19d8e21ad83d6ddf94d88d77d71bff242812a325a0e4ed8c94059c761dcd7bbbe0a25678cecf7c2bff2d83e16b3e63a7b959565430abebd91a2604f165cf9df886ed13d1cd549e6fb2d4c89a172fb95a2827920687f1f0bc9ac2a263d16002ab19ac5b340a293e7e384a7ba1431ea2cf8b4a0f1df45771c87d25866ed613f96ba1d9103015544b482682eb1a4ce739a8548612d49d447e76fa96753e9bcc85178429c4b9e5c3ab4c501bda735ebeb9aaabbdb4f61bcb31993c0148f29341544e27b76fe62b9820b62b55bb2f5c8d6de452716f400128bbf0437cadf392b451fbd1182963f3bdf594083ca8cc073df868c3fc70aae8338fe30abf5fdf83123adebc3931149c1858ed3e6ee1342cb958b3abada5789ece38dcd59daaf1f819ff5764946f5e93b74fb4f45861b0883e6cfe000abe8c6aac24dccca937f1aab7049bbeb3af5e2bbe2703361f59c916fed30c8f595e9351f2339a569017e3e355157e39b02f9e20a9d8fe9f0a3035e85d9a1c441634ac5cdf120d5a5289137043dce8e8eeafb8f673089cf00207094ac8ba61e2e91065954d6215023d0efa13ae8878552fb5aa6b9906ad9eca20ab4821168a209355cd6443d7f1e700447bd5ab251156b5f27044b25981b05d04908f449ef8bb7acf8e0e03e5b2ab5f9ce9ffb595b9a3760ffe8842c923e2c7eb986a79fe254b8b2290875c18a069c4ddbbfc248554ac93043bbc33739d94ab9a4f0e791699cc42db036578bea851be788bfeb0fd0f14ab1ca421c8a60bfa0058db49c38e7ab97b33a130482b1c20496b21294fef7db9537e73ab17070d21c273c921b56045ab131788259cc3cc3a0b6b88d7192cecd5616426d0cfc1d872d417ef0fe2794d90ecd5d0731e267cf43b704df364098abeaa8f037bd8fb013ade33e451e3fb86324f42d064e25c12c304f37cd8d8b1414f06caddba33ad14f9cac72619dd08a0afe7363dac5c45a170312df21b5acc20267bd75ff692c2003c52b1978a887ab05b55c3e6c7c67ac6b746cbdaa488b040d1dbaad4e2594c0c458669d9c1395dea3fb64aad4306b9b3ca68068754ff91725f1045085432a868cc44382c7aa5cf211261991ff6edccbfaeed9e3d9052b74e412c39069b863ed9fe0cddd5096c954f8073fb2dccddb8e978a7f3fb9f9bcf5f92e2df275f25ec2358d915725f21b8b37a2a0e66a73afa11cc7191f6db5c841c8eec27b3a08e7a022b1b4f98423fdcc88a8ae9f2f509ac97761dd61008ff49dde1f04b6987c2c32ac565fc088c605219857d26f9afa0a5b7ba62cfee9b667faa49d19d6e9e8be582321cce1a7babd5409aadaa2ccffdce03b501beba7b3f5b4260cf8566e7855ae4abb077165fa57700366b28242f08a01c52c57631eb6761639efb1eca69d0637ac8ce4006936eeaa339e2314022447e5e4944708d7859a1b319f560b63659b4588deb035ea86b79b215a4dda95c3c348f7910b01dd7afb725e714d1ddd2407f8d0ca37e2d822f4b72b910ba470a7148da399ae6dd8aaf1648c59072736086019bb164306e658dc10aeab573668377d645f826950196e47665567e55ba9a1ac89ebd56c0a07ff1e6506f69ef8d2c5f36cbb093974e593f3ee173a72f1bcbab15a6a7def91fd38779f34915a17bb1b2eef364308715587bee1b7d03e0d200b6adc77a2e3bf1a3fbbc2abd5169c2fb62481f9dad9595239898aab20ed48aec91c640d7cce0be9cf47cec2f36a008750df25f102bfe7a7a593025aab56ea3fd1a09dafa96a9d815d6ed93a2e1db73acb5f"}, {0xb0, 0x104, 0x7, "9f4cfeb73cf696819006a9a6a810a419a50330d028bfb2489abed2eb9648ba03ded04c43c1e4c70e22aa84aa64250127baafba9944d0726c3c88e22a632602d4e63f59c90568d8e50a364b806e899460f003db58a2a49cbf3b7eb856df6f0101b3fbdd7a92bd0a28a30430fa7660598c6ef9e5c9866da777c5b9450f32730377ca8607b135b3924d89e68a0aafe8ecf656ec4fbf974949e4e9bc"}], 0x10c0}}, {{&(0x7f00000018c0)=@ax25={{0x3, @default, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x80, &(0x7f0000001b00)=[{&(0x7f0000001940)="87a491c25174e28183b06e5150a516574632aed45d7d5005113359c01c98499394c5ebddce9bdd6c25eec6aa027cb4828b7b50c248adadc72b5a2c1bf1e54a2d1b44dca85453e95812775404069ff824825333dd6a6c4b4954ae744119fe941c31e69d7cad5c9b5d36b112fc71a825d60a6d500c23cc42074b20b561133dcec3aaf36585c83a207b5ff0d9a756579f7b7dfe503df218190e59a1f8fa417e10ea4c6d2d120dd11b89bb34b6fb", 0xac}, {&(0x7f0000001a00)="e72c7b7071693f0d7a905b4f8d90a13ddbb59b34a4e1aaf6e8becada8cd70ad07e3d72afa7916704e99f94836ef7afc5c3562cfcf6bf35fb137445fd7e22571fb1045f27f0a20167c9dd1c2699ed07877d3de5e618b39cabd7685d69b2604a2d59985c109cc9509347877a4f672315988312506c22b9f1713f1c4ca54b7cd64aa3fd11b57ddb07137da1b748dd651eaba4b9ce84c218cf6c8e7efc983a3bfd5027a5be279bc2940eac04e88ef133bdc4791d5c2c8d30a3f5d6f4759bbcf0e21af92aaeb4a8667ca4691f2a1b1283c1874ac80c2d37b3c95f4561f777a0a1e5dd6b72535e020626a9fab68d0e90e121b7d1e378c1", 0xf4}], 0x2, &(0x7f0000001cc0)=ANY=[@ANYBLOB="c8000000000000003701000004000000e1c0a26037e7cc8f00a730c739425cff87c87d6f2c9cd1528504e9d746b94e46cff710797a95251bdb42eb7afa91d1f58e06be85d3dd38fc179ea9606248772dbf90736548d8d7c5fcbc7140dee046827168cb9018041380c492a6e0e916132afd0463d6574e7ce7b7d4d15e1656abfbc496bf5100561859c82bd19c37f72c68da5d357238f40a14209388e7cd5e089436844c043b18e77ffc0e218169b32588e36112d5b341ba0ba9d7cb3780790fa515915d7339df0000b8553a75"], 0xc8}}], 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
r6 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x4, 0x2)
setuid(0xee00)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000240)={0xf0f080, 0x1})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000004c0), 0x0, 0x40000120, 0x0)
r7 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000003740)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
read$FUSE(r7, &(0x7f0000005780)={0x2020}, 0x2020)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1000000004008000080000000700000000000000", @ANYRES32=0x1, @ANYBLOB="ffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00010040000000000000000000010000050000000098b06dc8000000"], 0x50)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
socket(0x11, 0x800, 0x5)
r10 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$sock_int(r10, 0x1, 0x2e, &(0x7f0000000280)=0xb, 0x4)
r11 = io_uring_setup(0x1bcb, &(0x7f0000000080)={0x0, 0xeec2, 0x20, 0x2, 0x116})
close_range(r11, r11, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x101, 0x3, 0xfffffffffffffff5, 0x2000000000000000, 0x1, 0x10, 0x0, 0xfffffffffffffffe}, 0x0, &(0x7f0000000240)={0x1f, 0xc, 0x715, 0x8000000000000000, 0x0, 0x8, 0x800, 0x20000}, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r8}, &(0x7f0000000240), &(0x7f0000000280)=r9}, 0x20)

20.732957929s ago: executing program 5 (id=3299):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
close(r0)
r1 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
r2 = syz_usb_connect(0x3, 0x36, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep2(r2, 0x83, 0x8, &(0x7f0000000980)=ANY=[@ANYBLOB="bcea"])
r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
unshare(0x20060400)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(0x0)
ioctl$EVIOCRMFF(r3, 0x40044581, 0x0)
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000040)=[{}], 0x1, 0x2, 0x0, 0x2, 0x0, 0x2})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380))
ioctl$SIOCSIFHWADDR(r0, 0x8b26, &(0x7f00000000c0)={'wg1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}})
unshare(0x2040400)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000400010000000900020073797a32000000001400078005001500cd00000008001240000000000000800000000000050001000600000013000300686173683a6e65742c69666163650000"], 0x60}, 0x1, 0x0, 0x0, 0x20020800}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c000014000b"], 0x48}}, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x41})
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)

20.666415975s ago: executing program 4 (id=3301):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x7d, 0x7fff0000}]})
gettid()
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000300)={'wpan0\x00'})
syz_create_resource$binfmt(0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0x3, 0x6}, {0x0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)

20.407253758s ago: executing program 4 (id=3302):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000600)={0x1c, 0x0, 0x1, 0x703d25, 0x25dfdbfb, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044040}, 0x8842)

20.381480016s ago: executing program 4 (id=3303):
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x24000000)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
syz_open_dev$dri(&(0x7f0000000000), 0xe, 0x20c0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3c, 0x3a77}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='host1x_cdma_push_gather\x00', r4, 0x0, 0x3}, 0x18)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r3, 0x2, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xe1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040080}, 0x8014)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$TIPC_CONN_TIMEOUT(r8, 0x10f, 0x82, &(0x7f0000000100), &(0x7f0000003800)=0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r9=>0x0})
sendmsg$BATADV_CMD_TP_METER(r2, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x30, r3, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)
r10 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_S_STD(r10, 0x40085618, &(0x7f00000002c0)=0x3200e0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b30, &(0x7f00000000c0)={'wlan0\x00'})
socket$nl_rdma(0x10, 0x3, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000800000000000000000850000004100000085000000d000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r11, 0x0, 0x0)

20.133074712s ago: executing program 5 (id=3304):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x13, r1, 0x2000)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
write$binfmt_aout(r3, 0x0, 0xffffffdb)
io_uring_enter(r1, 0x241d, 0x2dab, 0x1, &(0x7f0000000000)={[0xb381]}, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x2c, r7, 0x1, 0x0, 0x0, {0x2b}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}]}, 0x2c}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r8 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r8, &(0x7f0000000080), 0x10)
listen(r8, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

19.458093014s ago: executing program 4 (id=3305):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xc70, 0xf00b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x64, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x4, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0x0, 0x4}}}}}]}}]}}, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r1, &(0x7f0000000000)="3b0000000100", 0x6)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140))
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000006800e97800000000000000000a0000000000000008000500", @ANYRES8=r3], 0x20}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001800090400000000000000000a000000000000030000000008001e0001"], 0x24}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newlink={0x64, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x30, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GRE_REMOTE={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x20}}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x64}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f00000001c0)={0x40, 0x6, 0x1c, {0x1c, 0x0, "00030000007a5da01de3bf38b57a31e8f4eba3287c27a8425856"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

19.150681075s ago: executing program 5 (id=3307):
r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000240)={0xf0f01b, 0x6})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000007040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000007000)={0x20, 0xffffffffffffffda}, 0x0})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r4, 0x4048aec9, &(0x7f0000000080)={0x3, 0x0, @ioapic={0x4, 0x4, 0x3, 0x2, 0x0, [{0xf, 0x0, 0x0, '\x00', 0xe}, {0x5, 0x0, 0x0, '\x00', 0xfc}, {0x1, 0x1, 0x9, '\x00', 0x2}, {0xfa, 0x8, 0x5, '\x00', 0xa0}, {0x1, 0x4, 0x4, '\x00', 0x74}, {0xa, 0xff, 0x5}, {0xb8, 0xda, 0xd, '\x00', 0x59}, {0xb, 0x1, 0x10, '\x00', 0x3}, {0xb, 0x7, 0x81, '\x00', 0x9}, {0x4, 0x6, 0x4, '\x00', 0x5}, {0xfe, 0x5, 0xd, '\x00', 0xa}, {0xff, 0x4b, 0x45, '\x00', 0xc2}, {0xd2, 0xab, 0x8, '\x00', 0x3}, {0x1, 0xff, 0xfe, '\x00', 0xb}, {0x5, 0xfb, 0x1, '\x00', 0x2}, {0xf9, 0x0, 0x6, '\x00', 0x9}, {0x1b, 0x9, 0x7, '\x00', 0x4}, {0x4, 0x7, 0x8, '\x00', 0x9}, {0xab, 0xef, 0x40, '\x00', 0x6}, {0x8, 0x10, 0x80}, {0x5, 0x7, 0x2, '\x00', 0x86}, {0xd, 0x3, 0xc, '\x00', 0x8}, {0x86, 0x8e, 0x5, '\x00', 0x7}, {0x56, 0x3, 0x4, '\x00', 0x7f}]}})

19.068915525s ago: executing program 3 (id=3308):
syz_mount_image$iso9660(&(0x7f00000001c0), &(0x7f0000000300)='./file1\x00', 0x20c000, &(0x7f0000000c80)=ANY=[@ANYBLOB="ea61162e1ef6ac13e1eff9757ddc59c1f73dfdd8fbbe3455a11759dc86fc9f992771c954795e503a35af651559e91dcc4d616c1004f0011c5f0bba54bed252dbaca06169a96e5537b01ac8a36ffe19cafa0bc52a19f2a31d2b5c", @ANYRESHEX, @ANYRES64=0x0, @ANYRES8, @ANYRESOCT, @ANYBLOB="e75e3beec9bb3b87d24ddf25f5cf56a835eac560b4501c00efe3c14e5e2101d0f96d32812d5c0079ad3f5d3c09baf23a1a6c4c2a01ae8bd3f4e045214255e7c9e37d13138503534f5656f941753225afa2ea5668045f9f691358f20b3b7aa82828a6c148e9b2486aad47b799bee97fe6d9aa940d358b355885a7943b0324a69d196c1834bfa373c705738d2895b3e829100c66c660ea3ca8c8aa1f2568ac73e146468074d493edcad19995bde969ee8b42d9abd01333ac6e9ca3cebd3be2d22a755efffe8a7b0c6a7602520e204ac37bb66dd89af8128590a5b758eecbd4647dbe3b2349600d6a0900000000000000c55bb1ea", @ANYRESDEC=0x0, @ANYBLOB="c0416d01abbe2feb0be0fe25f7806c5aa0e566b582300cab7045c5a250ddf6af53b69f2c1193a3944aceae737833524bc54d25b7e0666a2865ac538932cf8b6091697df4231cd0396c61e6644cc199fa3e6dd810814187b4e85f8754982ac671475dbf68b1839f381bc881d43d7d1bb1d4045236452fc1b47d4a843795ee5bc5375b8806cac6c100000000000000000000000047703a41969d"], 0x0, 0x586, &(0x7f00000006c0)="$eJzs3cFv01YcwPGfS1tKJiG0TQhVBR5lh1YqwUkgKOIwPOclNSR2ZDuoPaGKpqgihYkyae1l6gU2afsjuO6P2Hl/yi5op50z2U7apm0SRtoEse8nAjv283u/50bvJ0fxswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHsomlmDKk4bn1F9WYXfa968LZ99LENsti16NOuiBH9k8n9TVe+Pth9OfpvXuaSd3MyEy1mZPeLy5fufzU50Tm+T8CnYLqrh7EH3W+3d3afrzWbjVdnG8hYXT3fe19Zu07gOVWrrJUTeKqQz5u3l0uBKjkVHawG4aWqsn1thZ6vFuxFlSkUckqnV726Wy5aFd3ZeO9W1jTz6mG6pi0/8NzbD9OBvexUKo5bjstEu6My96IP4iMnVKG2qkpNSLORG9SBjc1mI/MhhbKDCmXNbDaTyWYz+buFu/dMc/Lt0Q3mERIfEn2QOiXO+kOLT91pDd3A0Cba+V8q4ogrdVkRdeLLlqL44km1x/62xW/bK7d133b38//MzH6Wv3Kwe1bi/H8teXetV/6PXj3iGc1rW3ZkV57LmjSlKQ15Nb5Ypk/7TMjE4BrLosUVR4J3D8SRqljxFhVtEU+UFCQveTHliSxLSQJRUhJHKqIlkFUJJBQdf6Js8UWLJaF44ouSBbFlUZRkpCAFyYkSLWlZFU/q4kpZimLFtWzIZnzec/360SmU6Vkk1fncNSTbp6Zj+f/YhpPz/+ES5P//u9McvoGhtDr5HwAAAAAAfLaM+Nv36Pp/Sq7GayWnos1xhwUAAAAAAE5Rq9VqyZwY0fW/iFwVg+t/AAAAAAA+N0Z8j50hIim5nqxtiBHfLtX1JcBf4wsRAAAAAAAMKb7z/1q0iOdAuS7G/nQpR34EcG48AQIAAAAAgKH93HuO/Zl2kdp544+/xfenjL3ayjfGlhVttLba3wcc+1ogLM0aF9uVxIv8ZPudreeM9uyXB5NgJq283xg0179xCgHIr3IjKXNjPVmud/YkraRKTkWnba9yPyOWdXEi1CvhDy82f5S4+7+41YuGbGw2G+mnL5vrcSx7US17W+0JFI/No9gnltfxfAvxPRcn9ngqvhGj3W4qadfs9P+BWFsTyeET/6HNNzKflJlvz3ib6u7/TNRmJt2r9+0oMkP2/I3cTMrcXLiZLE6IIns0igtHosgejuKjzsUHRJEbdC5yQ0YBAOOyMSALGXIpGtoO592PGOVGk93fyEJSZmE2HlgnZ7tG9L14RDcHjejmkNnt92PPQOqVY6N2fzuSVd9FB7zr2W5QyRrRKTz3eut7uby9s3trc2vtWeNZ40U2m8ubd0zzblam4m60F+QeAMAJBj9jZ2AJ407rfFKix1X1l/s/KUjLU3kpTVmXpfhug/gXByfWmjr0M4Qladc/n5KWHL9qTcVpMnnCy1Kfq7rp+C6HTr3ZvmW7Y8iN4k8BAMDIzA/Iwx+S/5f6X3cfyeX9r45Th57WBgAAzob23xup8K3h+07tSaZQyFjhsla+Zz9SvlMsa+W4ofbtZcsta1XzvdCzvUq08tgp6kAF9VrN80NV8nxV8wJnJX7yuwpWg1BXVaCrlhs6dlCraCvQyvbc0LJDVXQCW9Xq31WcYFn78cFBTdtOybGt0PFcFXh139ZppQKtDxV0itoNnZITrbqq5jtVy19Vj71KvapVUQe279RCL6mw05bjljy/GlebHvfJBgDgE7G9s/t8rdlsvDrDlXH3EQAAdBsqSxv8hgwAAAAAAAAAAAAAAAAAAAAAgFEYxf1/rJz5ysqfrdZYw/jnwvhPwv7KtHwSYYxuxTBOv+aBQ8dPIxmgAJyZfwMAAP//BfRWTg==")
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180), 0x101, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
eventfd(0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
fchmodat(0xffffffffffffffff, &(0x7f0000000280)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8fb338406592e1c6)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000080)={0x7, {{0xa, 0x4e20, 0xe0, @mcast2, 0xff}}, {{0xa, 0x4e21, 0x9, @private2, 0x4}}}, 0x108)
r2 = syz_open_procfs(0x0, &(0x7f0000000640)='net/mcfilter6\x00')
read$FUSE(r2, &(0x7f00000042c0)={0x2020}, 0x2020)

18.875357353s ago: executing program 5 (id=3309):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = socket$kcm(0x10, 0x2, 0x0)
dup(r0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r3, 0x0, <r4=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, 0x0)
r5 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r5, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, 0x0, 0x0, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x34}}, @ip_tos_u8={{0x11, 0x29, 0x2}}, @ip_tos_u8={{0x11}}], 0x48}, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})
socket(0x400000000010, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, &(0x7f0000000240)={0x18, r3})
setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000140)=0x2, 0x4)

