last executing test programs:

4m36.099682272s ago: executing program 1 (id=954):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x20088004, 0x0, 0x0)
open_tree(0xffffffffffffffff, 0x0, 0x100)
sendto$inet6(r4, &(0x7f00000009c0), 0x0, 0xc001, 0x0, 0x0)
setsockopt$inet6_udp_int(r4, 0x11, 0x1, &(0x7f0000000080), 0x4)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCSPASS(r5, 0x40107447, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x50, 0xff, 0x0, 0xffeffffd}]})

4m35.627578836s ago: executing program 1 (id=958):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0xfffffd63, &(0x7f00000002c0)={0x0, 0x41, 0x0, &(0x7f00000003c0)=""/166, 0xab}}, 0x10)
r4 = syz_io_uring_setup(0x237, &(0x7f0000000240)={0x0, 0x8101, 0x0, 0x0, 0x24f}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000600)=<r6=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f00000001c0)={&(0x7f0000001000)={[{0x0, 0x0, 0x1}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x80, 0x3, 0x0, 0x9276, 0x0, 0x0, {0x1}})
io_uring_enter(r4, 0x47bc, 0x3bf6, 0x7, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000500)=""/74, 0xeeef0000})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
unshare(0x64000600)
ioctl$VHOST_SET_LOG_BASE(r2, 0x4008af04, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(0x0, 0x0, 0x1e)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

4m32.581704005s ago: executing program 1 (id=969):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
clock_adjtime(0x0, &(0x7f0000000100)={0x362, 0x6a, 0x55cd, 0x8000000000000001, 0x48c, 0x5, 0xd, 0x424, 0x2, 0xffffffffffffffff, 0xf423f, 0xfffffffffffffff9, 0x7, 0x2, 0x1000000081, 0x5, 0x0, 0x5, 0x2, 0x9220000000000000, 0x3, 0x0, 0x80000001, 0x0, 0x5, 0x7})
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48})

4m29.976978411s ago: executing program 1 (id=978):
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_mreqn(r1, 0x0, 0x20, 0x0, 0x300)
r2 = socket$kcm(0x10, 0x2, 0x0)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000a40)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100003e4e00000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYRESDEC=r3], 0x60}}, 0x0)
syz_emit_ethernet(0x103, &(0x7f00000007c0)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xf5, 0x0, 0x0, 0x0, 0x73, 0x0, @dev={0xac, 0x14, 0x14, 0x40}, @multicast1=0xac1414aa}, {0x0, 0x0, 0xe1, 0x0, @opaque="41a53bc57d107c6ff061f03cf6bb904c78ef576fdf1a82582813d34772ce2518f6e064561bc8e7c4c3b88889ba6f28ff51a9fa5b94875a7f49e85b4bac7040c621fa1ab002461bb46e93c9f5664d16a8691bdff00d19f7d7fa1a06180e28c9c4ba89da8d2b37f8b0922eaf0298e2395e4b02c08e80b8dfbdfaf63d3c0cd02bc258452710b9ef5347ac7329042cbf02c5878b573d4abaeb9da781b320fd79d482302a8a531644f0d27c0bef42ed5444393fcb1886713b667dc79bd243ea971d9779b208dea2b767d07df0f49a807f9e23d1a8affe410311d179"}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000020000000000000000"], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r5 = socket(0x10, 0x3, 0x0)
write(r5, 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={0x1c, 0x3, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
recvmsg(r2, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)