18.489671457s ago: executing program 3 (id=3310):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = socket$kcm(0x10, 0x2, 0x0)
dup(r0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r3, 0x0, <r4=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, 0x0)
r5 = socket$kcm(0xa, 0x2, 0x73)
sendmsg$inet(r5, &(0x7f0000001180)={&(0x7f0000000000)={0xa, 0x0, @empty}, 0x10, 0x0, 0x0, &(0x7f00000010c0)=[@ip_tos_int={{0x14, 0x29, 0x34}}, @ip_tos_u8={{0x11, 0x29, 0x2}}, @ip_tos_u8={{0x11}}], 0x48}, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r4, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e})
r6 = socket(0x400000000010, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_DELCHAIN={0x1c, 0x5, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_CHAIN_POLICY={0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x44}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
fstat(r6, 0x0)
r9 = socket(0x848000000015, 0x805, 0x0)
bind$inet6(r9, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
sendto$inet6(r9, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, &(0x7f0000000240)={0x18, r3})
setsockopt$CAN_RAW_ERR_FILTER(r1, 0x65, 0x2, &(0x7f0000000140)=0x2, 0x4)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x28, 0x0, 0x8, 0xfffff032}]}, 0x10)

17.814069555s ago: executing program 3 (id=3311):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sysvipc/msg\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ppoll(&(0x7f00000000c0)=[{r2, 0x13108}], 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x1c, r5, 0x1, 0x50bd26, 0x25dfdbf8, {{}, {@void, @val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20044040}, 0x24008004)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prctl$PR_GET_IO_FLUSHER(0x4)
prctl$PR_GET_IO_FLUSHER(0x3a)
r6 = syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r6, 0xc06c4124, 0x0)
syz_clone(0x25000, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0)
mkdirat(r0, &(0x7f0000000180)='./file1\x00', 0x0)
mkdir(0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')

17.80826802s ago: executing program 5 (id=3312):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x101801, 0x0)
socketpair$unix(0x1, 0xad40a5e3a29e51b5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x80000)
sendmsg$kcm(r2, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000001a00)="e8a472", 0x3}, {0x0}, {&(0x7f0000001680)="094fb143daa9baa36aaa2cca06886c533118e056", 0x14}], 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r3 = socket$kcm(0x2, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x50)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', 0x0, 0x8000, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi3\x00', 0xc00, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})

17.23993589s ago: executing program 4 (id=3313):
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x24000000)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
syz_open_dev$dri(&(0x7f0000000000), 0xe, 0x20c0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3c, 0x3a77}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='host1x_cdma_push_gather\x00', r4, 0x0, 0x3}, 0x18)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r3, 0x2, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xe1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040080}, 0x8014)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$TIPC_CONN_TIMEOUT(r8, 0x10f, 0x82, &(0x7f0000000100), &(0x7f0000003800)=0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r9=>0x0})
sendmsg$BATADV_CMD_TP_METER(r2, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000003080)={0x30, r3, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000050}, 0x20040084)
r10 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_S_STD(r10, 0x40085618, &(0x7f00000002c0)=0x3200e0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b30, &(0x7f00000000c0)={'wlan0\x00'})
socket$nl_rdma(0x10, 0x3, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000800000000000000000850000004100000085000000d000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r11 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r11, 0x0, 0x0)

16.899707021s ago: executing program 3 (id=3314):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r7)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x20, r8, 0x6a98047402e98331, 0x70bd21, 0xffa1, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x24004040}, 0x4008800)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r9}, 0xc)
mkdir(0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)

16.014411572s ago: executing program 4 (id=3315):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000bc0)={r0, 0x0, 0x14, 0x0, &(0x7f0000000940)="18d26a3d9673399025aae4121e420e3eef774116", 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000ac0)="a2"}, 0x4c)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x3, &(0x7f0000000080)=[{0x45}, {0x5, 0x4}, {0x6, 0x0, 0x1}]})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000a40), 0x2, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xf, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, 0x0, 0x0, 0x9, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0x800], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x800, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r3, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r3, 0x5501)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x78}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848290000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x80)

15.90885089s ago: executing program 3 (id=3316):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace(0x10, r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = add_key$fscrypt_v1(&(0x7f0000000200), &(0x7f0000000080)={'fscrypt:', @auto=[0x66, 0x35, 0x61, 0x61, 0x31, 0x3c, 0x33, 0x61, 0x30, 0x66, 0x33, 0x33, 0x65, 0x64, 0x32, 0x65]}, &(0x7f0000000bc0)={0xfffffe00, "f1a1173fb9462d356ee67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfc75b000000000000566a0982f8938caa52dd8d39af1405000000d59300", 0x2d}, 0x48, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x4, r2, r2, r2, 0x1)
add_key(&(0x7f0000000080)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000280), 0x0, r2)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x9)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r4, 0x0, 0x0, 0x20044000)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000)

15.655727834s ago: executing program 3 (id=3317):
r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000240)={0xf0f01b, 0x6})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000007040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000007000)={0x20, 0xffffffffffffffda}, 0x0})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r4, 0x4048aec9, &(0x7f0000000080)={0x3, 0x0, @ioapic={0x4, 0x4, 0x3, 0x2, 0x0, [{0xf, 0x0, 0x0, '\x00', 0xe}, {0x5, 0x0, 0x0, '\x00', 0xfc}, {0x1, 0x1, 0x9, '\x00', 0x2}, {0xfa, 0x8, 0x5, '\x00', 0xa0}, {0x1, 0x4, 0x4, '\x00', 0x74}, {0xa, 0xff, 0x5}, {0xb8, 0xda, 0xd, '\x00', 0x59}, {0xb, 0x1, 0x10, '\x00', 0x3}, {0xb, 0x7, 0x81, '\x00', 0x9}, {0x4, 0x6, 0x4, '\x00', 0x5}, {0xfe, 0x5, 0xd, '\x00', 0xa}, {0xff, 0x4b, 0x45, '\x00', 0xc2}, {0xd2, 0xab, 0x8, '\x00', 0x3}, {0x1, 0xff, 0xfe, '\x00', 0xb}, {0x5, 0xfb, 0x1, '\x00', 0x2}, {0xf9, 0x0, 0x6, '\x00', 0x9}, {0x1b, 0x9, 0x7, '\x00', 0x4}, {0x4, 0x7, 0x8, '\x00', 0x9}, {0xab, 0xef, 0x40, '\x00', 0x6}, {0x8, 0x10, 0x80}, {0x5, 0x7, 0x2, '\x00', 0x86}, {0xd, 0x3, 0xc, '\x00', 0x8}, {0x86, 0x8e, 0x5, '\x00', 0x7}, {0x56, 0x3, 0x4, '\x00', 0x7f}]}})

2.590945247s ago: executing program 34 (id=3312):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x101801, 0x0)
socketpair$unix(0x1, 0xad40a5e3a29e51b5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x4c, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x80000)
sendmsg$kcm(r2, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000001a00)="e8a472", 0x3}, {0x0}, {&(0x7f0000001680)="094fb143daa9baa36aaa2cca06886c533118e056", 0x14}], 0x3}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r3 = socket$kcm(0x2, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x50)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', 0x0, 0x8000, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi3\x00', 0xc00, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})

57.058345ms ago: executing program 35 (id=3317):
r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000240)={0xf0f01b, 0x6})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000007040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000007000)={0x20, 0xffffffffffffffda}, 0x0})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r4, 0x4048aec9, &(0x7f0000000080)={0x3, 0x0, @ioapic={0x4, 0x4, 0x3, 0x2, 0x0, [{0xf, 0x0, 0x0, '\x00', 0xe}, {0x5, 0x0, 0x0, '\x00', 0xfc}, {0x1, 0x1, 0x9, '\x00', 0x2}, {0xfa, 0x8, 0x5, '\x00', 0xa0}, {0x1, 0x4, 0x4, '\x00', 0x74}, {0xa, 0xff, 0x5}, {0xb8, 0xda, 0xd, '\x00', 0x59}, {0xb, 0x1, 0x10, '\x00', 0x3}, {0xb, 0x7, 0x81, '\x00', 0x9}, {0x4, 0x6, 0x4, '\x00', 0x5}, {0xfe, 0x5, 0xd, '\x00', 0xa}, {0xff, 0x4b, 0x45, '\x00', 0xc2}, {0xd2, 0xab, 0x8, '\x00', 0x3}, {0x1, 0xff, 0xfe, '\x00', 0xb}, {0x5, 0xfb, 0x1, '\x00', 0x2}, {0xf9, 0x0, 0x6, '\x00', 0x9}, {0x1b, 0x9, 0x7, '\x00', 0x4}, {0x4, 0x7, 0x8, '\x00', 0x9}, {0xab, 0xef, 0x40, '\x00', 0x6}, {0x8, 0x10, 0x80}, {0x5, 0x7, 0x2, '\x00', 0x86}, {0xd, 0x3, 0xc, '\x00', 0x8}, {0x86, 0x8e, 0x5, '\x00', 0x7}, {0x56, 0x3, 0x4, '\x00', 0x7f}]}})

0s ago: executing program 36 (id=3315):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000bc0)={r0, 0x0, 0x14, 0x0, &(0x7f0000000940)="18d26a3d9673399025aae4121e420e3eef774116", 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000ac0)="a2"}, 0x4c)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000440)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x3, &(0x7f0000000080)=[{0x45}, {0x5, 0x4}, {0x6, 0x0, 0x1}]})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000a40), 0x2, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xf, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, 0x0, 0x0, 0x9, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0x800], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x800, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x5)
ioctl$UI_SET_SWBIT(r3, 0x4004556d, 0x3)
ioctl$UI_DEV_CREATE(r3, 0x5501)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x78}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f848290000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x80)

kernel console output (not intermixed with test programs):

ipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  848.629392][T15168] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2590'.
[  849.308867][ T5942] usb 2-1: USB disconnect, device number 43
[  850.112735][T15182] hfsplus: unable to find HFS+ superblock
[  850.381295][T11271] Bluetooth: hci4: command 0x0c1a tx timeout
[  850.388223][   T89] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  850.395461][   T89] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  850.755518][T15190] vfat: Bad value for 'uid'
[  850.760154][T15190] vfat: Bad value for 'uid'
[  851.290815][T15192] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  851.300225][T15192] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  852.134128][ T5928] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  852.493460][T11271] Bluetooth: hci0: command 0x0c1a tx timeout
[  852.508627][   T89] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  853.475768][   T89] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  853.563884][ T5928] usb 1-1: Using ep0 maxpacket: 8
[  853.585012][ T5928] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  853.593293][ T5928] usb 1-1: config 179 has no interface number 0
[  853.599903][ T5928] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  854.561172][ T5928] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  854.573475][ T5928] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  854.594158][ T5928] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  855.565352][ T5928] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  855.578791][ T5928] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  855.588203][ T5928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  855.654512][ T5928] usb 1-1: can't set config #179, error -71
[  855.730651][ T5928] usb 1-1: USB disconnect, device number 64
[  857.546080][T15238] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  857.554931][T15238] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  858.122036][T15248] iso9660: Unknown parameter 'ÿÿÿÿ00000000000000000000000'
[  858.377860][T15249] netlink: 'syz.4.2627': attribute type 1 has an invalid length.
[  858.422645][T15249] 8021q: adding VLAN 0 to HW filter on device bond1
[  859.460659][T15266] netlink: 'syz.1.2630': attribute type 1 has an invalid length.
[  859.880854][T15274] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2635'.
[  860.934180][T15287] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2638'.
[  861.271466][T15289] iso9660: Unknown parameter 'ÿÿÿÿ00000000000000000000000'
[  861.544437][T15287] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[  861.863933][ T5928] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  861.997870][T15295] overlayfs: failed to resolve './file0': -2
[  862.028180][ T5928] usb 1-1: Using ep0 maxpacket: 8
[  862.064723][ T5928] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  862.084691][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  862.137114][ T5928] usb 1-1: Product: syz
[  862.167273][ T5928] usb 1-1: Manufacturer: syz
[  862.196172][ T5928] usb 1-1: SerialNumber: syz
[  862.286821][ T5928] usb 1-1: config 0 descriptor??
[  862.324555][ T5928] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  862.452202][   T30] audit: type=1326 audit(1758334695.112:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15303 comm="syz.1.2644" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f482858ec29 code=0x0
[  862.493957][T14764] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  862.505529][T15290] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  862.513533][T15305] netlink: 'syz.1.2644': attribute type 3 has an invalid length.
[  862.522602][T15305] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.2644'.
[  862.661567][T14764] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  862.683948][T14764] usb 4-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[  862.717902][T14764] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  862.754909][T14764] usb 4-1: config 0 descriptor??
[  863.140552][T15311] tipc: Started in network mode
[  863.153706][T15311] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  863.189997][T15311] tipc: Enabled bearer <udp:syz0>, priority 10
[  863.220515][T14764] usbhid 4-1:0.0: can't add hid device: -71
[  863.229014][T14764] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  863.273719][T14764] usb 4-1: USB disconnect, device number 58
[  863.453946][ T5928] gspca_sonixj: reg_w1 err -71
[  863.554060][ T5928] sonixj 1-1:0.0: probe with driver sonixj failed with error -71
[  863.564134][ T5928] usb 1-1: USB disconnect, device number 65
[  863.675023][   T10] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  863.825991][T15323] syz.1.2649 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  864.183991][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  864.284509][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  864.303989][   T10] usb 5-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00
[  864.305890][ T5928] tipc: Node number set to 4269801488
[  864.321523][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  864.361399][   T10] usb 5-1: config 0 descriptor??
[  864.606346][T15334] netlink: 'syz.3.2650': attribute type 1 has an invalid length.
[  865.651718][   T10] razer 0003:1532:010E.000C: failed to enable macro keys: -71
[  865.859568][   T10] razer 0003:1532:010E.000C: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.4-1/input0
[  866.049622][   T10] usb 5-1: USB disconnect, device number 10
[  866.224466][T15352] overlayfs: failed to resolve './file0': -2
[  866.234308][T15354] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2656'.
[  866.952382][T15368] blk_print_req_error: 4 callbacks suppressed
[  866.952400][T15368] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  866.970058][T15368] EXT4-fs (loop3): unable to read superblock
[  867.298291][T15368] squashfs: Unknown parameter 'xœìÝ1h$Uðofw'
[  867.405046][   T30] audit: type=1326 audit(1758334700.072:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15371 comm="syz.5.2661" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa01018ec29 code=0x0
[  867.510791][T15375] input: syz0 as /devices/virtual/input/input38
[  867.674000][T14764] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  867.684335][    T9] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  867.712276][   T30] audit: type=1326 audit(1758334700.372:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15376 comm="syz.4.2663" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efcad38ec29 code=0x0
[  867.817632][T15378] input: syz0 as /devices/virtual/input/input39
[  867.836278][T14764] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  867.845274][    T9] usb 4-1: Using ep0 maxpacket: 8
[  867.848139][T14764] usb 1-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[  867.861973][    T9] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  867.870230][T14764] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  867.879288][T14764] usb 1-1: config 0 descriptor??
[  867.880580][    T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  867.895696][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  867.906294][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  867.916959][    T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  867.930941][    T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  867.940299][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  868.157790][    T9] usb 4-1: GET_CAPABILITIES returned 0
[  868.163346][    T9] usbtmc 4-1:16.0: can't read capabilities
[  868.319529][T14764] usbhid 1-1:0.0: can't add hid device: -71
[  868.325926][T14764] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  868.336686][T14764] usb 1-1: USB disconnect, device number 66
[  868.387947][    T9] usb 4-1: USB disconnect, device number 59
[  869.908018][T15387] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[  870.733379][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  870.742040][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  871.116329][T15405] overlayfs: failed to resolve './file0': -2
[  871.323593][T15408] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2671'.
[  872.475562][T15422] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2675'.
[  873.556574][T15433] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  874.090847][   T30] audit: type=1326 audit(1758334706.752:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.1.2677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f482858ec29 code=0x7ffc0000
[  874.203902][   T30] audit: type=1326 audit(1758334706.752:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.1.2677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f482858ec29 code=0x7ffc0000
[  874.234178][   T30] audit: type=1326 audit(1758334706.752:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.1.2677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f482858ec29 code=0x7ffc0000
[  874.420823][ T6009] usb 2-1: new full-speed USB device number 44 using dummy_hcd
[  874.429738][   T30] audit: type=1326 audit(1758334706.752:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.1.2677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f482858ec29 code=0x7ffc0000
[  874.452629][   T30] audit: type=1326 audit(1758334706.752:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.1.2677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f482858ec29 code=0x7ffc0000
[  874.477595][   T30] audit: type=1326 audit(1758334706.752:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.1.2677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f482858d590 code=0x7ffc0000
[  874.502240][   T30] audit: type=1326 audit(1758334706.752:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.1.2677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f482858e82b code=0x7ffc0000
[  874.553102][   T30] audit: type=1326 audit(1758334706.752:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.1.2677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f482858e82b code=0x7ffc0000
[  874.614437][ T6009] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  874.631388][ T6009] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  874.644737][   T30] audit: type=1326 audit(1758334706.792:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.1.2677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f482858e82b code=0x7ffc0000
[  874.696914][ T6009] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 23
[  874.769404][   T30] audit: type=1326 audit(1758334706.792:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.1.2677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f482858e82b code=0x7ffc0000
[  874.795154][ T6009] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  874.842759][ T6009] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  874.883146][ T6009] usb 2-1: SerialNumber: syz
[  875.019290][T15435] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  875.099569][ T6009] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[  875.857950][ T6009] cdc_acm 2-1:1.0: ttyACM0: USB ACM device
[  875.878349][ T6009] usb 2-1: USB disconnect, device number 44
[  876.067181][T15453] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2685'.
[  876.219558][T15461] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2684'.
[  876.525994][   T43] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  876.694346][T15465] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2687'.
[  876.866469][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  876.886668][T15467] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2686'.
[  878.330061][   T43] usb 4-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[  878.376073][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  878.413281][   T43] usb 4-1: config 0 descriptor??
[  879.398913][   T43] aquacomputer_d5next 0003:0C70:F00B.000D: unknown main item tag 0x0
[  879.422517][   T43] aquacomputer_d5next 0003:0C70:F00B.000D: unknown main item tag 0x0
[  879.431625][   T43] aquacomputer_d5next 0003:0C70:F00B.000D: item fetching failed at offset 3/7
[  879.447356][   T43] aquacomputer_d5next 0003:0C70:F00B.000D: probe with driver aquacomputer_d5next failed with error -22
[  879.462304][   T43] usb 4-1: USB disconnect, device number 60
[  879.854760][T15489] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2692'.
[  879.912263][T15491] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  880.888431][T15501] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2698'.
[  883.023036][T15515] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  883.065635][T15515] netlink: 'syz.1.2701': attribute type 1 has an invalid length.
[  884.181777][T15543] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2710'.
[  884.744496][T15550] fuse: Bad value for 'fd'
[  885.027037][T15553] binder: 15551:15553 ioctl c0306201 0 returned -14
[  885.125805][T15556] binder: 15551:15556 ioctl c0306201 200000000640 returned -22
[  885.700114][T15569] netlink: 'syz.1.2719': attribute type 1 has an invalid length.
[  885.738764][T15569] 8021q: adding VLAN 0 to HW filter on device bond6
[  886.034751][T15577] netlink: 'syz.3.2720': attribute type 1 has an invalid length.
[  886.559309][T15585] affs: Unknown parameter 'nofilenamet€uncate'
[  886.580162][T15585] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2724'.
[  886.621550][T15585] macvtap1: entered promiscuous mode
[  886.650007][T15585] vlan0: entered promiscuous mode
[  886.682477][T15585] macvtap1: entered allmulticast mode
[  886.712563][T15585] vlan0: entered allmulticast mode
[  886.732812][T15585] veth0_vlan: entered allmulticast mode
[  887.153484][T15591] bridge0: port 2(bridge_slave_1) entered disabled state
[  887.160910][T15591] bridge0: port 1(bridge_slave_0) entered disabled state
[  887.169985][T15591] bridge0: entered allmulticast mode
[  887.182051][T15591] bridge_slave_1: left allmulticast mode
[  887.187969][T15591] bridge_slave_1: left promiscuous mode
[  887.193867][T15591] bridge0: port 2(bridge_slave_1) entered disabled state
[  887.275241][T15591] bridge_slave_0: left promiscuous mode
[  887.283029][T15591] bridge0: port 1(bridge_slave_0) entered disabled state
[  887.512081][T15596] binder: 15595:15596 ioctl c0306201 0 returned -14
[  887.562984][T15596] binder: 15595:15596 ioctl c0306201 200000000640 returned -22
[  887.661033][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  887.661048][   T30] audit: type=1326 audit(1758334720.322:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15598 comm="syz.4.2728" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efcad38ec29 code=0x0
[  887.763480][T15603] input: syz0 as /devices/virtual/input/input40
[  887.951197][ T6009] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  888.574329][ T6009] usb 4-1: Using ep0 maxpacket: 8
[  888.799990][ T6009] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  888.865848][T15614] FAULT_INJECTION: forcing a failure.
[  888.865848][T15614] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  888.885986][T15614] CPU: 0 UID: 0 PID: 15614 Comm: syz.4.2733 Not tainted syzkaller #0 PREEMPT(full) 
[  888.886011][T15614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  888.886022][T15614] Call Trace:
[  888.886031][T15614]  <TASK>
[  888.886040][T15614]  dump_stack_lvl+0x189/0x250
[  888.886066][T15614]  ? __pfx____ratelimit+0x10/0x10
[  888.886086][T15614]  ? __pfx_dump_stack_lvl+0x10/0x10
[  888.886107][T15614]  ? __pfx__printk+0x10/0x10
[  888.886133][T15614]  ? __might_fault+0xb0/0x130
[  888.886169][T15614]  should_fail_ex+0x414/0x560
[  888.886198][T15614]  _copy_from_user+0x2d/0xb0
[  888.886218][T15614]  sctp_getsockopt_asconf_supported+0xb5/0x520
[  888.886246][T15614]  ? __pfx_sctp_getsockopt_asconf_supported+0x10/0x10
[  888.886279][T15614]  sctp_getsockopt+0x9e1/0xb60
[  888.886300][T15614]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  888.886327][T15614]  do_sock_getsockopt+0x372/0x450
[  888.886351][T15614]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  888.886370][T15614]  ? do_syscall_64+0xa0/0xfa0
[  888.886390][T15614]  ? __fget_files+0x2a/0x420
[  888.886407][T15614]  ? __fget_files+0x3a0/0x420
[  888.886422][T15614]  ? __fget_files+0x2a/0x420
[  888.886447][T15614]  __x64_sys_getsockopt+0x1a5/0x250
[  888.886466][T15614]  ? do_syscall_64+0xa0/0xfa0
[  888.886487][T15614]  ? do_syscall_64+0xa0/0xfa0
[  888.886516][T15614]  do_syscall_64+0xfa/0xfa0
[  888.886534][T15614]  ? lockdep_hardirqs_on+0x9c/0x150
[  888.886553][T15614]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  888.886570][T15614]  ? clear_bhb_loop+0x60/0xb0
[  888.886591][T15614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  888.886608][T15614] RIP: 0033:0x7efcad38ec29
[  888.886624][T15614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  888.886640][T15614] RSP: 002b:00007efcae1c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  888.886659][T15614] RAX: ffffffffffffffda RBX: 00007efcad5d5fa0 RCX: 00007efcad38ec29
[  888.886672][T15614] RDX: 0000000000000080 RSI: 0000000000000084 RDI: 0000000000000003
[  888.886683][T15614] RBP: 00007efcae1c1090 R08: 00002000000010c0 R09: 0000000000000000
[  888.886694][T15614] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  888.886705][T15614] R13: 00007efcad5d6038 R14: 00007efcad5d5fa0 R15: 00007fff2c022078
[  888.886736][T15614]  </TASK>
[  889.123117][    C0] hrtimer: interrupt took 229329177 ns
[  889.218536][T15610] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  889.864240][ T6009] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  890.913363][ T6009] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  891.122298][ T6009] usb 4-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.00
[  891.132607][ T6009] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  891.146242][ T6009] usb 4-1: config 0 descriptor??
[  891.165047][ T6009] usb 4-1: can't set config #0, error -71
[  891.174995][ T6009] usb 4-1: USB disconnect, device number 61
[  891.295245][T15631] delete_channel: no stack
[  891.320633][T15631] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2734'.
[  893.362450][T15650] vxcan0: tx drop: invalid sa for name 0x0000000000000004
[  894.067761][T15654] ntfs3(loop3): try to read out of volume at offset 0x0
[  894.295672][T15662] FAULT_INJECTION: forcing a failure.
[  894.295672][T15662] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  894.308903][T15662] CPU: 1 UID: 0 PID: 15662 Comm: syz.5.2745 Not tainted syzkaller #0 PREEMPT(full) 
[  894.308928][T15662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  894.308939][T15662] Call Trace:
[  894.308947][T15662]  <TASK>
[  894.308956][T15662]  dump_stack_lvl+0x189/0x250
[  894.308983][T15662]  ? __pfx____ratelimit+0x10/0x10
[  894.309004][T15662]  ? __pfx_dump_stack_lvl+0x10/0x10
[  894.309024][T15662]  ? __pfx__printk+0x10/0x10
[  894.309048][T15662]  ? __might_fault+0xb0/0x130
[  894.309083][T15662]  should_fail_ex+0x414/0x560
[  894.309110][T15662]  _copy_from_user+0x2d/0xb0
[  894.309130][T15662]  ___sys_sendmsg+0x158/0x2a0
[  894.309154][T15662]  ? __pfx____sys_sendmsg+0x10/0x10
[  894.309211][T15662]  ? __fget_files+0x2a/0x420
[  894.309229][T15662]  ? __fget_files+0x3a0/0x420
[  894.309257][T15662]  __sys_sendmmsg+0x227/0x430
[  894.309284][T15662]  ? __pfx___sys_sendmmsg+0x10/0x10
[  894.309315][T15662]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  894.309355][T15662]  ? ksys_write+0x22a/0x250
[  894.309381][T15662]  ? __pfx_ksys_write+0x10/0x10
[  894.309410][T15662]  __x64_sys_sendmmsg+0xa0/0xc0
[  894.309433][T15662]  do_syscall_64+0xfa/0xfa0
[  894.309453][T15662]  ? lockdep_hardirqs_on+0x9c/0x150
[  894.309472][T15662]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  894.309490][T15662]  ? clear_bhb_loop+0x60/0xb0
[  894.309511][T15662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  894.309528][T15662] RIP: 0033:0x7fa01018ec29
[  894.309546][T15662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  894.309561][T15662] RSP: 002b:00007fa010f95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  894.309580][T15662] RAX: ffffffffffffffda RBX: 00007fa0103d6090 RCX: 00007fa01018ec29
[  894.309594][T15662] RDX: 0000000000000001 RSI: 0000200000000180 RDI: 000000000000000a
[  894.309606][T15662] RBP: 00007fa010f95090 R08: 0000000000000000 R09: 0000000000000000
[  894.309617][T15662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  894.309628][T15662] R13: 00007fa0103d6128 R14: 00007fa0103d6090 R15: 00007ffceac01ab8
[  894.309659][T15662]  </TASK>
[  896.592330][T15679] netlink: 'syz.1.2749': attribute type 29 has an invalid length.
[  896.601579][T15679] netlink: 'syz.1.2749': attribute type 29 has an invalid length.
[  896.641926][T15679] netlink: 500 bytes leftover after parsing attributes in process `syz.1.2749'.
[  896.676927][T15664] bridge0: port 2(bridge_slave_1) entered disabled state
[  896.684652][T15664] bridge0: port 1(bridge_slave_0) entered disabled state
[  896.740107][T15664] bridge0: entered allmulticast mode
[  896.939840][T15687] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2751'.
[  897.829825][T15680] bridge_slave_1: left allmulticast mode
[  897.835610][T15680] bridge_slave_1: left promiscuous mode
[  897.841655][T15680] bridge0: port 2(bridge_slave_1) entered disabled state
[  898.044876][T15680] bridge_slave_0: left allmulticast mode
[  898.062709][T15680] bridge_slave_0: left promiscuous mode
[  898.088008][T15680] bridge0: port 1(bridge_slave_0) entered disabled state
[  898.861109][T15708] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  899.697061][T15724] batman_adv: batadv: cannot create tp meter kthread
[  901.440028][T15753] 9pnet_fd: Insufficient options for proto=fd
[  901.968642][ T5935] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  902.284697][T15762] iso9660: Unknown parameter 'ÿÿÿÿ00000000000000000000000'
[  902.564681][T15734] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.738478][ T5935] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  902.757358][T15761] kvm: pic: non byte read
[  902.762196][T15761] kvm: pic: level sensitive irq not supported
[  902.762267][T15761] kvm: pic: non byte read
[  902.773975][T15761] kvm: pic: level sensitive irq not supported
[  902.774192][T15761] kvm: pic: non byte read
[  902.789371][ T5935] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3
[  902.842297][ T5935] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  902.896207][ T5935] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  902.914918][ T5935] usb 4-1: config 0 descriptor??
[  902.930663][T15771] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2771'.
[  902.964017][ T6023] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  903.213882][ T6023] usb 5-1: Using ep0 maxpacket: 8
[  903.532290][ T6023] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  903.574079][ T6023] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  903.593434][ T6023] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  903.607006][ T6023] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  903.624301][ T6023] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  903.637833][ T6023] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  903.647128][ T6023] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  903.666302][ T5935] Bluetooth: Can't get state to change to load ram patch err
[  903.677354][ T5935] Bluetooth: Loading patch file failed
[  903.682839][ T5935] ath3k 4-1:0.0: probe with driver ath3k failed with error -71
[  903.696657][ T5935] usb 4-1: USB disconnect, device number 62
[  903.871326][ T6023] usb 5-1: usb_control_msg returned -32
[  903.876983][ T6023] usbtmc 5-1:16.0: can't read capabilities
[  905.133889][ T5935] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  905.304007][ T5935] usb 1-1: Using ep0 maxpacket: 8
[  905.345293][ T5935] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  905.353939][ T5935] usb 1-1: config 179 has no interface number 0
[  905.362969][ T5935] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  905.395338][ T5935] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  905.407395][ T5935] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  905.419507][ T5935] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  905.423264][T15795] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2776'.