4m28.396659587s ago: executing program 1 (id=980):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_hci(r1, 0x0, 0x1, &(0x7f0000000180)=""/160, &(0x7f00000000c0)=0xa0)
sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="740000006d1efccc942cbb312ee44851852efb4680bb5bce7253b0524bd8f5a6b040c92e38d5fa2756432d70fbb4c0b3a98d8a14fcc0d9fb9ae243ab26e68a99b2a0c41ba5dcd9e9513510f1b004f685684181a3ff0ded4360a8b800c2684754b69359201f917fb79ad71042337471af2f451347eaf238dce9042f41f3651000826a96cd7bb3e3d3606ecea3e6ee74be3e79f281b12fa6d6c619123b29904cedef6303c6baed1e6f4e7b88cd50bac8dcd59703b8525c2d1f78c9bda0cb9440c93d0da327f53b09242668a4d37ab0b3ef00f930e0fbbff187c34d92fbe3ed6d9a361a467b0faf165cb7cc20e61f323e31e5", @ANYRES16=0x0, @ANYBLOB="00012abd7000ffdbdf256b0000000a001a0008021100000000000a001a00ffffffffffff00000a00060008021100000100000a00060008021100000000000a00060008021100000100000a00060008021100000100000a001a0008021100000000000a0006000802110000010000"], 0x74}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000680), 0x109800, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
ioctl$TUNDETACHFILTER(r3, 0x8903, 0x1000000000000)
ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f00000006c0)={0x1, 0x1, {0x7, 0x1, 0x2, 0xe, 0x1e, 0xda7, 0x3, 0x100}})
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x23f, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x2}, 0x50)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)=@o_path={&(0x7f0000000080)='./file0\x00', 0x0, 0x0, r2}, 0x18)
r6 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000005c0), 0x8000, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=@bloom_filter={0x1e, 0x5, 0x4, 0x0, 0x0, 0x1, 0xffff, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x4, 0x8}, 0x50)
r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000007c0)=@o_path={&(0x7f0000000780)='./file0\x00', 0x0, 0x0, r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xffffff55)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='oom_score_adj_update\x00', r9}, 0x10)
r10 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x82100, 0x0)
fcntl$setstatus(r10, 0x4, 0x40000)
r11 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_adj\x00')
writev(r11, &(0x7f00000002c0)=[{&(0x7f0000000280)='0', 0x1}], 0x1)
r12 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
getuid()
r13 = dup(r12)
ioctl$IOMMU_IOAS_COPY$syz(r13, 0x3b83, &(0x7f00000000c0)={0x28, 0x10000, 0x0, 0x0, 0x7ffffffffffffffe, 0xffffffffffffffff, 0x2})
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0xe, 0x1, 0x428}}}, 0x7)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000880)={{0xffffffffffffffff, <r14=>0xffffffffffffffff}, &(0x7f0000000800), &(0x7f0000000840)='%-5lx  \x00'}, 0x20)
r15 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000008c0)='/proc/sys/net/ipv4/vs/cache_bypass\x00', 0x2, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000980)={{0xffffffffffffffff, <r16=>0xffffffffffffffff}, &(0x7f0000000ac0), &(0x7f0000000900)='%pS    \x00'}, 0x20)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a00)=@bpf_tracing={0x1a, 0x22, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfc000000}}, @map_val={0x18, 0x9, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x9}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x3}, @call={0x85, 0x0, 0x0, 0x23}, @call={0x85, 0x0, 0x0, 0x9a}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000004c0)='GPL\x00', 0x6, 0xb2, &(0x7f0000000500)=""/178, 0x41000, 0x5, '\x00', 0x0, 0x17, r6, 0x8, &(0x7f0000000600)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0xd, 0x5ec, 0x2}, 0x10, 0x148d2, 0xffffffffffffffff, 0x0, &(0x7f00000009c0)=[r7, r8, r13, r14, r15, r16], 0x0, 0x10, 0x80}, 0x94)

4m28.226164088s ago: executing program 1 (id=981):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
syz_open_dev$video(0x0, 0xa7, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000002000)=""/102400, 0x19000)
socket(0x2a, 0x2, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000000206030000000000000000000d0000000c000300686173683a69700005000400000000000900020073797a31000000000c000780080008400000005d05000500020000000500010006"], 0x50}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

4m12.604144781s ago: executing program 32 (id=981):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
syz_open_dev$video(0x0, 0xa7, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000002000)=""/102400, 0x19000)
socket(0x2a, 0x2, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000000206030000000000000000000d0000000c000300686173683a69700005000400000000000900020073797a31000000000c000780080008400000005d05000500020000000500010006"], 0x50}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