[  905.440205][ T5935] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  905.456287][ T5935] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  905.484081][ T5935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  905.507317][T15786] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  905.609150][   T10] usb 5-1: USB disconnect, device number 11
[  905.783292][ T5935] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input41
[  905.968703][T15786] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2774'.
[  905.989757][T15802] ieee802154 phy0 wpan0: encryption failed: -22
[  906.615214][T14764] usb 1-1: USB disconnect, device number 67
[  906.615221][    C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  906.615265][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  908.146298][T15847] xt_l2tp: missing protocol rule (udp|l2tpip)
[  908.437966][T15847] netlink: 'syz.0.2789': attribute type 9 has an invalid length.
[  908.840019][T15845] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2791'.
[  910.234497][ T5935] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  910.283929][   T89] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  910.333938][   T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  910.360517][T15878] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  910.404463][ T5935] usb 1-1: Using ep0 maxpacket: 16
[  910.446391][   T89] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  910.468751][   T89] usb 2-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[  910.490064][   T89] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  910.509666][   T89] usb 2-1: config 0 descriptor??
[  910.545417][ T5935] usb 1-1: config index 0 descriptor too short (expected 16456, got 72)
[  910.554020][ T5935] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[  910.562193][ T5935] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[  910.570430][ T5935] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[  910.578840][ T5935] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  910.593839][ T5935] usb 1-1: config 0 has no interface number 0
[  910.600037][ T5935] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  910.611184][   T10] usb 5-1: Using ep0 maxpacket: 8
[  910.616447][ T5935] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  910.626892][ T5935] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  910.637254][ T5935] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  910.650604][ T5935] usb 1-1: config 0 interface 125 has no altsetting 0
[  910.657862][ T5935] usb 1-1: config 0 interface 125 has no altsetting 2
[  910.665809][   T10] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  910.674274][   T10] usb 5-1: config 179 has no interface number 0
[  910.680704][   T10] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  910.692090][   T10] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  910.703744][   T10] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  910.715264][   T10] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  910.727408][   T10] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  910.741913][ T5935] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  910.751158][ T5935] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  910.759580][ T5935] usb 1-1: Product: syz
[  910.763752][ T5935] usb 1-1: Manufacturer: syz
[  910.764043][   T43] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  910.768866][ T5935] usb 1-1: SerialNumber: syz
[  910.780813][   T10] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  910.792621][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  910.801998][ T5935] usb 1-1: config 0 descriptor??
[  910.810376][ T5935] usb 1-1: selecting invalid altsetting 2
[  910.825799][T15867] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  910.936523][   T89] usbhid 2-1:0.0: can't add hid device: -71
[  910.942680][   T89] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  910.954558][   T43] usb 6-1: config 0 has an invalid interface number: 117 but max is 0
[  910.964577][   T89] usb 2-1: USB disconnect, device number 45
[  910.973460][   T43] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  910.987102][   T43] usb 6-1: config 0 has no interface number 0
[  910.993288][   T43] usb 6-1: config 0 interface 117 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  911.008230][   T43] usb 6-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  911.025827][   T43] usb 6-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  911.035613][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  911.043693][   T43] usb 6-1: Product: syz
[  911.049309][   T43] usb 6-1: Manufacturer: syz
[  911.053304][ T5942] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input42
[  911.054048][   T43] usb 6-1: SerialNumber: syz
[  911.057166][   T43] usb 6-1: config 0 descriptor??
[  911.221698][T15863] I/O error, dev loop0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  911.231739][T15863] MINIX-fs: unable to read superblock
[  911.253131][T15867] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2798'.
[  911.264171][   T10] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  911.368581][T15885] input: syz1 as /devices/virtual/input/input43
[  911.404705][T15889] EXT4-fs: Conflicting test_dummy_encryption options
[  911.405717][ T7359] Bluetooth: (null): Too short H5 packet
[  911.421645][ T7359] Bluetooth: (null): Invalid header checksum
[  911.429973][ T7359] Bluetooth: (null): Invalid header checksum
[  911.445082][   T10] usb 4-1: Using ep0 maxpacket: 8
[  911.506482][ T6187] Bluetooth: (null): Invalid header checksum
[  911.564847][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[  911.594745][   T10] usb 4-1: New USB device found, idVendor=0c70, idProduct=f003, bcdDevice= 0.00
[  911.654061][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  911.657181][   T89] usb 6-1: USB disconnect, device number 4
[  911.884185][ T5935] get_1284_register timeout
[  911.915286][    C0] usb 1-1: async_complete: urb error -104
[  911.921169][    C0] usb 1-1: async_complete: urb error -104
[  911.977652][   T10] usb 4-1: config 0 descriptor??
[  911.983058][ T5935] uss720 1-1:0.125: probe with driver uss720 failed with error -5
[  912.206159][ T5935] usb 5-1: USB disconnect, device number 12
[  912.206214][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  912.220514][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  912.305152][T15899] overlayfs: failed to resolve './file0': -2
[  912.537353][T15884] netlink: 'syz.3.2805': attribute type 8 has an invalid length.
[  912.741598][T15884] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2805'.
[  912.742834][   T10] aquacomputer_d5next 0003:0C70:F003.000E: unknown main item tag 0x0
[  912.804247][   T10] aquacomputer_d5next 0003:0C70:F003.000E: hidraw0: USB HID v0.00 Device [HID 0c70:f003] on usb-dummy_hcd.3-1/input0
[  913.049342][ T5935] usb 4-1: USB disconnect, device number 63
[  913.848027][ T6023] usb 1-1: USB disconnect, device number 68
[  913.895555][T15915] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2808'.
[  915.144591][ T6023] usb 1-1: new full-speed USB device number 69 using dummy_hcd
[  915.394028][ T6023] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  915.403915][ T6023] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  915.412354][ T6023] usb 1-1: Product: syz
[  915.416694][ T6023] usb 1-1: Manufacturer: syz
[  915.421307][ T6023] usb 1-1: SerialNumber: syz
[  916.129426][T15946] FAULT_INJECTION: forcing a failure.
[  916.129426][T15946] name failslab, interval 1, probability 0, space 0, times 0
[  916.142409][T15946] CPU: 0 UID: 0 PID: 15946 Comm: syz.3.2817 Not tainted syzkaller #0 PREEMPT(full) 
[  916.142433][T15946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  916.142444][T15946] Call Trace:
[  916.142452][T15946]  <TASK>
[  916.142461][T15946]  dump_stack_lvl+0x189/0x250
[  916.142489][T15946]  ? __pfx____ratelimit+0x10/0x10
[  916.142509][T15946]  ? __pfx_dump_stack_lvl+0x10/0x10
[  916.142529][T15946]  ? __pfx__printk+0x10/0x10
[  916.142554][T15946]  ? __pfx___might_resched+0x10/0x10
[  916.142571][T15946]  ? fs_reclaim_acquire+0x7d/0x100
[  916.142589][T15946]  should_fail_ex+0x414/0x560
[  916.142611][T15946]  should_failslab+0xa8/0x100
[  916.142626][T15946]  kmem_cache_alloc_node_noprof+0x77/0x710
[  916.142646][T15946]  ? __alloc_skb+0x112/0x2d0
[  916.142660][T15946]  ? netlink_autobind+0xdb/0x300
[  916.142678][T15946]  __alloc_skb+0x112/0x2d0
[  916.142696][T15946]  netlink_sendmsg+0x5c6/0xb30
[  916.142718][T15946]  ? __pfx_netlink_sendmsg+0x10/0x10
[  916.142735][T15946]  ? aa_sock_msg_perm+0xf1/0x1d0
[  916.142754][T15946]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  916.142769][T15946]  ? __pfx_netlink_sendmsg+0x10/0x10
[  916.142784][T15946]  __sock_sendmsg+0x21c/0x270
[  916.142806][T15946]  ____sys_sendmsg+0x505/0x830
[  916.142827][T15946]  ? __pfx_____sys_sendmsg+0x10/0x10
[  916.142849][T15946]  ? import_iovec+0x74/0xa0
[  916.142866][T15946]  ___sys_sendmsg+0x21f/0x2a0
[  916.142884][T15946]  ? __pfx____sys_sendmsg+0x10/0x10
[  916.142926][T15946]  ? __fget_files+0x2a/0x420
[  916.142939][T15946]  ? __fget_files+0x3a0/0x420
[  916.142961][T15946]  __x64_sys_sendmsg+0x19b/0x260
[  916.142979][T15946]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  916.143002][T15946]  ? __pfx_ksys_write+0x10/0x10
[  916.143024][T15946]  ? do_syscall_64+0xbe/0xfa0
[  916.143043][T15946]  do_syscall_64+0xfa/0xfa0
[  916.143057][T15946]  ? lockdep_hardirqs_on+0x9c/0x150
[  916.143072][T15946]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  916.143086][T15946]  ? clear_bhb_loop+0x60/0xb0
[  916.143102][T15946]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  916.143115][T15946] RIP: 0033:0x7f0a8fb8ec29
[  916.143128][T15946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  916.143141][T15946] RSP: 002b:00007f0a9099b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  916.143157][T15946] RAX: ffffffffffffffda RBX: 00007f0a8fdd5fa0 RCX: 00007f0a8fb8ec29
[  916.143167][T15946] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  916.143176][T15946] RBP: 00007f0a9099b090 R08: 0000000000000000 R09: 0000000000000000
[  916.143184][T15946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  916.143193][T15946] R13: 00007f0a8fdd6038 R14: 00007f0a8fdd5fa0 R15: 00007ffcca3b1798
[  916.143221][T15946]  </TASK>
[  916.649192][T15952] overlayfs: failed to resolve './file0': -2
[  916.998839][ T6023] cdc_ncm 1-1:1.0: bind() failure
[  917.267592][ T6023] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  917.411769][ T6023] cdc_ncm 1-1:1.1: bind() failure
[  917.589630][ T6023] usb 1-1: USB disconnect, device number 69
[  917.989579][T15975] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2825'.
[  918.102038][ T5935] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  918.312001][ T5935] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  918.483182][ T5935] usb 2-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[  918.484820][T15984] overlayfs: missing 'lowerdir'
[  918.504049][ T5935] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  918.525561][ T5935] usb 2-1: config 0 descriptor??
[  919.082062][T15987] ntfs3: Unknown parameter 'noforce'
[  919.082336][ T5935] aquacomputer_d5next 0003:0C70:F00B.000F: unknown main item tag 0x0
[  920.907364][T15991] F2FS-fs: Quota file already specified
[  921.062953][ T5935] aquacomputer_d5next 0003:0C70:F00B.000F: unknown main item tag 0x0
[  921.071262][ T5935] aquacomputer_d5next 0003:0C70:F00B.000F: item fetching failed at offset 3/7
[  921.081231][ T5935] aquacomputer_d5next 0003:0C70:F00B.000F: probe with driver aquacomputer_d5next failed with error -22
[  921.095247][ T5935] usb 2-1: USB disconnect, device number 46
[  923.706956][T16013] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  923.716600][T16013] exFAT-fs (loop3): unable to read boot sector
[  923.722788][T16013] exFAT-fs (loop3): failed to read boot sector
[  923.729028][T16013] exFAT-fs (loop3): failed to recognize exfat type
[  924.854608][T16009] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  925.255895][T16020] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2839'.
[  925.434692][T16025] netlink: 'syz.3.2840': attribute type 1 has an invalid length.
[  926.178234][T16022] netlink: 'syz.5.2841': attribute type 2 has an invalid length.
[  926.186052][T16022] netlink: 'syz.5.2841': attribute type 11 has an invalid length.
[  926.193945][T16022] netlink: 132 bytes leftover after parsing attributes in process `syz.5.2841'.
[  926.240054][T16031] fuse: Bad value for 'fd'
[  926.624386][T16009] orangefs_mount: mount request failed with -4
[  927.164290][T16043] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2845'.
[  927.173570][T16043] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2845'.
[  928.058713][T16057] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  928.984187][   T43] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  929.338254][T16064] EXT4-fs: Ignoring removed nomblk_io_submit option
[  929.355317][T16064] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  929.365844][T16064] EXT4-fs (loop4): unable to read superblock
[  929.536025][   T43] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  929.548346][   T43] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  929.559388][   T43] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  929.597954][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  929.604636][T16067] netlink: 'syz.1.2852': attribute type 1 has an invalid length.
[  929.698241][T16072] netlink: 'syz.5.2853': attribute type 1 has an invalid length.
[  929.739394][T16072] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2853'.
[  929.762895][T16072] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2853'.
[  929.865078][T16058] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  929.902015][   T43] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  930.024354][T14764] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  930.101261][T16058] fuse: Unknown parameter 'rootmod'
[  930.185491][T14764] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  930.195854][T14764] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  930.210446][T14764] usb 1-1: New USB device found, idVendor=05ac, idProduct=921c, bcdDevice=9d.fb
[  930.227977][T14764] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  930.244995][T14764] usb 1-1: config 0 descriptor??
[  930.283994][ T6023] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  930.434296][ T6023] usb 5-1: Using ep0 maxpacket: 32
[  930.441655][ T6023] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  930.451544][ T6023] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 0
[  930.456882][T16073] netlink: 388 bytes leftover after parsing attributes in process `syz.0.2854'.
[  930.473019][ T6023] usb 5-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=6d.22
[  930.483062][ T6023] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  930.491950][ T6023] usb 5-1: Product: syz
[  930.494005][   T43] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  930.496363][ T6023] usb 5-1: Manufacturer: syz
[  930.508903][ T6023] usb 5-1: SerialNumber: syz
[  930.515726][ T6023] usb 5-1: config 0 descriptor??
[  930.522757][ T6023] usbserial_generic 5-1:0.0: The "generic" usb-serial driver is only for testing and one-off prototypes.
[  930.523891][T14764] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  930.534142][ T6023] usbserial_generic 5-1:0.0: Tell linux-usb@vger.kernel.org to add your device to a proper driver.
[  930.553101][ T6023] usbserial_generic 5-1:0.0: generic converter detected
[  930.562192][ T6023] usb 5-1: generic converter now attached to ttyUSB0
[  930.658327][   T43] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  930.668289][   T43] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  930.678520][   T43] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  930.694393][   T43] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  930.703464][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  930.712400][   T43] usb 6-1: Product: syz
[  930.717239][   T43] usb 6-1: Manufacturer: syz
[  930.722132][   T43] usb 6-1: SerialNumber: syz
[  930.727028][T14764] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  930.738679][T14764] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  930.750677][T14764] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  930.761311][T14764] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  930.776800][   T43] hub 6-1:1.0: bad descriptor, ignoring hub
[  930.782783][   T43] hub 6-1:1.0: probe with driver hub failed with error -5
[  930.790284][T14764] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  930.800951][T14764] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  930.814304][T14764] usb 2-1: config 0 descriptor??
[  930.998349][   T43] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  931.032418][T14764] plantronics 0003:047F:FFFF.0010: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  931.147703][T14764] usb 4-1: USB disconnect, device number 64
[  931.234393][T16086] fuse: Bad value for 'fd'
[  931.532355][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  931.538834][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  931.550171][T14764] usb 2-1: USB disconnect, device number 47
[  931.867789][ T5935] usb 5-1: USB disconnect, device number 13
[  931.904643][ T5935] generic ttyUSB0: generic converter now disconnected from ttyUSB0
[  931.943747][ T5935] usbserial_generic 5-1:0.0: device disconnected
[  932.280424][   T30] audit: type=1326 audit(1758334764.942:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16093 comm="syz.4.2862" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efcad38ec29 code=0x0
[  932.341893][ T5935] kernel write not supported for file bpf-prog (pid: 5935 comm: kworker/0:4)
[  932.686890][T16100] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  932.696421][T16100] (syz.3.2864,16100,1):ocfs2_get_sector:1714 ERROR: status = -5
[  932.704527][T16100] (syz.3.2864,16100,1):ocfs2_sb_probe:753 ERROR: status = -5
[  932.711910][T16100] (syz.3.2864,16100,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  932.720835][T16100] (syz.3.2864,16100,1):ocfs2_fill_super:1177 ERROR: status = -5
[  933.103167][T14764] usb 1-1: USB disconnect, device number 70
[  933.320089][T16108] netlink: 'syz.4.2865': attribute type 1 has an invalid length.
[  933.428908][T16107] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2865'.
[  933.480426][T16107] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2865'.
[  933.581000][T16116] fuse: Bad value for 'fd'
[  933.624366][ T5935] usb 6-1: USB disconnect, device number 5
[  933.635470][ T5935] usblp0: removed
[  934.115800][T16128] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  934.444106][T14764] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  934.634241][T16137] fuse: Unknown parameter 'root00000000000000040000$user_&d'
[  934.759442][T14764] usb 1-1: Using ep0 maxpacket: 32
[  934.766971][T14764] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  934.784207][T14764] usb 1-1: config 0 has no interface number 0
[  934.790350][T14764] usb 1-1: config 0 interface 184 has no altsetting 0
[  934.817167][T14764] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  934.829491][T14764] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  934.837883][T14764] usb 1-1: Product: syz
[  934.842178][T14764] usb 1-1: Manufacturer: syz
[  934.850740][T14764] usb 1-1: SerialNumber: syz
[  934.894290][   T89] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  935.334497][T14764] usb 1-1: config 0 descriptor??
[  935.343594][T14764] smsc75xx v1.0.0
[  935.473867][   T89] usb 5-1: Using ep0 maxpacket: 32
[  935.570408][   T89] usb 5-1: config 0 has an invalid interface number: 241 but max is 2
[  935.816550][   T89] usb 5-1: config 0 has an invalid interface number: 215 but max is 2
[  935.837845][T16157] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2879'.
[  935.853833][   T89] usb 5-1: config 0 has an invalid interface number: 101 but max is 2
[  935.867386][T16159] fuse: Bad value for 'fd'
[  935.872228][   T89] usb 5-1: config 0 has no interface number 0
[  935.889561][   T89] usb 5-1: config 0 has no interface number 1
[  935.907450][   T89] usb 5-1: config 0 has no interface number 2
[  935.919717][   T89] usb 5-1: config 0 interface 241 has no altsetting 0
[  935.926728][   T89] usb 5-1: config 0 interface 215 has no altsetting 0
[  935.946289][   T89] usb 5-1: config 0 interface 101 has no altsetting 0
[  935.956610][   T89] usb 5-1: New USB device found, idVendor=157e, idProduct=300e, bcdDevice=97.6b
[  936.024076][   T89] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.169748][T16157] fuse: Bad value for 'fd'
[  936.409972][   T89] usb 5-1: config 0 descriptor??
[  936.623380][T14764] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71
[  936.635713][T14764] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  936.648346][   T89] usb 5-1: string descriptor 0 read error: -71
[  936.678354][   T89] usb 5-1: USB disconnect, device number 14
[  936.697834][T14764] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  936.710451][T14764] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  936.713883][   T30] audit: type=1326 audit(1758334769.352:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16164 comm="syz.5.2883" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7fa010185be7 code=0x0
[  936.722190][T14764] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  936.778178][T16168] input: syz0 as /devices/virtual/input/input45
[  936.806564][T14764] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  936.823114][T14764] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  936.970992][T14764] usb 1-1: USB disconnect, device number 71
[  937.404621][T16183] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  937.528360][T16184] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  941.462990][T16192] fuse: Bad value for 'fd'
[  941.704192][T16199] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2890'.
[  942.262179][T16198] fuse: Bad value for 'fd'
[  942.786500][T16205] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  942.800337][T16194] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  943.051411][T16196] orangefs_mount: mount request failed with -4
[  943.080143][T16213] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2895'.
[  943.504091][ T5928] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  943.864275][ T5928] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  945.930177][ T5928] usb 1-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[  948.288252][ T5928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  948.350004][ T5928] usb 1-1: config 0 descriptor??
[  948.379463][ T5928] usb 1-1: can't set config #0, error -71
[  948.400147][ T5928] usb 1-1: USB disconnect, device number 72
[  948.747917][T16239] tipc: Started in network mode
[  948.752912][T16239] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  948.764887][T16239] tipc: Enabled bearer <udp:syz0>, priority 10
[  949.328167][   T89] kernel read not supported for file inotify (pid: 89 comm: kworker/1:2)
[  949.691767][T16261] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2906'.
[  949.763882][ T5935] tipc: Node number set to 4269801488
[  951.318751][T16257] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  951.493879][ T5935] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  951.645322][T16269] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2913'.
[  951.654353][T16269] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2913'.
[  951.663299][T16269] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2913'.
[  951.672337][T16269] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2913'.
[  951.779010][ T5935] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  951.798188][ T5935] usb 6-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[  951.808054][ T5935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  951.818696][ T5935] usb 6-1: config 0 descriptor??
[  951.961753][T16257] orangefs_mount: mount request failed with -4
[  952.086382][T16287] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  953.087002][T16294] FAULT_INJECTION: forcing a failure.
[  953.087002][T16294] name failslab, interval 1, probability 0, space 0, times 0
[  953.127925][ T5935] aquacomputer_d5next 0003:0C70:F00B.0011: unknown main item tag 0x0