2m40.428827685s ago: executing program 5 (id=1273):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
socket(0x10, 0x803, 0x0)
ioctl$VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045613, &(0x7f0000000280)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB], 0x0, 0x2003}, 0x94)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r2, &(0x7f00000024c0)=[{{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000800)=""/245, 0xf5}], 0x1}, 0x9}], 0x1, 0x10000, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0)

2m37.11966196s ago: executing program 5 (id=1281):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x15)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_io_uring_setup(0x5c00, &(0x7f0000000200)={0x0, 0xfec6, 0x80, 0x3, 0x1ea}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r6, 0x10e, 0xb, &(0x7f0000000000)=0x402, 0x4)
sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4000000)
syz_io_uring_submit(r4, r5, 0x0)
io_uring_enter(r3, 0xdb4, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x9, 0x0, 0x8a, 0x0, 0x0, 0x2000000}})
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d48", 0x3}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r7 = creat(&(0x7f0000000440)='./file0\x00', 0x0)
open_by_handle_at(r7, &(0x7f0000000140)=@OVL_FILEID_V1={0x13, 0x300fb, {'\x00', {0x0, 0xfb, 0x15, 0x7, 0x5, "e837282efe0868327a31a705ec978547"}}}, 0x830200)
r8 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_enable(r8, &(0x7f0000000100)='0', 0x1)

2m36.003716701s ago: executing program 5 (id=1284):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x0, 0x37}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={r3, 0xfffffd63, &(0x7f00000002c0)={0x0, 0x41, 0x0, &(0x7f00000003c0)=""/166, 0xab}}, 0x10)
r4 = syz_io_uring_setup(0x237, &(0x7f0000000240)={0x0, 0x8101, 0x0, 0x0, 0x24f}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000600)=<r6=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f00000001c0)={&(0x7f0000001000)={[{0x0, 0x0, 0x1}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x80, 0x3, 0x0, 0x9276, 0x0, 0x0, {0x1}})
io_uring_enter(r4, 0x47bc, 0x3bf6, 0x7, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000500)=""/74, 0xeeef0000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
unshare(0x64000600)
ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(0x0, 0x0, 0x1e)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

2m33.721854298s ago: executing program 5 (id=1289):
r0 = syz_open_dev$vcsa(&(0x7f0000000100), 0x80000000001, 0x3231c1)
lseek(r0, 0x0, 0x1)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
write$dsp(0xffffffffffffffff, &(0x7f0000000880), 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d)
r3 = syz_open_procfs(0x0, 0x0)
preadv(r3, &(0x7f0000000140)=[{0x0}], 0x1, 0xfffffffc, 0x104)
prlimit64(0x0, 0x2, &(0x7f0000000340)={0x400, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f0000000380)="9497def95cd26e221dfb8291922856cb5a06557fbb75aaf1143b4d6ec2f720781f17ccaf6e1161b35cfadf1fce67daba0336e709b011c12814825d9955408c7147083af9002c52c74e168d818aab0dd6f4b140", 0x53}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x30, r0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f00000000c0)='./cgroup\x00', 0x0, 0x4, 0x0)
syz_clone(0x8001100, 0x0, 0xfffffffffffffdcc, 0x0, 0x0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='qnx4\x00', 0x304800, 0x0)
umount2(&(0x7f0000000180)='./file0\x00', 0x6)
socket$inet_icmp(0x2, 0x2, 0x1)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
userfaultfd(0x801)
open$dir(&(0x7f00000001c0)='./file0\x00', 0x204000, 0x12d)
syz_open_dev$loop(&(0x7f0000000080), 0x7ff, 0x683)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x1bb2512b86580a01, 0x0)

2m32.020940057s ago: executing program 5 (id=1294):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000001680)=ANY=[], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x6a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x18)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000e, 0x204031, 0xffffffffffffffff, 0x888e6000)
r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x201, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xe09d, 0x0, 0x1, 0x33f, 0x0, r2}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r2, 0x0, 0x0})
syz_clone(0x5c830200, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xa, &(0x7f0000000100)={0x100009, 0xfffffffffffffffe}, 0x0)
r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r5, 0x0, &(0x7f00000000c0)=<r6=>0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7)
sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a00)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010023010000340200000200000008000100", @ANYRES32=r6], 0x1c}}, 0x0)
write$nci(r5, &(0x7f0000000780)=ANY=[@ANYBLOB="9f2e0240d566"], 0x5)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000001c0))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = openat$cgroup_freezer_state(r9, &(0x7f0000000140), 0x2, 0x0)
write$cgroup_freezer_state(r10, &(0x7f0000000240)='FROZEN\x00', 0xfffffffffffffffa)
mount(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000040)='binfmt_misc\x00', 0x281c012, 0x0)
sendfile(r10, r10, 0x0, 0x9)
unshare(0x6a040000)
syz_usb_connect(0x3, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000e7017f40d61244043d29010203010902120001000000000904cc00008b0a2e00"], 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)

2m28.475644957s ago: executing program 5 (id=1301):
r0 = syz_open_dev$cec(&(0x7f00000002c0), 0x0, 0x181800)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x40, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "f6380000000000000000a93c"]})
ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000d40)={0xc, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x4064, "5700ed00", 0x0, 0x0, 0x0, 0x0, 0x5, 0x2})
syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x9ce40, 0x0)
syz_io_uring_setup(0x207132, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
ioctl$TCXONC(r1, 0x540a, 0x2)
socket(0x400000000010, 0x3, 0x0)
mq_open(0x0, 0x42, 0x1f0, 0x0)
mq_unlink(&(0x7f00000002c0)='eth0\x00\xd6\x1b\xd1\xbc\x1d\xb84z\x96\xda\x9c\x1f\xd5G\xf2\n\x81\x847C\xaa?^\xca\x1a\'\xf6\xe7\x93\x1d\xb6\xd5T\xa5(\x8f\x7f\xf9\xea\x88\x82\x81\x95\x01\x0ee\x85\x8cZ\xfc\xf9A\xe2\xbc3s\xd7\xc5Y\xfb\xbb^+\xa8\x1a\x00I}qu\xf6\x1e\xb7\xb7\xb6\xc5+\xfe:p?\xf4\xc1\\k)5\x8c6\x14P\xfd\xdd\xafu%h\xfd\xee[\xb1V\'p\xa8\xce\xfd\xb8')
syslog(0x0, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x4000)
syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)}, 0x20)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
shutdown(r3, 0x0)
recvmmsg(r3, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r2, &(0x7f00000007c0)}, 0x20)

2m13.251104674s ago: executing program 33 (id=1301):
r0 = syz_open_dev$cec(&(0x7f00000002c0), 0x0, 0x181800)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x40, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "f6380000000000000000a93c"]})
ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000d40)={0xc, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x4064, "5700ed00", 0x0, 0x0, 0x0, 0x0, 0x5, 0x2})
syz_open_dev$video(&(0x7f0000000000), 0x7ff, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x9ce40, 0x0)
syz_io_uring_setup(0x207132, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
ioctl$TCXONC(r1, 0x540a, 0x2)
socket(0x400000000010, 0x3, 0x0)
mq_open(0x0, 0x42, 0x1f0, 0x0)
mq_unlink(&(0x7f00000002c0)='eth0\x00\xd6\x1b\xd1\xbc\x1d\xb84z\x96\xda\x9c\x1f\xd5G\xf2\n\x81\x847C\xaa?^\xca\x1a\'\xf6\xe7\x93\x1d\xb6\xd5T\xa5(\x8f\x7f\xf9\xea\x88\x82\x81\x95\x01\x0ee\x85\x8cZ\xfc\xf9A\xe2\xbc3s\xd7\xc5Y\xfb\xbb^+\xa8\x1a\x00I}qu\xf6\x1e\xb7\xb7\xb6\xc5+\xfe:p?\xf4\xc1\\k)5\x8c6\x14P\xfd\xdd\xafu%h\xfd\xee[\xb1V\'p\xa8\xce\xfd\xb8')
syslog(0x0, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x4000)
syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)}, 0x20)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
shutdown(r3, 0x0)
recvmmsg(r3, &(0x7f00000055c0), 0x400023c, 0x300, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r2, &(0x7f00000007c0)}, 0x20)