[  953.156267][ T5935] aquacomputer_d5next 0003:0C70:F00B.0011: unknown main item tag 0x0
[  953.167393][T16294] CPU: 0 UID: 0 PID: 16294 Comm: syz.4.2918 Not tainted syzkaller #0 PREEMPT(full) 
[  953.167425][T16294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  953.167437][T16294] Call Trace:
[  953.167446][T16294]  <TASK>
[  953.167455][T16294]  dump_stack_lvl+0x189/0x250
[  953.167481][T16294]  ? __pfx____ratelimit+0x10/0x10
[  953.167500][T16294]  ? __pfx_dump_stack_lvl+0x10/0x10
[  953.167520][T16294]  ? __pfx__printk+0x10/0x10
[  953.167548][T16294]  ? __pfx___might_resched+0x10/0x10
[  953.167570][T16294]  ? fs_reclaim_acquire+0x7d/0x100
[  953.167592][T16294]  should_fail_ex+0x414/0x560
[  953.167619][T16294]  should_failslab+0xa8/0x100
[  953.167639][T16294]  kmem_cache_alloc_node_noprof+0x77/0x710
[  953.167662][T16294]  ? __alloc_skb+0x112/0x2d0
[  953.167679][T16294]  ? netlink_autobind+0xdb/0x300
[  953.167701][T16294]  __alloc_skb+0x112/0x2d0
[  953.167721][T16294]  netlink_sendmsg+0x5c6/0xb30
[  953.167746][T16294]  ? __pfx_netlink_sendmsg+0x10/0x10
[  953.167767][T16294]  ? aa_sock_msg_perm+0xf1/0x1d0
[  953.167792][T16294]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  953.167810][T16294]  ? __pfx_netlink_sendmsg+0x10/0x10
[  953.167838][T16294]  __sock_sendmsg+0x21c/0x270
[  953.167865][T16294]  ____sys_sendmsg+0x505/0x830
[  953.167892][T16294]  ? __pfx_____sys_sendmsg+0x10/0x10
[  953.167921][T16294]  ? import_iovec+0x74/0xa0
[  953.167943][T16294]  ___sys_sendmsg+0x21f/0x2a0
[  953.167966][T16294]  ? __pfx____sys_sendmsg+0x10/0x10
[  953.168035][T16294]  ? __fget_files+0x2a/0x420
[  953.168051][T16294]  ? __fget_files+0x3a0/0x420
[  953.168079][T16294]  __x64_sys_sendmsg+0x19b/0x260
[  953.168102][T16294]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  953.168133][T16294]  ? rcu_is_watching+0x15/0xb0
[  953.168166][T16294]  do_syscall_64+0xfa/0xfa0
[  953.168187][T16294]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  953.168203][T16294]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  953.168220][T16294]  ? clear_bhb_loop+0x60/0xb0
[  953.168240][T16294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  953.168257][T16294] RIP: 0033:0x7efcad38ec29
[  953.168273][T16294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  953.168288][T16294] RSP: 002b:00007efcae1c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  953.168307][T16294] RAX: ffffffffffffffda RBX: 00007efcad5d5fa0 RCX: 00007efcad38ec29
[  953.168321][T16294] RDX: 0000000000000040 RSI: 0000200000000280 RDI: 0000000000000003
[  953.168332][T16294] RBP: 00007efcae1c1090 R08: 0000000000000000 R09: 0000000000000000
[  953.168349][T16294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  953.168359][T16294] R13: 00007efcad5d6038 R14: 00007efcad5d5fa0 R15: 00007fff2c022078
[  953.168390][T16294]  </TASK>
[  953.168623][ T5935] aquacomputer_d5next 0003:0C70:F00B.0011: item fetching failed at offset 3/7
[  953.396857][T16297] netlink: 'syz.3.2916': attribute type 1 has an invalid length.
[  953.422475][ T5935] aquacomputer_d5next 0003:0C70:F00B.0011: probe with driver aquacomputer_d5next failed with error -22
[  953.480699][ T5935] usb 6-1: USB disconnect, device number 6
[  953.632819][ T6023] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  953.687877][T16302] overlayfs: failed to resolve './file0': -2
[  953.783872][ T6023] usb 1-1: Using ep0 maxpacket: 32
[  953.790724][ T6023] usb 1-1: config 0 has an invalid interface number: 121 but max is 0
[  953.800366][ T6023] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  953.811445][ T6023] usb 1-1: config 0 has no interface number 0
[  953.909734][ T6023] usb 1-1: config 0 interface 121 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  953.933495][ T6023] usb 1-1: config 0 interface 121 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  953.961388][ T6023] usb 1-1: config 0 interface 121 has no altsetting 0
[  953.976387][ T6023] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0111, bcdDevice=78.03
[  953.986571][ T6023] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  953.994984][ T6023] usb 1-1: Product: syz
[  953.999240][ T6023] usb 1-1: Manufacturer: syz
[  954.004341][ T6023] usb 1-1: SerialNumber: syz
[  954.015947][ T6023] usb 1-1: config 0 descriptor??
[  954.138215][T16310] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2923'.
[  954.482426][T16296] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2920'.
[  954.787517][ T6023] kvaser_usb 1-1:0.121: error -ENODEV: Cannot get usb endpoint(s)
[  954.838691][T16313] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2924'.
[  955.001809][ T6023] usb 1-1: USB disconnect, device number 73
[  955.953598][T16340] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  955.962685][T16340] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  956.615571][T16362] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2938'.
[  957.306233][T16363] bridge0: entered allmulticast mode
[  957.508713][T16373] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2942'.
[  957.523876][T16373] netem: change failed
[  957.535944][   T30] audit: type=1326 audit(1758334790.192:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16367 comm="syz.5.2941" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa01018ec29 code=0x0
[  957.579830][T16371] netlink: 'syz.4.2940': attribute type 1 has an invalid length.
[  960.575576][T16400] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:20002
[  960.667705][T16403] netlink: 'syz.0.2950': attribute type 1 has an invalid length.
[  960.733130][T16402] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2950'.
[  962.915699][T16438] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  963.507401][   T89] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  964.193884][   T89] usb 1-1: device descriptor read/64, error -71
[  964.923911][   T89] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  965.495253][T16472] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2968'.
[  965.841654][T16478] netlink: 'syz.4.2970': attribute type 1 has an invalid length.
[  966.680063][T16489] IPVS: ip_vs_add_dest(): server weight less than zero
[  967.870608][T16499] FAULT_INJECTION: forcing a failure.
[  967.870608][T16499] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  967.883682][T16499] CPU: 1 UID: 0 PID: 16499 Comm: syz.5.2976 Not tainted syzkaller #0 PREEMPT(full) 
[  967.883697][T16499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  967.883703][T16499] Call Trace:
[  967.883710][T16499]  <TASK>
[  967.883716][T16499]  dump_stack_lvl+0x189/0x250
[  967.883734][T16499]  ? __pfx____ratelimit+0x10/0x10
[  967.883750][T16499]  ? __pfx_dump_stack_lvl+0x10/0x10
[  967.883768][T16499]  ? __pfx__printk+0x10/0x10
[  967.883800][T16499]  should_fail_ex+0x414/0x560
[  967.883823][T16499]  _copy_from_user+0x2d/0xb0
[  967.883834][T16499]  copy_from_sockptr+0x48/0x70
[  967.883848][T16499]  ip_mroute_setsockopt+0x6a1/0xf60
[  967.883866][T16499]  ? __pfx_ip_mroute_setsockopt+0x10/0x10
[  967.883891][T16499]  ? __lock_acquire+0xab9/0xd20
[  967.883908][T16499]  do_ip_setsockopt+0xf11/0x2d00
[  967.883928][T16499]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  967.883942][T16499]  ? __lock_acquire+0xab9/0xd20
[  967.883958][T16499]  ? aa_sk_perm+0x81e/0x950
[  967.883973][T16499]  ? __pfx_aa_sk_perm+0x10/0x10
[  967.883986][T16499]  ? aa_sock_opt_perm+0xff/0x1b0
[  967.884001][T16499]  ip_setsockopt+0x66/0x110
[  967.884009][T16499]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  967.884026][T16499]  do_sock_setsockopt+0x17c/0x1b0
[  967.884041][T16499]  __x64_sys_setsockopt+0x13f/0x1b0
[  967.884055][T16499]  do_syscall_64+0xfa/0xfa0
[  967.884067][T16499]  ? lockdep_hardirqs_on+0x9c/0x150
[  967.884078][T16499]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  967.884087][T16499]  ? clear_bhb_loop+0x60/0xb0
[  967.884100][T16499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  967.884109][T16499] RIP: 0033:0x7fa01018ec29
[  967.884120][T16499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  967.884129][T16499] RSP: 002b:00007fa010fb6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  967.884141][T16499] RAX: ffffffffffffffda RBX: 00007fa0103d5fa0 RCX: 00007fa01018ec29
[  967.884148][T16499] RDX: 00000000000000ca RSI: 0000000000000000 RDI: 0000000000000005
[  967.884154][T16499] RBP: 00007fa010fb6090 R08: 0000000000000010 R09: 0000000000000000
[  967.884160][T16499] R10: 0000200000000380 R11: 0000000000000246 R12: 0000000000000001
[  967.884167][T16499] R13: 00007fa0103d6038 R14: 00007fa0103d5fa0 R15: 00007ffceac01ab8
[  967.884184][T16499]  </TASK>
[  968.540048][T16508] block device autoloading is deprecated and will be removed.
[  968.611878][ T6023] usb 4-1: new low-speed USB device number 65 using dummy_hcd
[  968.754669][ T6023] usb 4-1: device descriptor read/64, error -71
[  969.014012][ T6023] usb 4-1: new low-speed USB device number 66 using dummy_hcd
[  969.033927][ T5942] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  969.164845][ T6023] usb 4-1: device descriptor read/64, error -71
[  969.186357][ T5942] usb 5-1: Using ep0 maxpacket: 16
[  969.195013][ T5942] usb 5-1: unable to get BOS descriptor or descriptor too short
[  969.207636][ T5942] usb 5-1: config 6 has an invalid interface number: 6 but max is 0
[  969.216027][ T5942] usb 5-1: config 6 has no interface number 0
[  969.222303][ T5942] usb 5-1: config 6 interface 6 altsetting 0 endpoint 0x1 has invalid maxpacket 1023, setting to 64
[  969.237820][ T5942] usb 5-1: New USB device found, idVendor=0675, idProduct=0200, bcdDevice= a.a8
[  969.257111][ T5942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  969.281722][ T5942] usb 5-1: Product: syz
[  969.288578][ T6023] usb usb4-port1: attempt power cycle
[  969.300384][ T5942] usb 5-1: Manufacturer: syz
[  969.308210][ T5942] usb 5-1: SerialNumber: syz
[  969.719035][ T5942] cxacru 5-1:6.6: cxacru_bind: interface has incorrect endpoints
[  969.823511][ T6023] usb 4-1: new low-speed USB device number 67 using dummy_hcd
[  969.847544][ T5942] cxacru 5-1:6.6: usbatm_usb_probe: bind failed: -19!
[  969.891151][ T5942] usb 5-1: USB disconnect, device number 15
[  969.902990][ T6023] usb 4-1: device descriptor read/8, error -71
[  970.186081][T16548] fuse: Bad value for 'fd'
[  970.812582][T16552] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  971.123131][T16558] netlink: 'syz.5.2988': attribute type 1 has an invalid length.
[  971.251931][T16558] 8021q: adding VLAN 0 to HW filter on device bond2
[  971.417582][T16567] fuse: Bad value for 'fd'
[  971.927763][   T30] audit: type=1326 audit(1758334804.582:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16563 comm="syz.0.2989" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb78138ec29 code=0x0
[  972.786677][T16575] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2991'.
[  972.842484][T16552] orangefs_mount: mount request failed with -4
[  974.022419][T16587] netlink: 'syz.5.2994': attribute type 1 has an invalid length.
[  974.616591][T16594] netlink: 'syz.3.2997': attribute type 1 has an invalid length.
[  974.657338][T16594] 8021q: adding VLAN 0 to HW filter on device bond12
[  974.694015][ T6023] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  974.874986][T16601] netlink: 'syz.1.3000': attribute type 1 has an invalid length.
[  974.888344][ T6023] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  974.911683][T16601] 8021q: adding VLAN 0 to HW filter on device bond7
[  975.023990][ T6023] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[  975.033063][ T6023] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  975.086991][ T6023] usb 5-1: config 0 descriptor??
[  975.633634][ T6023] aquacomputer_d5next 0003:0C70:F00B.0012: unknown main item tag 0x0
[  975.669518][ T6023] aquacomputer_d5next 0003:0C70:F00B.0012: unknown main item tag 0x0
[  975.703988][ T6023] aquacomputer_d5next 0003:0C70:F00B.0012: item fetching failed at offset 3/7
[  975.758024][ T6023] aquacomputer_d5next 0003:0C70:F00B.0012: probe with driver aquacomputer_d5next failed with error -22
[  975.832801][ T6023] usb 5-1: USB disconnect, device number 16
[  976.780352][T16621] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  976.796407][T16621] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  976.805568][T16621] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  976.813625][T16621] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  976.821459][T16621] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  977.230832][T11271] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  977.269274][T11271] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  977.414715][T11271] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  977.422967][T11271] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  977.431271][T11271] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  977.869078][T16629] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  978.037850][T16635] comedi comedi0: driver 'ni_daq_700' does not support attach using comedi_config
[  978.057843][ T6187] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  978.315180][ T6187] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  979.337927][ T6187] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  979.339297][T16652] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  979.358003][T16652] EXT4-fs (loop4): unable to read superblock
[  979.508354][ T6023] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  979.795598][T16657] EXT4-fs: Ignoring removed orlov option
[  979.833887][T16657] I/O error, dev loop4, sector 6 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  979.846733][T16657] EXT4-fs (loop4): unable to read superblock
[  979.863718][ T6023] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  979.865076][T16621] Bluetooth: hci5: command tx timeout
[  979.875292][ T6023] usb 2-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[  980.030966][ T6023] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  980.612283][ T6023] usb 2-1: config 0 descriptor??
[  980.667770][ T6187] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  981.189771][ T6023] usbhid 2-1:0.0: can't add hid device: -71
[  981.201504][ T6023] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  981.213343][ T6023] usb 2-1: USB disconnect, device number 48
[  981.901739][T16619] chnl_net:caif_netlink_parms(): no params data found
[  981.926609][T16621] Bluetooth: hci5: command tx timeout
[  982.827529][T16677] netlink: 'syz.4.3020': attribute type 1 has an invalid length.
[  983.569910][ T6187] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  983.580713][ T6187] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  983.591565][ T6187] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  983.603112][ T6187] bond0 (unregistering): Released all slaves
[  983.717064][ T6187] bond1 (unregistering): Released all slaves
[  983.828493][ T6187] bond2 (unregistering): Released all slaves
[  983.842439][ T6187] bond3 (unregistering): Released all slaves
[  983.862636][T16686] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  984.004280][T16621] Bluetooth: hci5: command tx timeout
[  984.184552][ T6187] tipc: Disabling bearer <udp:syz0>
[  984.208453][ T6187] tipc: Left network mode
[  984.220744][T16619] bridge0: port 1(bridge_slave_0) entered blocking state
[  984.228736][T16619] bridge0: port 1(bridge_slave_0) entered disabled state
[  984.236564][T16619] bridge_slave_0: entered allmulticast mode
[  984.244766][T16619] bridge_slave_0: entered promiscuous mode
[  984.264964][T16619] bridge0: port 2(bridge_slave_1) entered blocking state
[  984.272622][T16619] bridge0: port 2(bridge_slave_1) entered disabled state
[  984.282196][T16619] bridge_slave_1: entered allmulticast mode
[  984.300571][T16619] bridge_slave_1: entered promiscuous mode
[  984.582238][T16619] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  984.642932][T16619] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  984.683115][T16619] team0: Port device team_slave_0 added
[  984.692192][T16619] team0: Port device team_slave_1 added
[  984.744341][ T6187] hsr_slave_0: left promiscuous mode
[  984.752329][ T6187] hsr_slave_1: left promiscuous mode
[  984.760493][ T6187] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  984.768473][ T6187] batman_adv: batadv0: Removing interface: batadv_slave_0
[  984.777542][ T6187] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  984.785521][ T6187] batman_adv: batadv0: Removing interface: batadv_slave_1
[  984.813330][ T6187] veth1_macvtap: left promiscuous mode
[  984.819488][ T6187] veth0_macvtap: left promiscuous mode
[  984.837082][ T6187] veth1_vlan: left promiscuous mode
[  984.854909][ T6187] veth0_vlan: left promiscuous mode
[  985.855478][T16731] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  986.085482][T16621] Bluetooth: hci5: command tx timeout
[  987.388637][ T6187] team0 (unregistering): Port device team_slave_1 removed
[  987.442526][ T6187] team0 (unregistering): Port device team_slave_0 removed
[  987.880339][T16619] batman_adv: batadv0: Adding interface: batadv_slave_0
[  987.887478][T16619] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  987.914152][T16619] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  987.932446][T16738] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  988.063402][T16619] batman_adv: batadv0: Adding interface: batadv_slave_1
[  988.070622][T16619] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  988.148046][T16619] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  989.510047][T16767] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3043'.
[  989.947171][T16764] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3041'.
[  990.099214][T16619] hsr_slave_0: entered promiscuous mode
[  990.122420][T16619] hsr_slave_1: entered promiscuous mode
[  990.335701][   T43] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  990.584071][   T43] usb 4-1: Using ep0 maxpacket: 16
[  990.612150][   T43] usb 4-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  990.669969][   T43] usb 4-1: config 1 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  990.730607][ T6187] IPVS: stop unused estimator thread 0...
[  990.733884][   T43] usb 4-1: config 1 interface 0 has no altsetting 0
[  990.757872][   T43] usb 4-1: New USB device found, idVendor=0b05, idProduct=1866, bcdDevice= 0.40
[  990.776982][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  990.794097][   T43] usb 4-1: Product: syz
[  990.798418][   T43] usb 4-1: Manufacturer: �럘者ݓ蓥�⬱岸㠚ꪠ��侚㧷�힇膹┣摣݉戯裊䆅軒ꋠ콶綡⨂뙪䢑⡚ﴡ韠儮껜ḯ�胅苟쯋�䞥ﬤ었橾㓵砾욷�◲朑霴
[  990.840660][   T43] usb 4-1: SerialNumber: syz
[  992.241894][   T43] usbhid 4-1:1.0: can't add hid device: -71
[  992.336627][T16802] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2232989687 (17863917496 ns) > initial count (15672707400 ns). Using initial count to start timer.
[  992.764106][   T43] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  992.811231][   T43] usb 4-1: USB disconnect, device number 69
[  992.995269][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  993.001712][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  993.278469][T16804] ntfs3: Unknown parameter 'ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ'
[  994.425648][T16818] bridge0: port 2(bridge_slave_1) entered disabled state
[  994.433005][T16818] bridge0: port 1(bridge_slave_0) entered disabled state
[  994.547396][T16818] bridge0: entered allmulticast mode
[  994.572703][T16821] bridge_slave_1: left allmulticast mode
[  994.585062][T16821] bridge_slave_1: left promiscuous mode
[  994.590880][T16821] bridge0: port 2(bridge_slave_1) entered disabled state
[  994.656537][T16821] bridge_slave_0: left allmulticast mode
[  994.741493][T16821] bridge_slave_0: left promiscuous mode
[  995.221993][T16821] bridge0: port 1(bridge_slave_0) entered disabled state
[  995.309094][T16840] fuse: Bad value for 'fd'
[  995.895868][T16619] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  996.461562][T16847] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[  996.471733][T16619] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  996.531661][T16619] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  996.556385][T16619] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  997.265874][T16619] 8021q: adding VLAN 0 to HW filter on device bond0
[  997.277200][T16866] tmpfs: Bad value for 'mpol'
[  997.466384][T16619] 8021q: adding VLAN 0 to HW filter on device team0
[  997.488504][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  997.495859][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  997.521826][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  997.529098][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  997.537288][ T6023] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  997.708204][ T6023] usb 5-1: config 0 has an invalid interface number: 214 but max is 0
[  997.716889][ T6023] usb 5-1: config 0 has no interface number 0
[  997.722997][ T6023] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  997.748801][ T6023] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  997.773199][ T6023] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  997.794841][ T6023] usb 5-1: Product: syz
[  997.799050][ T6023] usb 5-1: Manufacturer: syz
[  997.803654][ T6023] usb 5-1: SerialNumber: syz
[  997.816965][ T6023] usb 5-1: config 0 descriptor??
[  997.842779][T16881] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  997.849474][T16881] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  997.858918][T16881] vhci_hcd vhci_hcd.0: Device attached
[  998.993939][ T6023] usbtouchscreen 5-1:0.214: Failed to read FW rev: 0
[  999.000938][ T6023] usbtouchscreen 5-1:0.214: probe with driver usbtouchscreen failed with error -5
[  999.164505][T16619] 8021q: adding VLAN 0 to HW filter on device batadv0
[  999.182334][T16883] vhci_hcd: connection closed
[  999.199432][ T6487] vhci_hcd: stop threads
[  999.228627][ T6487] vhci_hcd: release socket
[  999.236933][ T6487] vhci_hcd: disconnect device
[  999.242917][ T5942] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  999.253212][ T5942] usb 39-1: enqueue for inactive port 0
[  999.279205][T16619] veth0_vlan: entered promiscuous mode
[  999.316805][T16619] veth1_vlan: entered promiscuous mode
[  999.343868][ T5942] vhci_hcd: vhci_device speed not set
[  999.387734][T16619] veth0_macvtap: entered promiscuous mode
[  999.402073][T16619] veth1_macvtap: entered promiscuous mode
[  999.414244][ T6023] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  999.440045][T16619] batman_adv: batadv0: Interface activated: batadv_slave_0
[  999.459960][T16619] batman_adv: batadv0: Interface activated: batadv_slave_1
[  999.478942][ T1330] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  999.501936][ T1330] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  999.529545][ T1330] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  999.561130][ T1330] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  999.573902][ T6023] usb 2-1: Using ep0 maxpacket: 8
[  999.605361][ T6023] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  999.610990][ T1330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  999.613632][ T6023] usb 2-1: config 179 has no interface number 0
[  999.613676][ T6023] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  999.640279][ T1330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  999.657048][ T6023] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  999.679545][ T6023] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  999.701858][ T6023] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  999.713517][ T6187] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  999.721548][ T6187] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  999.742314][ T6023] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  999.776139][ T6023] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  999.794593][ T6023] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  999.816525][T16890] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1000.087868][T16909] netlink: 'syz.3.3076': attribute type 5 has an invalid length.
[ 1000.139541][ T6023] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input47
[ 1000.363149][T16890] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3070'.
[ 1000.395200][T14764] usb 5-1: USB disconnect, device number 17
[ 1000.472668][T16920] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1000.482398][T16920] exFAT-fs (loop0): unable to read boot sector
[ 1000.488843][T16920] exFAT-fs (loop0): failed to read boot sector
[ 1000.495368][T16920] exFAT-fs (loop0): failed to recognize exfat type
[ 1000.536180][T16912] I/O error, dev loop0, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[ 1000.641445][T16912] EXT4-fs (loop0): unable to read superblock
[ 1000.745285][T16922] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1001.575496][T16923] netlink: 'syz.5.3078': attribute type 1 has an invalid length.
[ 1001.697319][T16927] fuse: Bad value for 'fd'
[ 1002.895137][T16923] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1002.915439][ T6023] usb 2-1: USB disconnect, device number 49
[ 1002.921374][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1002.921404][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1003.190476][T16938] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1003.856672][T16941] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3084'.
[ 1003.873647][T16941] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3084'.
[ 1004.273107][T16950] fuse: Bad value for 'fd'
[ 1004.763968][ T6009] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[ 1004.819677][T16959] input: syz0 as /devices/virtual/input/input48
[ 1004.904716][ T6009] usb 1-1: device descriptor read/64, error -71
[ 1004.918730][T16961] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3092'.
[ 1004.943871][   T43] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[ 1005.105043][   T43] usb 4-1: Using ep0 maxpacket: 8
[ 1005.144042][ T6009] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[ 1005.234103][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1005.246969][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1005.257269][   T43] usb 4-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00
[ 1005.266776][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1005.295902][   T43] usb 4-1: config 0 descriptor??
[ 1005.373961][ T6009] usb 1-1: device descriptor read/64, error -71
[ 1005.496133][T16973] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3096'.
[ 1005.506790][ T6009] usb usb1-port1: attempt power cycle
[ 1005.904087][ T6009] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[ 1005.959433][T16978] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1006.418863][   T43] usbhid 4-1:0.0: can't add hid device: -71
[ 1006.425433][   T43] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1006.434236][ T6009] usb 1-1: device descriptor read/8, error -71
[ 1006.467920][   T43] usb 4-1: USB disconnect, device number 70
[ 1006.724102][ T6009] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[ 1006.861537][T16988] syzkaller1: entered allmulticast mode
[ 1007.170228][ T6023] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[ 1008.218507][ T6023] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[ 1008.586334][T16621] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1008.724849][T16995] fuse: Bad value for 'fd'
[ 1009.109570][ T6009] usb 1-1: device not accepting address 79, error -71
[ 1009.156165][ T6009] usb usb1-port1: unable to enumerate USB device
[ 1009.169329][T16987] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3101'.
[ 1009.485319][T17004] netlink: 'syz.4.3106': attribute type 1 has an invalid length.
[ 1009.677119][T17008] input: syz0 as /devices/virtual/input/input49
[ 1009.755711][T17004] netlink: 'syz.4.3106': attribute type 10 has an invalid length.
[ 1010.644345][ T6023] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[ 1010.965594][ T6023] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1010.992545][ T6023] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[ 1011.013594][ T6023] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1011.179868][ T6023] usb 5-1: config 0 descriptor??
[ 1013.296452][ T6023] usbhid 5-1:0.0: can't add hid device: -71
[ 1015.265644][T11271] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1015.275251][T11271] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1015.284110][T11271] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1015.292082][T11271] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1015.300084][T11271] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1015.323871][ T6023] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1015.378271][T16621] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1015.385839][T16621] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1015.394429][T16621] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1015.405290][T16621] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1015.444848][ T6023] usb 5-1: USB disconnect, device number 18
[ 1015.451212][T16621] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1015.499771][T17041] fuse: Bad value for 'fd'
[ 1016.954940][T17047] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3116'.
[ 1016.997190][T17051] netlink: 'syz.4.3119': attribute type 1 has an invalid length.
[ 1017.033069][T17051] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1017.044616][T17051] bond4: (slave vxcan3): Error -95 calling set_mac_address
[ 1017.089397][T17056] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3119'.
[ 1017.255023][T15126] syz_tun (unregistering): left allmulticast mode
[ 1017.324558][T14764] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[ 1017.507936][T17061] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3120'.
[ 1017.517847][T17061] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3120'.
[ 1017.527734][T11271] Bluetooth: hci1: command tx timeout
[ 1017.758335][ T6009] infiniband syz1: ib_query_port failed (-19)
[ 1017.818344][T17038] chnl_net:caif_netlink_parms(): no params data found
[ 1017.855632][T14764] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1017.887417][T14764] usb 1-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[ 1017.914864][T14764] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1017.953021][T14764] usb 1-1: config 0 descriptor??
[ 1018.442752][T17072] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3123'.
[ 1018.573562][T11222] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1018.821950][T14764] usbhid 1-1:0.0: can't add hid device: -71
[ 1018.843358][T14764] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1018.865835][T14764] usb 1-1: USB disconnect, device number 80
[ 1018.920899][T11222] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1018.966490][T17079] netlink: 'syz.4.3124': attribute type 1 has an invalid length.
[ 1018.979319][T17038] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1018.986743][T17038] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1019.089491][T17038] bridge_slave_0: entered allmulticast mode
[ 1019.098224][T17038] bridge_slave_0: entered promiscuous mode
[ 1019.118655][T11222] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1019.144807][T17038] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1019.152360][T17038] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1019.163251][T17038] bridge_slave_1: entered allmulticast mode
[ 1019.174892][T17038] bridge_slave_1: entered promiscuous mode
[ 1019.603887][T11271] Bluetooth: hci1: command tx timeout
[ 1020.032921][T11222] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1020.120886][T17038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1020.138524][T17038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1020.258407][T17038] team0: Port device team_slave_0 added
[ 1020.273909][ T5935] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1020.280568][T17038] team0: Port device team_slave_1 added
[ 1020.373235][T17038] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1020.380954][ T6023] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[ 1020.400560][T17038] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1020.435237][T17038] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1020.455125][ T5935] usb 2-1: Using ep0 maxpacket: 8
[ 1020.462216][ T5935] usb 2-1: config 9 has an invalid interface number: 31 but max is 0
[ 1020.470549][ T5935] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[ 1020.491134][ T5935] usb 2-1: config 9 has no interface number 0
[ 1020.507908][T17038] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1020.515191][T17038] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1020.546037][ T5935] usb 2-1: config 9 interface 31 has no altsetting 0
[ 1020.553035][T17038] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1020.565880][ T6023] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1020.576945][ T5935] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[ 1020.586088][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1020.594181][ T6023] usb 1-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[ 1020.603224][ T5935] usb 2-1: Product: syz
[ 1020.607540][ T5935] usb 2-1: Manufacturer: syz
[ 1020.612138][ T5935] usb 2-1: SerialNumber: syz
[ 1020.616820][ T6023] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1020.669107][ T6023] usb 1-1: config 0 descriptor??
[ 1020.674151][ T5935] ch9200 2-1:9.31: probe with driver ch9200 failed with error -22
[ 1020.692161][   T30] audit: type=1326 audit(1758334853.352:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17095 comm="syz.5.3131" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa01018ec29 code=0x0
[ 1021.163809][T17102] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3132'.
[ 1021.173826][T17102] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3132'.
[ 1021.688883][T11271] Bluetooth: hci1: command tx timeout
[ 1021.998329][T17106] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3133'.
[ 1022.007568][T17106] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3133'.
[ 1022.170062][T11222] bond0 (unregistering): Released all slaves
[ 1022.198111][    T9] usb 2-1: USB disconnect, device number 50
[ 1022.332128][T11222] bond1 (unregistering): Released all slaves
[ 1022.349933][T11222] bond2 (unregistering): Released all slaves
[ 1022.366454][T11222] bond3 (unregistering): Released all slaves
[ 1022.382551][T11222] bond4 (unregistering): Released all slaves
[ 1022.409314][T11222] bond5 (unregistering): Released all slaves
[ 1022.427026][T11222] bond6 (unregistering): Released all slaves
[ 1022.570448][T11222] bond7 (unregistering): Released all slaves
[ 1022.702139][T11222] bond8 (unregistering): Released all slaves
[ 1022.718736][T11222] bond9 (unregistering): Released all slaves
[ 1022.735349][T11222] bond10 (unregistering): Released all slaves
[ 1022.760244][T11222] bond11 (unregistering): Released all slaves
[ 1022.897521][T11222] bond12 (unregistering): Released all slaves
[ 1022.929499][ T6023] usbhid 1-1:0.0: can't add hid device: -71
[ 1022.935673][ T6023] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1022.946118][ T6023] usb 1-1: USB disconnect, device number 81
[ 1023.080257][T17038] hsr_slave_0: entered promiscuous mode
[ 1023.136079][T17038] hsr_slave_1: entered promiscuous mode
[ 1023.142650][T17038] debugfs: 'hsr0' already exists in 'hsr'
[ 1023.148985][T17038] Cannot create hsr debugfs directory
[ 1023.269505][T11222] tipc: Disabling bearer <udp:syz0>
[ 1023.283292][T11222] tipc: Left network mode
[ 1023.739520][T17120] input: syz0 as /devices/virtual/input/input50
[ 1023.763968][T11271] Bluetooth: hci1: command tx timeout
[ 1023.877072][T11222] hsr_slave_0: left promiscuous mode
[ 1023.893813][T11222] hsr_slave_1: left promiscuous mode
[ 1023.954546][T11222] vlan0: left allmulticast mode
[ 1023.959447][T11222] veth0_vlan: left allmulticast mode
[ 1023.968972][T11222] vlan0: left promiscuous mode
[ 1023.978615][T11222] veth0_macvtap: left promiscuous mode
[ 1023.986468][T11222] veth1_vlan: left promiscuous mode
[ 1023.991904][T11222] veth0_vlan: left promiscuous mode
[ 1024.042883][T17133] netlink: 'syz.1.3138': attribute type 10 has an invalid length.
[ 1024.133938][   T43] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[ 1024.192374][T11222] pimreg (unregistering): left allmulticast mode
[ 1024.437882][   T43] usb 1-1: config index 0 descriptor too short (expected 30768, got 18)
[ 1024.446345][   T43] usb 1-1: config 102 has too many interfaces: 102, using maximum allowed: 32
[ 1024.455290][   T43] usb 1-1: config 102 has an invalid descriptor of length 102, skipping remainder of the config
[ 1024.465779][   T43] usb 1-1: config 102 has 0 interfaces, different from the descriptor's value: 102
[ 1024.571653][   T43] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1024.641801][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1024.681417][T17144] fuse: Bad value for 'fd'
[ 1025.436542][T17150] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3145'.
[ 1025.446464][T17150] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3145'.
[ 1026.555947][T17133] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 1026.591031][T17136] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[ 1026.611590][T17141] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1026.619277][T17141] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1026.629393][T17141] bridge0: entered allmulticast mode
[ 1026.645474][T17142] bridge_slave_1: left allmulticast mode
[ 1026.652437][T17142] bridge_slave_1: left promiscuous mode
[ 1026.661645][T17142] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1026.677491][T17142] bridge_slave_0: left allmulticast mode
[ 1026.683277][T17142] bridge_slave_0: left promiscuous mode
[ 1026.689563][T17142] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1026.768127][   T43] usb 1-1: string descriptor 0 read error: -71
[ 1026.775536][   T43] usb 1-1: USB disconnect, device number 82
[ 1026.955855][ T6009] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 1027.004527][T17156] serio: Serial port ptm0
[ 1027.210087][T11222] IPVS: stop unused estimator thread 0...
[ 1027.415687][T17165] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1027.897626][ T6009] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1027.918129][ T6009] usb 2-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[ 1028.045959][ T6009] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1028.340278][T17162] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3149'.
[ 1028.360527][ T6009] usb 2-1: config 0 descriptor??
[ 1028.678394][T17038] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1028.698593][T17038] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1028.710196][T17038] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1028.735409][T17038] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1029.549037][ T6009] usbhid 2-1:0.0: can't add hid device: -71
[ 1029.562507][ T6009] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1029.587067][ T6009] usb 2-1: USB disconnect, device number 51
[ 1029.663353][T17038] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1029.695762][T17189] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3155'.
[ 1030.011839][T17196] tmpfs: Bad value for 'mpol'
[ 1030.264438][T17193] netlink: 'syz.0.3157': attribute type 1 has an invalid length.
[ 1030.316149][T17189] vlan0 (unregistering): left allmulticast mode
[ 1030.325577][T17189] veth0_vlan (unregistering): left allmulticast mode
[ 1030.332456][T17189] vlan0 (unregistering): left promiscuous mode
[ 1030.366769][T17201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3157'.
[ 1030.458379][T17038] 8021q: adding VLAN 0 to HW filter on device team0
[ 1030.470099][T17196] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3156'.
[ 1030.560131][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1030.567326][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1030.613944][    T9] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 1030.639539][T11222] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1030.646781][T11222] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1030.678152][T17206] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3160'.
[ 1030.763559][T17038] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1030.796072][   T30] audit: type=1326 audit(1758334863.442:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17203 comm="syz.5.3159" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa01018ec29 code=0x0
[ 1030.824136][    T9] usb 2-1: Using ep0 maxpacket: 8
[ 1030.864135][T17038] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1030.876439][    T9] usb 2-1: config 0 has no interfaces?
[ 1030.884399][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 1030.893653][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1030.902595][    T9] usb 2-1: Product: syz
[ 1030.920750][    T9] usb 2-1: Manufacturer: syz
[ 1030.938329][    T9] usb 2-1: SerialNumber: syz
[ 1030.960690][    T9] usb 2-1: config 0 descriptor??
[ 1031.053181][T17216] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3163'.
[ 1031.317925][ T6009] usb 2-1: USB disconnect, device number 52
[ 1031.761050][T17038] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1031.915471][T17038] veth0_vlan: entered promiscuous mode
[ 1031.955646][T17038] veth1_vlan: entered promiscuous mode
[ 1031.967219][T17230] netlink: 'syz.1.3167': attribute type 4 has an invalid length.
[ 1032.013143][T17230] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3167'.
[ 1032.029077][T17038] veth0_macvtap: entered promiscuous mode
[ 1032.048888][T17038] veth1_macvtap: entered promiscuous mode
[ 1032.078121][T17038] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1032.091470][T17038] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1032.475723][ T5958] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.630900][ T5958] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.683667][ T5958] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.713656][ T5958] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1033.596867][ T5958] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1033.693407][T17248] netlink: 'syz.1.3171': attribute type 1 has an invalid length.
[ 1033.701503][ T5958] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1033.736142][T17248] bond8: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1033.747347][T17248] bond8: (slave vxcan3): Error -95 calling set_mac_address
[ 1033.755980][   T43] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[ 1033.784518][T17250] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3171'.
[ 1033.829313][ T1330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1033.847883][ T1330] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1033.936634][   T43] usb 1-1: Using ep0 maxpacket: 16
[ 1033.949095][   T43] usb 1-1: config 0 has an invalid interface number: 145 but max is 0
[ 1033.964914][   T43] usb 1-1: config 0 has no interface number 0
[ 1033.978011][   T43] usb 1-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[ 1033.993882][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1034.001896][   T43] usb 1-1: Product: syz
[ 1034.013982][   T43] usb 1-1: Manufacturer: syz
[ 1034.018685][   T43] usb 1-1: SerialNumber: syz
[ 1034.081801][   T43] usb 1-1: config 0 descriptor??
[ 1034.116647][   T43] hub 1-1:0.145: bad descriptor, ignoring hub
[ 1034.127313][   T43] hub 1-1:0.145: probe with driver hub failed with error -5
[ 1034.160256][   T43] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.145/input/input51
[ 1034.524327][T17246] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1034.532863][T17246] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1034.867309][   T30] audit: type=1326 audit(1758334867.532:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17242 comm="syz.0.3169" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3baf8ec29 code=0x0
[ 1034.998026][T17285] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3180'.
[ 1035.007742][T17285] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3180'.
[ 1035.458771][   T30] audit: type=1326 audit(1758334868.122:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17286 comm="syz.1.3182" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f482858ec29 code=0x0
[ 1035.652603][T17292] input: syz0 as /devices/virtual/input/input52
[ 1035.687316][T17291] netlink: 'syz.5.3183': attribute type 1 has an invalid length.
[ 1035.741785][T17291] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1035.753339][T17291] bond4: (slave vxcan3): Error -95 calling set_mac_address
[ 1035.829832][T17291] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3183'.
[ 1035.905962][T17299] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3184'.
[ 1036.561440][T17307] C: renamed from team_slave_0 (while UP)
[ 1036.571349][T17307] netlink: 'syz.1.3186': attribute type 3 has an invalid length.
[ 1036.583947][T17307] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3186'.
[ 1036.847376][T17313] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3187'.
[ 1037.684273][T11271] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1037.704130][    T9] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[ 1037.710725][    T9] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[ 1038.419944][T17335] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3193'.
[ 1038.429502][T17335] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3193'.
[ 1038.904945][T17339] netlink: 'syz.1.3195': attribute type 21 has an invalid length.
[ 1038.912857][T17339] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3195'.
[ 1038.922081][T17339] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3195'.
[ 1038.990407][T17341] fuse: Bad value for 'fd'
[ 1039.773396][T17355] netlink: 14448 bytes leftover after parsing attributes in process `syz.4.3198'.
[ 1039.782829][T17355] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 1040.899590][T17369] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[ 1042.223797][T17381] fuse: Bad value for 'user_id'
[ 1042.228996][T17381] fuse: Bad value for 'user_id'
[ 1043.255014][T17388] fuse: Bad value for 'fd'
[ 1046.543806][T17412] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3209'.
[ 1047.318417][   T30] audit: type=1326 audit(1758335135.985:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17419 comm="syz.3.3216" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b2698ec29 code=0x0
[ 1047.389458][T17425] sock: sock_timestamping_bind_phc: sock not bind to device
[ 1047.513841][   T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1047.704121][   T10] usb 6-1: Using ep0 maxpacket: 8
[ 1047.724966][   T10] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1047.752536][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1047.808699][T17432] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1048.340433][   T10] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1048.354958][   T10] pvrusb2: **********
[ 1048.471484][   T10] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1048.482926][   T10] pvrusb2: Important functionality might not be entirely working.
[ 1048.491376][   T10] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1048.508702][   T10] pvrusb2: **********
[ 1048.554465][ T2343] pvrusb2: Invalid write control endpoint
[ 1048.749341][T17418] pvrusb2: Invalid write control endpoint
[ 1048.758077][T17418] netlink: 'syz.5.3215': attribute type 2 has an invalid length.
[ 1048.765887][T17418] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3215'.
[ 1048.776255][T17418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1048.784996][T17418] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1048.914880][   T10] usb 6-1: USB disconnect, device number 7
[ 1049.061506][T17445] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3222'.
[ 1049.068308][ T2343] pvrusb2: Invalid write control endpoint
[ 1049.078321][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1049.090231][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1049.101072][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1049.112109][ T2343] pvrusb2: Device being rendered inoperable
[ 1049.125681][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[ 1049.138188][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[ 1049.178636][ T2343] pvrusb2: Attached sub-driver cx25840
[ 1049.184790][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1049.198870][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1049.705598][T17453] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3224'.
[ 1050.442582][T17458] ntfs3: Unknown parameter 'hide_çízô¸¥áeFÎfV!iid0x0000000000000000'
[ 1050.714260][T17460] FAULT_INJECTION: forcing a failure.
[ 1050.714260][T17460] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1050.727497][T17460] CPU: 0 UID: 0 PID: 17460 Comm: syz.4.3226 Not tainted syzkaller #0 PREEMPT(full) 
[ 1050.727524][T17460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1050.727536][T17460] Call Trace:
[ 1050.727545][T17460]  <TASK>
[ 1050.727553][T17460]  dump_stack_lvl+0x189/0x250
[ 1050.727580][T17460]  ? __pfx____ratelimit+0x10/0x10
[ 1050.727601][T17460]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1050.727621][T17460]  ? __pfx__printk+0x10/0x10
[ 1050.727645][T17460]  ? __might_fault+0xb0/0x130
[ 1050.727680][T17460]  should_fail_ex+0x414/0x560
[ 1050.727708][T17460]  _copy_from_user+0x2d/0xb0
[ 1050.727728][T17460]  __sys_bind+0x199/0x3e0
[ 1050.727748][T17460]  ? __pfx___sys_bind+0x10/0x10
[ 1050.727787][T17460]  __x64_sys_bind+0x7a/0x90
[ 1050.727805][T17460]  do_syscall_64+0xfa/0xfa0
[ 1050.727827][T17460]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1050.727844][T17460]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1050.727860][T17460]  ? clear_bhb_loop+0x60/0xb0
[ 1050.727881][T17460]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1050.727899][T17460] RIP: 0033:0x7efcad38ec29
[ 1050.727915][T17460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1050.727930][T17460] RSP: 002b:00007efcae17f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 1050.727950][T17460] RAX: ffffffffffffffda RBX: 00007efcad5d6180 RCX: 00007efcad38ec29
[ 1050.727963][T17460] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000005
[ 1050.727974][T17460] RBP: 00007efcae17f090 R08: 0000000000000000 R09: 0000000000000000
[ 1050.727985][T17460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1050.727996][T17460] R13: 00007efcad5d6218 R14: 00007efcad5d6180 R15: 00007fff2c022078
[ 1050.728027][T17460]  </TASK>
[ 1051.079326][   T30] audit: type=1326 audit(1758335139.745:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17454 comm="syz.5.3225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa01018ec29 code=0x7fc00000
[ 1051.213374][T17462] kvm: kvm [17461]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xbc00006129
[ 1051.232605][T17462] kvm: kvm [17461]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xbc00002129
[ 1051.400659][T17462] kvm: kvm [17461]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x5c00008f08
[ 1051.416640][T17462] kvm: kvm [17461]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x5c0000cf08
[ 1051.427575][T17462] kvm: kvm [17461]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x270000f654
[ 1051.437392][T17462] kvm: kvm [17461]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x270000b654
[ 1051.453344][   T30] audit: type=1326 audit(1758335140.115:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17468 comm="syz.4.3229" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efcad38ec29 code=0x0
[ 1051.454233][T17462] kvm: kvm [17461]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1700008f08
[ 1051.490766][T17462] kvm: kvm [17461]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x170000cf08
[ 1051.557275][T17462] kvm: kvm [17461]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x140000b038
[ 1051.617491][T17462] kvm: kvm [17461]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x140000f038
[ 1052.412613][T17477] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1053.674992][T17487] usb usb1: check_ctrlrecip: process 17487 (syz.4.3233) requesting ep 01 but needs 81
[ 1053.685511][T17487] usb usb1: usbfs: process 17487 (syz.4.3233) did not claim interface 0 before use
[ 1054.708362][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.734245][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1056.479613][T17503] kvm_pr_unimpl_wrmsr: 10 callbacks suppressed
[ 1056.479633][T17503] kvm: kvm [17502]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xbc00006129
[ 1056.502520][T17503] kvm: kvm [17502]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xbc00002129
[ 1056.512843][T17503] kvm: kvm [17502]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x5c00008f08
[ 1056.522742][T17503] kvm: kvm [17502]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x5c0000cf08
[ 1056.532745][T17503] kvm: kvm [17502]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x270000f654
[ 1056.542424][T17503] kvm: kvm [17502]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x270000b654
[ 1056.553416][T17503] kvm: kvm [17502]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1700008f08
[ 1056.563122][T17503] kvm: kvm [17502]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x170000cf08
[ 1056.573221][T17503] kvm: kvm [17502]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x140000b038
[ 1056.588327][T17503] kvm: kvm [17502]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x140000f038
[ 1057.253678][T17514] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1057.947824][T17518] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3242'.
[ 1058.060767][T17520] tipc: Enabling of bearer <udp:syz0> rejected, already enabled
[ 1058.951266][T17528] overlayfs: failed to resolve './file0': -2
[ 1059.013848][   T43] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[ 1059.165405][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1059.176856][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1059.187190][   T43] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[ 1059.196671][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1059.206868][   T43] usb 5-1: config 0 descriptor??
[ 1059.668598][   T43] playstation 0003:054C:0DF2.0013: unknown main item tag 0x0
[ 1059.681460][   T43] playstation 0003:054C:0DF2.0013: unknown main item tag 0x0
[ 1059.691566][   T43] playstation 0003:054C:0DF2.0013: unknown main item tag 0x0
[ 1059.704127][   T43] playstation 0003:054C:0DF2.0013: unknown main item tag 0x0
[ 1059.711682][   T43] playstation 0003:054C:0DF2.0013: unknown main item tag 0x0
[ 1059.721759][   T43] playstation 0003:054C:0DF2.0013: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.4-1/input0
[ 1060.051767][   T43] playstation 0003:054C:0DF2.0013: Invalid byte count transferred, expected 20 got 0
[ 1060.067900][   T43] playstation 0003:054C:0DF2.0013: Failed to retrieve DualSense pairing info: -22
[ 1060.084205][   T43] playstation 0003:054C:0DF2.0013: Failed to get MAC address from DualSense
[ 1060.093846][   T43] playstation 0003:054C:0DF2.0013: Failed to create dualsense.
[ 1060.112574][   T43] playstation 0003:054C:0DF2.0013: probe with driver playstation failed with error -22
[ 1060.257504][ T5928] usb 5-1: USB disconnect, device number 19
[ 1060.484069][   T43] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1060.668216][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1060.679621][   T43] usb 6-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[ 1060.689989][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1060.734627][   T43] usb 6-1: config 0 descriptor??
[ 1061.068073][T17546] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3249'.
[ 1061.294333][   T43] aquacomputer_d5next 0003:0C70:F00B.0014: unknown main item tag 0x0
[ 1061.350280][   T43] aquacomputer_d5next 0003:0C70:F00B.0014: unknown main item tag 0x0
[ 1061.555727][   T43] aquacomputer_d5next 0003:0C70:F00B.0014: hidraw0: USB HID v0.04 Device [HID 0c70:f00b] on usb-dummy_hcd.5-1/input0
[ 1061.726408][   T43] usb 6-1: USB disconnect, device number 8
[ 1062.014308][ T5928] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[ 1062.273919][ T5928] usb 4-1: Using ep0 maxpacket: 16
[ 1062.283064][ T5928] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[ 1062.292637][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1062.303656][ T5928] usb 4-1: Product: syz
[ 1062.309187][ T5928] usb 4-1: Manufacturer: syz
[ 1062.318755][ T5928] usb 4-1: SerialNumber: syz
[ 1062.330147][ T5928] usb 4-1: config 0 descriptor??
[ 1062.340559][ T5928] visor 4-1:0.0: Sony Clie 3.5 converter detected
[ 1062.364170][   T30] audit: type=1326 audit(1758335151.035:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17560 comm="syz.5.3256" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa01018ec29 code=0x0
[ 1062.541646][ T5928] usb 4-1: clie_3_5_startup: get config number failed: -71
[ 1062.549552][ T5928] visor 4-1:0.0: probe with driver visor failed with error -71
[ 1062.559655][ T5928] usb 4-1: USB disconnect, device number 71
[ 1063.087680][T17564] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3257'.
[ 1063.644394][T17573] usb 1-1: USB disconnect, device number 83
[ 1064.391360][ T1216] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[ 1064.616055][ T1216] usb 4-1: Using ep0 maxpacket: 8
[ 1064.715680][ T1216] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[ 1064.730463][ T1216] usb 4-1: config 179 has no interface number 0
[ 1064.756986][ T1216] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1064.772317][ T1216] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1064.806462][ T1216] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1064.823825][ T1216] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1064.841690][ T1216] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1064.856069][ T1216] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1064.884168][ T1216] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1064.925194][T17581] ntfs3: Unknown parameter 'hide_çízô¸¥áeFÎfV!iid0x0000000000000000'
[ 1064.936311][T17571] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[ 1065.153503][ T1216] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input54
[ 1065.360223][T17571] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3260'.
[ 1065.882049][T17589] fuse: Bad value for 'fd'
[ 1065.906559][   T30] audit: type=1326 audit(1758335154.575:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17588 comm="syz.4.3266" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efcad38ec29 code=0x0
[ 1065.979269][T14764] usb 4-1: USB disconnect, device number 72
[ 1065.979275][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1065.979412][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1067.176991][T17602] overlayfs: failed to resolve './file0': -2
[ 1068.842065][T17622] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1069.250315][T17622] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3275'.
[ 1069.335557][T17626] MTD: Attempt to mount non-MTD device "/dev/loop5"
[ 1069.345127][T17626] cramfs: wrong magic
[ 1069.713811][T17545] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[ 1069.733899][ T5928] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[ 1069.863833][T17545] usb 5-1: Using ep0 maxpacket: 8
[ 1069.870554][T17545] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[ 1069.878970][T17545] usb 5-1: config 179 has no interface number 0
[ 1069.885389][T17545] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1069.896590][T17545] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1069.905783][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1069.907914][T17545] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1069.919701][ T5928] usb 4-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[ 1069.940280][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1069.948417][T17545] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1069.951511][ T5928] usb 4-1: config 0 descriptor??
[ 1069.959917][T17545] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1069.978160][T17545] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1069.987296][T17545] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1069.998693][T17628] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 1070.220556][T17545] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input56
[ 1070.378657][ T5928] aquacomputer_d5next 0003:0C70:F00B.0015: unknown main item tag 0x1
[ 1070.387759][ T5928] aquacomputer_d5next 0003:0C70:F00B.0015: unknown main item tag 0x0
[ 1070.396653][ T5928] aquacomputer_d5next 0003:0C70:F00B.0015: unknown main item tag 0x0
[ 1070.407718][ T5928] aquacomputer_d5next 0003:0C70:F00B.0015: hidraw0: USB HID v0.04 Device [HID 0c70:f00b] on usb-dummy_hcd.3-1/input0
[ 1070.425547][T17628] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3276'.
[ 1070.591423][T17545] usb 4-1: USB disconnect, device number 73
[ 1071.131084][ T5928] usb 5-1: USB disconnect, device number 20
[ 1071.131098][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1071.146126][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1071.568116][T17641] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1073.399162][   T30] audit: type=1326 audit(1758335162.065:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17659 comm="syz.3.3285" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b2698ec29 code=0x0
[ 1081.932667][T17673] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3288'.
[ 1082.418410][T17682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3290'.
[ 1082.428754][T17682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3290'.
[ 1082.441745][T17682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3290'.
[ 1082.451711][T17682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3290'.
[ 1082.468710][T17682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3290'.
[ 1082.478668][T17682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3290'.
[ 1082.491784][T17682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3290'.
[ 1082.501721][T17682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3290'.
[ 1082.514204][T17682] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3290'.
[ 1084.443862][T17609] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[ 1084.605858][T17609] usb 5-1: config 0 has no interfaces?
[ 1084.613305][T17609] usb 5-1: New USB device found, idVendor=2040, idProduct=8268, bcdDevice=27.95
[ 1084.622486][T17609] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1084.630634][T17609] usb 5-1: Product: syz
[ 1084.634859][T17609] usb 5-1: Manufacturer: syz
[ 1084.639466][T17609] usb 5-1: SerialNumber: syz
[ 1084.646614][T17609] usb 5-1: config 0 descriptor??
[ 1084.866649][ T5928] usb 5-1: USB disconnect, device number 21
[ 1085.499231][   T30] audit: type=1326 audit(1758335174.165:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17708 comm="syz.3.3300" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b2698ec29 code=0x0
[ 1085.602724][T17712] input: syz0 as /devices/virtual/input/input57
[ 1087.054074][   T43] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[ 1087.073081][T17734] iso9660: Unknown parameter 'êa.ö¬áïùu}ÜYÁ÷'
[ 1087.255710][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1087.273168][   T43] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[ 1087.284976][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1087.380857][   T43] usb 5-1: config 0 descriptor??
[ 1088.273568][   T43] usbhid 5-1:0.0: can't add hid device: -71
[ 1088.290127][   T43] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1088.310319][   T43] usb 5-1: USB disconnect, device number 22
[ 1090.152707][   T30] audit: type=1326 audit(1758335178.815:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17767 comm="syz.4.3315" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efcad38ec29 code=0x0
[ 1090.374575][T17770] __nla_validate_parse: 147 callbacks suppressed
[ 1090.374590][T17770] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3316'.
[ 1090.390057][T17770] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3316'.
[ 1090.399144][T17770] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3316'.
[ 1090.408244][T17770] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3316'.
[ 1102.564496][T14764] page_pool_release_retry() stalled pool shutdown: id 128, 1 inflight 60 sec
[ 1115.852222][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.858616][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.301158][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.307622][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1194.565423][   T31] INFO: task kworker/0:0:9 blocked for more than 143 seconds.
[ 1194.572915][   T31]       Not tainted syzkaller #0
[ 1194.577977][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1194.586832][   T31] task:kworker/0:0     state:D stack:22568 pid:9     tgid:9     ppid:2      task_flags:0x4208060 flags:0x00080000
[ 1194.599042][   T31] Workqueue: events rfkill_op_handler
[ 1194.604509][   T31] Call Trace:
[ 1194.607793][   T31]  <TASK>
[ 1194.610727][   T31]  __schedule+0x1798/0x4cc0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1194.615335][   T31]  ? __pfx___schedule+0x10/0x10
[ 1194.620217][   T31]  ? schedule+0x91/0x360
[ 1194.624767][   T31]  schedule+0x165/0x360
[ 1194.628949][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1194.646818][   T31]  __mutex_lock+0x7e6/0x1350
[ 1194.651461][   T31]  ? __mutex_lock+0x5bb/0x1350
[ 1194.669079][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[ 1194.693720][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1194.698799][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1194.728867][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1194.736642][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1194.743163][   T31]  ? kobject_uevent_env+0x36b/0x8c0
[ 1194.748741][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1194.754976][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[ 1194.760105][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1194.766321][   T31]  rfkill_set_block+0x1d2/0x440
[ 1194.771189][   T31]  rfkill_epo+0x7e/0x180
[ 1194.775922][   T31]  rfkill_op_handler+0x84/0x240
[ 1194.780772][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1194.786650][   T31]  process_scheduled_works+0xae1/0x17b0
[ 1194.792224][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1194.798477][   T31]  worker_thread+0x8a0/0xda0
[ 1194.803086][   T31]  kthread+0x711/0x8a0
[ 1194.807790][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1194.812905][   T31]  ? __pfx_kthread+0x10/0x10
[ 1194.817548][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1194.822843][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1194.828357][   T31]  ? __pfx_kthread+0x10/0x10
[ 1194.832963][   T31]  ret_from_fork+0x4bc/0x870
[ 1194.837683][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1194.842818][   T31]  ? __switch_to_asm+0x39/0x70
[ 1194.847706][   T31]  ? __switch_to_asm+0x33/0x70
[ 1194.852479][   T31]  ? __pfx_kthread+0x10/0x10
[ 1194.857126][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1194.861906][   T31]  </TASK>
[ 1194.865187][   T31] INFO: task syz-executor:5866 blocked for more than 143 seconds.
[ 1194.872979][   T31]       Not tainted syzkaller #0
[ 1194.878017][   T31]       Blocked by coredump.
[ 1194.882603][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1194.894321][   T31] task:syz-executor    state:D stack:21280 pid:5866  tgid:5866  ppid:1      task_flags:0x40054c flags:0x00080003
[ 1194.906594][   T31] Call Trace:
[ 1194.909883][   T31]  <TASK>
[ 1194.912820][   T31]  __schedule+0x1798/0x4cc0
[ 1194.917409][   T31]  ? __pfx___schedule+0x10/0x10
[ 1194.922278][   T31]  ? schedule+0x91/0x360
[ 1194.926553][   T31]  schedule+0x165/0x360
[ 1194.930721][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1194.936228][   T31]  __mutex_lock+0x7e6/0x1350
[ 1194.940823][   T31]  ? __mutex_lock+0x5bb/0x1350
[ 1194.945677][   T31]  ? rfkill_unregister+0xc8/0x220
[ 1194.950711][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1194.955768][   T31]  ? __pfx_device_del+0x10/0x10
[ 1194.960624][   T31]  ? hci_sock_dev_event+0x42d/0x600
[ 1194.965878][   T31]  rfkill_unregister+0xc8/0x220
[ 1194.970744][   T31]  hci_unregister_dev+0x374/0x510
[ 1194.975821][   T31]  vhci_release+0x152/0x1a0
[ 1194.980336][   T31]  ? __pfx_vhci_release+0x10/0x10
[ 1194.985481][   T31]  __fput+0x44c/0xa70
[ 1194.989477][   T31]  task_work_run+0x1d4/0x260
[ 1194.994139][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1194.999259][   T31]  ? do_exit+0x6b0/0x2300
[ 1195.003573][   T31]  ? kmem_cache_free+0x19b/0x690
[ 1195.008563][   T31]  do_exit+0x6b5/0x2300
[ 1195.012732][   T31]  ? do_raw_spin_lock+0x121/0x290
[ 1195.018015][   T31]  ? __pfx_do_exit+0x10/0x10
[ 1195.022614][   T31]  do_group_exit+0x21c/0x2d0
[ 1195.027289][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1195.032595][   T31]  get_signal+0x1285/0x1340
[ 1195.037265][   T31]  arch_do_signal_or_restart+0xa0/0x790
[ 1195.042903][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1195.049403][   T31]  ? exit_to_user_mode_loop+0x40/0x130
[ 1195.055018][   T31]  exit_to_user_mode_loop+0x72/0x130
[ 1195.060343][   T31]  do_syscall_64+0x2bd/0xfa0
[ 1195.065065][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1195.070292][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1195.076420][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1195.081125][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1195.087046][   T31] RIP: 0033:0x7f482858d63c
[ 1195.091462][   T31] RSP: 002b:00007ffee88b2bc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1195.100016][   T31] RAX: fffffffffffffe00 RBX: 00000000ffffffff RCX: 00007f482858d63c
[ 1195.108086][   T31] RDX: 0000000000000030 RSI: 00007ffee88b2c80 RDI: 00000000000000f9
[ 1195.116132][   T31] RBP: 00007ffee88b2c2c R08: 0000000000000000 R09: 00007ffee88b2937
[ 1195.124689][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000258
[ 1195.132676][   T31] R13: 00000000000927c0 R14: 00000000000ff2a2 R15: 00007ffee88b2c80
[ 1195.140898][   T31]  </TASK>
[ 1195.144014][   T31] INFO: task kworker/0:4:5935 blocked for more than 143 seconds.
[ 1195.152011][   T31]       Not tainted syzkaller #0
[ 1195.157016][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1195.165735][   T31] task:kworker/0:4     state:D stack:21288 pid:5935  tgid:5935  ppid:2      task_flags:0x4208060 flags:0x00080000
[ 1195.178163][   T31] Workqueue: events rfkill_global_led_trigger_worker
[ 1195.184908][   T31] Call Trace:
[ 1195.188182][   T31]  <TASK>
[ 1195.191104][   T31]  __schedule+0x1798/0x4cc0
[ 1195.195678][   T31]  ? __pfx___schedule+0x10/0x10
[ 1195.200588][   T31]  ? schedule+0x91/0x360
[ 1195.205637][   T31]  schedule+0x165/0x360
[ 1195.209837][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1195.215374][   T31]  __mutex_lock+0x7e6/0x1350
[ 1195.220025][   T31]  ? __mutex_lock+0x5bb/0x1350
[ 1195.224844][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[ 1195.231086][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1195.236420][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1195.242187][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1195.247997][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[ 1195.254117][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1195.259869][   T31]  process_scheduled_works+0xae1/0x17b0
[ 1195.265523][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1195.271532][   T31]  worker_thread+0x8a0/0xda0
[ 1195.276179][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1195.282523][   T31]  ? __kthread_parkme+0x7b/0x200
[ 1195.287528][   T31]  kthread+0x711/0x8a0
[ 1195.291606][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1195.296814][   T31]  ? __pfx_kthread+0x10/0x10
[ 1195.301411][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1195.306638][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1195.311848][   T31]  ? __pfx_kthread+0x10/0x10
[ 1195.316583][   T31]  ret_from_fork+0x4bc/0x870
[ 1195.321185][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1195.326336][   T31]  ? __switch_to_asm+0x39/0x70
[ 1195.331109][   T31]  ? __switch_to_asm+0x33/0x70
[ 1195.335976][   T31]  ? __pfx_kthread+0x10/0x10
[ 1195.340576][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1195.345616][   T31]  </TASK>
[ 1195.348677][   T31] INFO: task kworker/0:5:5942 blocked for more than 144 seconds.
[ 1195.356676][   T31]       Not tainted syzkaller #0
[ 1195.361621][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1195.372162][   T31] task:kworker/0:5     state:D stack:22856 pid:5942  tgid:5942  ppid:2      task_flags:0x4208060 flags:0x00080000
[ 1195.384250][   T31] Workqueue: events rfkill_uevent_work
[ 1195.389749][   T31] Call Trace:
[ 1195.393034][   T31]  <TASK>
[ 1195.396070][   T31]  __schedule+0x1798/0x4cc0
[ 1195.400623][   T31]  ? __pfx___schedule+0x10/0x10
[ 1195.405572][   T31]  ? schedule+0x91/0x360
[ 1195.409828][   T31]  schedule+0x165/0x360
[ 1195.414040][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1195.419510][   T31]  __mutex_lock+0x7e6/0x1350
[ 1195.424188][   T31]  ? __mutex_lock+0x5bb/0x1350
[ 1195.428968][   T31]  ? rfkill_uevent_work+0x1d/0xa0
[ 1195.434055][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1195.439129][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1195.445173][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1195.450399][   T31]  rfkill_uevent_work+0x1d/0xa0
[ 1195.455921][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1195.461674][   T31]  process_scheduled_works+0xae1/0x17b0
[ 1195.467379][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1195.473391][   T31]  worker_thread+0x8a0/0xda0
[ 1195.478110][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1195.484511][   T31]  ? __kthread_parkme+0x7b/0x200
[ 1195.489457][   T31]  kthread+0x711/0x8a0
[ 1195.493530][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1195.498805][   T31]  ? __pfx_kthread+0x10/0x10
[ 1195.503405][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1195.508917][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1195.514284][   T31]  ? __pfx_kthread+0x10/0x10
[ 1195.518894][   T31]  ret_from_fork+0x4bc/0x870
[ 1195.523500][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1195.528917][   T31]  ? __switch_to_asm+0x39/0x70
[ 1195.533827][   T31]  ? __switch_to_asm+0x33/0x70
[ 1195.538613][   T31]  ? __pfx_kthread+0x10/0x10
[ 1195.543196][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1195.548233][   T31]  </TASK>
[ 1195.551327][   T31] INFO: task syz-executor:16619 blocked for more than 144 seconds.
[ 1195.559390][   T31]       Not tainted syzkaller #0
[ 1195.564363][   T31]       Blocked by coredump.
[ 1195.568936][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1195.577638][   T31] task:syz-executor    state:D stack:21640 pid:16619 tgid:16619 ppid:1      task_flags:0x40054c flags:0x00080003
[ 1195.589650][   T31] Call Trace:
[ 1195.592936][   T31]  <TASK>
[ 1195.595941][   T31]  __schedule+0x1798/0x4cc0
[ 1195.600472][   T31]  ? __pfx___schedule+0x10/0x10
[ 1195.605481][   T31]  ? schedule+0x91/0x360
[ 1195.609930][   T31]  schedule+0x165/0x360
[ 1195.614175][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1195.619650][   T31]  __mutex_lock+0x7e6/0x1350
[ 1195.624319][   T31]  ? __mutex_lock+0x5bb/0x1350
[ 1195.629097][   T31]  ? rfkill_unregister+0xc8/0x220
[ 1195.634217][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1195.639282][   T31]  ? __pfx_device_del+0x10/0x10
[ 1195.644177][   T31]  ? hci_sock_dev_event+0x42d/0x600
[ 1195.649390][   T31]  rfkill_unregister+0xc8/0x220
[ 1195.654351][   T31]  hci_unregister_dev+0x374/0x510
[ 1195.659389][   T31]  vhci_release+0x152/0x1a0
[ 1195.663933][   T31]  ? __pfx_vhci_release+0x10/0x10
[ 1195.668960][   T31]  __fput+0x44c/0xa70
[ 1195.672936][   T31]  task_work_run+0x1d4/0x260
[ 1195.677575][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1195.682693][   T31]  ? do_exit+0x6b0/0x2300
[ 1195.687249][   T31]  ? kmem_cache_free+0x19b/0x690
[ 1195.692214][   T31]  do_exit+0x6b5/0x2300
[ 1195.696534][   T31]  ? do_raw_spin_lock+0x121/0x290
[ 1195.701608][   T31]  ? __pfx_do_exit+0x10/0x10
[ 1195.706268][   T31]  do_group_exit+0x21c/0x2d0
[ 1195.710863][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1195.716111][   T31]  get_signal+0x1285/0x1340
[ 1195.720632][   T31]  arch_do_signal_or_restart+0xa0/0x790
[ 1195.726209][   T31]  ? __pfx___x64_sys_wait4+0x10/0x10
[ 1195.731503][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1195.737735][   T31]  ? exit_to_user_mode_loop+0x40/0x130
[ 1195.743206][   T31]  exit_to_user_mode_loop+0x72/0x130
[ 1195.748554][   T31]  do_syscall_64+0x2bd/0xfa0
[ 1195.753153][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1195.758398][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1195.764512][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1195.769186][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1195.775248][   T31] RIP: 0033:0x7fa3baf84e97
[ 1195.779714][   T31] RSP: 002b:00007ffe8686dcb0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
[ 1195.788188][   T31] RAX: fffffffffffffe00 RBX: 000000000000003c RCX: 00007fa3baf84e97
[ 1195.796236][   T31] RDX: 0000000040000000 RSI: 00007ffe8686dd1c RDI: 00000000ffffffff
[ 1195.804283][   T31] RBP: 00007ffe8686dd1c R08: 0000000000000000 R09: 0000000000000000
[ 1195.812287][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000014
[ 1195.820316][   T31] R13: 000055556518d590 R14: 00000000000fcc5a R15: 00007ffe8686dd70
[ 1195.828353][   T31]  </TASK>
[ 1195.831401][   T31] INFO: task syz.0.3169:17244 blocked for more than 144 seconds.
[ 1195.839355][   T31]       Not tainted syzkaller #0
[ 1195.844529][   T31]       Blocked by coredump.
[ 1195.849120][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1195.858345][   T31] task:syz.0.3169      state:D stack:23984 pid:17244 tgid:17242 ppid:16619  task_flags:0x40044c flags:0x00080003
[ 1195.870410][   T31] Call Trace:
[ 1195.873776][   T31]  <TASK>
[ 1195.876716][   T31]  __schedule+0x1798/0x4cc0
[ 1195.881307][   T31]  ? __pfx___schedule+0x10/0x10
[ 1195.886371][   T31]  ? schedule+0x91/0x360
[ 1195.890623][   T31]  schedule+0x165/0x360
[ 1195.894806][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1195.900268][   T31]  __mutex_lock+0x7e6/0x1350
[ 1195.905316][   T31]  ? __mutex_lock+0x5bb/0x1350
[ 1195.910095][   T31]  ? rfkill_unregister+0xc8/0x220
[ 1195.915186][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1195.920233][   T31]  ? __pfx_device_del+0x10/0x10
[ 1195.925164][   T31]  rfkill_unregister+0xc8/0x220
[ 1195.930028][   T31]  nfc_unregister_device+0x96/0x2a0
[ 1195.935292][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[ 1195.941026][   T31]  virtual_ncidev_close+0x56/0x90
[ 1195.946225][   T31]  __fput+0x44c/0xa70
[ 1195.950229][   T31]  task_work_run+0x1d4/0x260
[ 1195.954871][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1195.959993][   T31]  do_exit+0x6b5/0x2300
[ 1195.964203][   T31]  ? do_raw_spin_lock+0x121/0x290
[ 1195.969242][   T31]  ? __pfx_do_exit+0x10/0x10
[ 1195.973882][   T31]  do_group_exit+0x21c/0x2d0
[ 1195.978472][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1195.983755][   T31]  get_signal+0x1285/0x1340
[ 1195.988276][   T31]  arch_do_signal_or_restart+0xa0/0x790
[ 1195.993858][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1196.000019][   T31]  ? __se_sys_futex+0x36f/0x400
[ 1196.004932][   T31]  ? exit_to_user_mode_loop+0x40/0x130
[ 1196.010397][   T31]  exit_to_user_mode_loop+0x72/0x130
[ 1196.015913][   T31]  do_syscall_64+0x2bd/0xfa0
[ 1196.020511][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1196.026694][   T31]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1196.032345][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1196.037060][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1196.042960][   T31] RIP: 0033:0x7fa3baf8ec29
[ 1196.047451][   T31] RSP: 002b:00007fa3bbee80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1196.055912][   T31] RAX: fffffffffffffe00 RBX: 00007fa3bb1d5fa8 RCX: 00007fa3baf8ec29
[ 1196.063962][   T31] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa3bb1d5fa8
[ 1196.071941][   T31] RBP: 00007fa3bb1d5fa0 R08: 0000000000000000 R09: 0000000000000000
[ 1196.079980][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1196.088413][   T31] R13: 00007fa3bb1d6038 R14: 00007ffe8686d870 R15: 00007ffe8686d958
[ 1196.096474][   T31]  </TASK>
[ 1196.099518][   T31] INFO: task syz-executor:17426 blocked for more than 144 seconds.
[ 1196.107588][   T31]       Not tainted syzkaller #0
[ 1196.112785][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1196.121537][   T31] task:syz-executor    state:D stack:27536 pid:17426 tgid:17426 ppid:1      task_flags:0x400040 flags:0x00080000
[ 1196.133681][   T31] Call Trace:
[ 1196.136970][   T31]  <TASK>
[ 1196.139893][   T31]  __schedule+0x1798/0x4cc0
[ 1196.144491][   T31]  ? __pfx___schedule+0x10/0x10
[ 1196.149361][   T31]  ? schedule+0x91/0x360
[ 1196.153589][   T31]  schedule+0x165/0x360
[ 1196.157795][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1196.163257][   T31]  __mutex_lock+0x7e6/0x1350
[ 1196.168334][   T31]  ? __mutex_lock+0x5bb/0x1350
[ 1196.173121][   T31]  ? rfkill_register+0x37/0x8e0
[ 1196.178000][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1196.183037][   T31]  ? __raw_spin_lock_init+0x45/0x100
[ 1196.188412][   T31]  ? __init_waitqueue_head+0xa9/0x150
[ 1196.193861][   T31]  ? device_initialize+0x24b/0x440
[ 1196.199026][   T31]  rfkill_register+0x37/0x8e0
[ 1196.203752][   T31]  hci_register_dev+0x3f5/0x890
[ 1196.208621][   T31]  vhci_create_device+0x39c/0x650
[ 1196.213704][   T31]  vhci_write+0x3ce/0x4a0
[ 1196.218070][   T31]  vfs_write+0x5c9/0xb30
[ 1196.222305][   T31]  ? __pfx_vhci_write+0x10/0x10
[ 1196.227220][   T31]  ? __pfx_vfs_write+0x10/0x10
[ 1196.231997][   T31]  ? count_memcg_event_mm+0x21/0x260
[ 1196.237489][   T31]  ksys_write+0x145/0x250
[ 1196.241841][   T31]  ? __pfx_ksys_write+0x10/0x10
[ 1196.247114][   T31]  ? do_syscall_64+0xbe/0xfa0
[ 1196.252002][   T31]  do_syscall_64+0xfa/0xfa0
[ 1196.256563][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1196.261856][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1196.267946][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1196.272626][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1196.278554][   T31] RIP: 0033:0x7f229b58d6a0
[ 1196.282974][   T31] RSP: 002b:00007ffff09c9d08 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 1196.291917][   T31] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f229b58d6a0
[ 1196.299940][   T31] RDX: 0000000000000002 RSI: 00007ffff09c9d1a RDI: 00000000000000ca
[ 1196.308056][   T31] RBP: 00007f229b7d67b8 R08: 0000000000000000 R09: 00007f229c30d6c0
[ 1196.316055][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[ 1196.324085][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[ 1196.332090][   T31]  </TASK>
[ 1196.335220][   T31] INFO: task syz-executor:17437 blocked for more than 145 seconds.
[ 1196.343113][   T31]       Not tainted syzkaller #0
[ 1196.348245][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1196.357034][   T31] task:syz-executor    state:D stack:28008 pid:17437 tgid:17437 ppid:1      task_flags:0x400040 flags:0x00080000
[ 1196.368983][   T31] Call Trace:
[ 1196.372263][   T31]  <TASK>
[ 1196.375260][   T31]  __schedule+0x1798/0x4cc0
[ 1196.379934][   T31]  ? __pfx___schedule+0x10/0x10
[ 1196.384833][   T31]  ? schedule+0x91/0x360
[ 1196.389095][   T31]  schedule+0x165/0x360
[ 1196.393261][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1196.398797][   T31]  __mutex_lock+0x7e6/0x1350
[ 1196.403404][   T31]  ? __mutex_lock+0x5bb/0x1350
[ 1196.408245][   T31]  ? rfkill_register+0x37/0x8e0
[ 1196.413115][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1196.418360][   T31]  ? __raw_spin_lock_init+0x45/0x100
[ 1196.423693][   T31]  ? __init_waitqueue_head+0xa9/0x150
[ 1196.429077][   T31]  ? device_initialize+0x24b/0x440
[ 1196.434261][   T31]  rfkill_register+0x37/0x8e0
[ 1196.438953][   T31]  hci_register_dev+0x3f5/0x890
[ 1196.443839][   T31]  vhci_create_device+0x39c/0x650
[ 1196.448873][   T31]  vhci_write+0x3ce/0x4a0
[ 1196.453189][   T31]  vfs_write+0x5c9/0xb30
[ 1196.457657][   T31]  ? __pfx_vhci_write+0x10/0x10
[ 1196.462517][   T31]  ? __pfx_vfs_write+0x10/0x10
[ 1196.467444][   T31]  ? count_memcg_event_mm+0x21/0x260
[ 1196.472765][   T31]  ksys_write+0x145/0x250
[ 1196.477147][   T31]  ? __pfx_ksys_write+0x10/0x10
[ 1196.482010][   T31]  ? do_syscall_64+0xbe/0xfa0
[ 1196.487204][   T31]  do_syscall_64+0xfa/0xfa0
[ 1196.491737][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1196.496976][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1196.503043][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1196.507749][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1196.513683][   T31] RIP: 0033:0x7f43c5b8d6a0
[ 1196.518098][   T31] RSP: 002b:00007ffe81044278 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[ 1196.526560][   T31] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f43c5b8d6a0
[ 1196.534582][   T31] RDX: 0000000000000002 RSI: 00007ffe8104428a RDI: 00000000000000ca
[ 1196.542544][   T31] RBP: 00007f43c5dd67b8 R08: 0000000000000000 R09: 00007f43c690d6c0
[ 1196.550551][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[ 1196.558559][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[ 1196.567039][   T31]  </TASK>
[ 1196.570092][   T31] 
[ 1196.570092][   T31] Showing all locks held in the system:
[ 1196.577918][   T31] 4 locks held by kworker/0:0/9:
[ 1196.582841][   T31]  #0: ffff88813fe81948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1196.593856][   T31]  #1: ffffc900000e7ba0 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1196.604878][   T31]  #2: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_epo+0x4c/0x180
[ 1196.614448][   T31]  #3: ffff88802f466100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[ 1196.624222][   T31] 1 lock held by khungtaskd/31:
[ 1196.629079][   T31]  #0: ffffffff8e33d260 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1196.639009][   T31] 2 locks held by getty/5623:
[ 1196.643722][   T31]  #0: ffff88814dbe60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1196.653798][   T31]  #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1196.663960][   T31] 1 lock held by syz-executor/5866:
[ 1196.669143][   T31]  #0: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1196.679414][   T31] 3 locks held by kworker/0:4/5935:
[ 1196.684705][   T31]  #0: ffff88813fe81948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1196.695710][   T31]  #1: ffffc9000520fba0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1196.709233][   T31]  #2: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[ 1196.720572][   T31] 3 locks held by kworker/0:5/5942:
[ 1196.725785][   T31]  #0: ffff88813fe81948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1196.736806][   T31]  #1: ffffc9000527fba0 ((work_completion)(&rfkill->uevent_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1196.749438][   T31]  #2: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_uevent_work+0x1d/0xa0
[ 1196.759598][   T31] 4 locks held by kworker/u8:12/14788:
[ 1196.765094][   T31] 1 lock held by syz-executor/16619:
[ 1196.770380][   T31]  #0: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1196.780551][   T31] 2 locks held by syz.0.3169/17244:
[ 1196.785878][   T31]  #0: ffff88802f466100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[ 1196.795788][   T31]  #1: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1196.806006][   T31] 2 locks held by syz-executor/17426:
[ 1196.811359][   T31]  #0: ffff88802574a918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650
[ 1196.821402][   T31]  #1: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1196.831402][   T31] 2 locks held by syz-executor/17437:
[ 1196.836799][   T31]  #0: ffff888067b85118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650
[ 1196.846873][   T31]  #1: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0
[ 1196.856862][   T31] 2 locks held by syz.5.3312/17747:
[ 1196.862059][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1196.870527][   T31]  #1: ffffffff8fa138c8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[ 1196.880595][   T31] 1 lock held by syz.5.3312/17748:
[ 1196.886116][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1196.894974][   T31] 5 locks held by kworker/u8:13/17754:
[ 1196.900479][   T31]  #0: ffff8880b863a018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[ 1196.910587][   T31]  #1: ffff8880b8624048 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
[ 1196.919512][   T31]  #2: ffff8880b8625958 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30
[ 1196.928498][   T31]  #3: ffffffff99eebf58 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0xbb/0x420
[ 1196.938804][   T31]  #4: ffffffff8e33d260 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa5/0x2390
[ 1196.948496][   T31] 1 lock held by syz.4.3315/17772:
[ 1196.953604][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1196.962104][   T31] 1 lock held by syz.3.3317/17776:
[ 1196.967286][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1196.975769][   T31] 1 lock held by syz.3.3317/17777:
[ 1196.980859][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1196.989354][   T31] 1 lock held by syz-executor/17780:
[ 1196.994658][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1197.003086][   T31] 1 lock held by syz-executor/17784:
[ 1197.008567][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1197.017165][   T31] 1 lock held by syz-executor/17785:
[ 1197.022454][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1197.031001][   T31] 1 lock held by syz-executor/17786:
[ 1197.036303][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1197.044769][   T31] 1 lock held by syz-executor/17788:
[ 1197.050050][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1197.058530][   T31] 1 lock held by syz-executor/17794:
[ 1197.063851][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1197.072390][   T31] 1 lock held by syz-executor/17797:
[ 1197.077700][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1197.086200][   T31] 1 lock held by syz-executor/17798:
[ 1197.091468][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1197.099937][   T31] 1 lock held by syz-executor/17800:
[ 1197.105245][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1197.113881][   T31] 1 lock held by syz-executor/17802:
[ 1197.119185][   T31]  #0: ffffffff8ebca2e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x350
[ 1197.128036][   T31] 
[ 1197.130376][   T31] =============================================
[ 1197.130376][   T31] 
[ 1197.139079][   T31] NMI backtrace for cpu 1
[ 1197.139093][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1197.139111][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1197.139121][   T31] Call Trace:
[ 1197.139128][   T31]  <TASK>
[ 1197.139136][   T31]  dump_stack_lvl+0x189/0x250
[ 1197.139168][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1197.139187][   T31]  ? __pfx__printk+0x10/0x10
[ 1197.139216][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1197.139240][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1197.139262][   T31]  ? __pfx__printk+0x10/0x10
[ 1197.139286][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1197.139309][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1197.139335][   T31]  watchdog+0xf60/0xfa0
[ 1197.139360][   T31]  ? watchdog+0x1e2/0xfa0
[ 1197.139384][   T31]  kthread+0x711/0x8a0
[ 1197.139405][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1197.139424][   T31]  ? __pfx_kthread+0x10/0x10
[ 1197.139444][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1197.139463][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1197.139481][   T31]  ? __pfx_kthread+0x10/0x10
[ 1197.139501][   T31]  ret_from_fork+0x4bc/0x870
[ 1197.139527][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1197.139557][   T31]  ? __switch_to_asm+0x39/0x70
[ 1197.139577][   T31]  ? __switch_to_asm+0x33/0x70
[ 1197.139595][   T31]  ? __pfx_kthread+0x10/0x10
[ 1197.139614][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1197.139649][   T31]  </TASK>
[ 1197.139725][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1197.284767][    C0] NMI backtrace for cpu 0
[ 1197.284794][    C0] CPU: 0 UID: 0 PID: 50 Comm: kworker/u8:3 Not tainted syzkaller #0 PREEMPT(full) 
[ 1197.284814][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1197.284825][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[ 1197.284853][    C0] RIP: 0010:should_fail_alloc_page+0x1a/0x100
[ 1197.284874][    C0] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 55 41 57 41 56 53 89 f5 89 fb e8 7d d8 9a ff 44 8b 35 5a e8 20 0c <89> ef 44 89 f6 e8 2c da 9a ff 44 39 f5 41 0f 93 c6 89 de 81 e6 00
[ 1197.284889][    C0] RSP: 0018:ffffc90000bb7548 EFLAGS: 00000293
[ 1197.284903][    C0] RAX: ffffffff822500a3 RBX: 00000000000d2820 RCX: ffff888021ab0000
[ 1197.284916][    C0] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 00000000000d2820
[ 1197.284927][    C0] RBP: 0000000000000003 R08: ffffc90000bb7620 R09: ffffc90000bb75f8
[ 1197.284939][    C0] R10: ffffc90000bb7620 R11: fffff52000176ec9 R12: 1ffff92000176ebf
[ 1197.284952][    C0] R13: 00000000000d2820 R14: 0000000000000000 R15: 1ffff92000176ec4
[ 1197.284964][    C0] FS:  0000000000000000(0000) GS:ffff8881259e7000(0000) knlGS:0000000000000000
[ 1197.284978][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1197.284990][    C0] CR2: 000055edbce07000 CR3: 000000000e138000 CR4: 00000000003526f0
[ 1197.285005][    C0] DR0: 0000000000000006 DR1: 0000000000000000 DR2: 0000000000000080
[ 1197.285016][    C0] DR3: 000000000f000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1197.285027][    C0] Call Trace:
[ 1197.285034][    C0]  <TASK>
[ 1197.285043][    C0]  prepare_alloc_pages+0x213/0x610
[ 1197.285064][    C0]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1197.285082][    C0]  ? stack_depot_save_flags+0x40/0x860
[ 1197.285104][    C0]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1197.285125][    C0]  ? policy_nodemask+0x27c/0x720
[ 1197.285141][    C0]  ? ___slab_alloc+0x151/0x1920
[ 1197.285159][    C0]  alloc_pages_mpol+0x232/0x4a0
[ 1197.285178][    C0]  allocate_slab+0x96/0x3a0
[ 1197.285198][    C0]  ___slab_alloc+0xe94/0x1920
[ 1197.285217][    C0]  ? __alloc_skb+0x142/0x2d0
[ 1197.285237][    C0]  ? __alloc_skb+0x142/0x2d0
[ 1197.285252][    C0]  __slab_alloc+0x65/0x100
[ 1197.285271][    C0]  __kmalloc_node_track_caller_noprof+0x5c7/0x800
[ 1197.285294][    C0]  ? __alloc_skb+0x142/0x2d0
[ 1197.285309][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1197.285333][    C0]  ? __alloc_skb+0x142/0x2d0
[ 1197.285349][    C0]  kmalloc_reserve+0x136/0x290
[ 1197.285367][    C0]  __alloc_skb+0x142/0x2d0
[ 1197.285385][    C0]  nsim_dev_trap_report_work+0x29a/0xb80
[ 1197.285421][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[ 1197.285444][    C0]  process_scheduled_works+0xae1/0x17b0
[ 1197.285479][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1197.285509][    C0]  worker_thread+0x8a0/0xda0
[ 1197.285542][    C0]  kthread+0x711/0x8a0
[ 1197.285561][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1197.285582][    C0]  ? __pfx_kthread+0x10/0x10
[ 1197.285604][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1197.285621][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1197.285638][    C0]  ? __pfx_kthread+0x10/0x10
[ 1197.285655][    C0]  ret_from_fork+0x4bc/0x870
[ 1197.285678][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1197.285702][    C0]  ? __switch_to_asm+0x39/0x70
[ 1197.285722][    C0]  ? __switch_to_asm+0x33/0x70
[ 1197.285741][    C0]  ? __pfx_kthread+0x10/0x10
[ 1197.285758][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1197.285785][    C0]  </TASK>
[ 1197.287264][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1197.619476][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[ 1197.628574][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1197.638661][   T31] Call Trace:
[ 1197.641930][   T31]  <TASK>
[ 1197.644858][   T31]  dump_stack_lvl+0x99/0x250
[ 1197.649440][   T31]  ? __asan_memcpy+0x40/0x70
[ 1197.654024][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1197.659215][   T31]  ? __pfx__printk+0x10/0x10
[ 1197.663807][   T31]  vpanic+0x237/0x6d0
[ 1197.667777][   T31]  ? __pfx_vpanic+0x10/0x10
[ 1197.672269][   T31]  ? preempt_schedule_common+0x83/0xd0
[ 1197.677722][   T31]  panic+0xb9/0xc0
[ 1197.681433][   T31]  ? __pfx_panic+0x10/0x10
[ 1197.685838][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1197.691201][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[ 1197.697611][   T31]  watchdog+0xf9f/0xfa0
[ 1197.701761][   T31]  ? watchdog+0x1e2/0xfa0
[ 1197.706084][   T31]  kthread+0x711/0x8a0
[ 1197.710147][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1197.714811][   T31]  ? __pfx_kthread+0x10/0x10
[ 1197.719387][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1197.724573][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1197.729756][   T31]  ? __pfx_kthread+0x10/0x10
[ 1197.734338][   T31]  ret_from_fork+0x4bc/0x870
[ 1197.738926][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1197.744037][   T31]  ? __switch_to_asm+0x39/0x70
[ 1197.748794][   T31]  ? __switch_to_asm+0x33/0x70
[ 1197.753574][   T31]  ? __pfx_kthread+0x10/0x10
[ 1197.758192][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1197.762959][   T31]  </TASK>
[ 1197.766433][   T31] Kernel Offset: disabled
[ 1197.770773][   T31] Rebooting in 86400 seconds..