16.212651322s ago: executing program 4 (id=1667):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newqdisc={0x70, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000001, 0x6, 0x8, 0xfffffffe, 0xd99d}}]}]}}}]}, 0x70}}, 0x0)
sendto$packet(r0, &(0x7f00000002c0)="44c33b69ebc9e05e9bdec0c288a8", 0x36, 0x830, &(0x7f0000000440)={0x11, 0x86dd, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14)

16.025993221s ago: executing program 4 (id=1668):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x65, 0x0, 0x0, 0x0, 0x0, @multicast1, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f3, &(0x7f0000000240)={'syztnl0\x00', &(0x7f0000000140)={'gretap0\x00', 0x0, 0x7800, 0x0, 0x0, 0x8f2, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}})
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x800)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000480)={'vxcan0\x00', <r8=>0x0})
sendto$packet(r7, &(0x7f0000000080)="18", 0x1, 0x2, &(0x7f0000000340)={0x11, 0xc, r8, 0x1, 0x0, 0x6, @multicast}, 0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, 0x0)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed888f57700c3337aeb1b37b4fe035bbb09587", 0x4b}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46", 0xb5}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x4048800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRES32=0x0, @ANYBLOB="7b13000000000000140012800b00010062726964676500000400028008001f0005000000"], 0x3c}}, 0x40880)

15.077480798s ago: executing program 4 (id=1670):
r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}, 0x0, 0x0, 0xff}, 0x20)
r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000b00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70200000000df00850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2e00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
read$midi(r2, &(0x7f00000001c0)=""/147, 0x93)
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(r0, 0x4068aea3, &(0x7f0000000000))
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000002000)=""/102400, 0x19000)
vmsplice(r6, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f000001b000)}], 0x3, 0x2)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @private2, 0x3ff}, 0x1c)
r8 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r8, 0x200000000114, 0x2721, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9)
writev(0xffffffffffffffff, &(0x7f00000002c0), 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_mreq(r6, 0x29, 0x1c, &(0x7f0000000480)={@remote}, 0x14)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="200000001100010027bd7000fddbdf2500000000", @ANYRES64=r5], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

13.416807686s ago: executing program 4 (id=1676):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socket$inet(0x2, 0x3, 0x2) (async)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r1, 0x0, 0x27, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0) (async)
timer_settime(0x0, 0x0, 0x0, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)={0x1002, 0x173, 0x0, 0xde, 0x6, 0x3, 0xd}, 0xc)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r2)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) (async)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup(r5, &(0x7f0000000100)='syz0\x00', 0x1ff)
r6 = openat$cgroup_devices(r5, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r6, &(0x7f0000000180)=ANY=[@ANYBLOB='b *:*m\x00\x00\x00'], 0x9)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000002c0)={'syztnl0\x00', &(0x7f0000000240)={'syztnl0\x00', <r7=>0x0, 0x2f, 0x3, 0x5f, 0x9, 0x0, @local, @empty, 0x10, 0x80, 0xfffffff9, 0x100}})
sendmsg$nl_route(r4, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[@ANYBLOB="30000000681b00002dbd7000fedbdf250a000300080000000c000880060006000040000008000500103a925183840815c3aeacfd3fc30ee55ac065fceb708437255ac305ce83745614c55fe662ddcab4883d86d8f5e73865eeb3d3ab972db7f2fa3b8d43f628088107d4373e364831ad70a5e475e5", @ANYRES32=r7, @ANYBLOB="04000b00"], 0x30}, 0x1, 0x0, 0x0, 0x40841}, 0x20048050) (async)
sendmsg$nl_route(r4, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[@ANYBLOB="30000000681b00002dbd7000fedbdf250a000300080000000c000880060006000040000008000500103a925183840815c3aeacfd3fc30ee55ac065fceb708437255ac305ce83745614c55fe662ddcab4883d86d8f5e73865eeb3d3ab972db7f2fa3b8d43f628088107d4373e364831ad70a5e475e5", @ANYRES32=r7, @ANYBLOB="04000b00"], 0x30}, 0x1, 0x0, 0x0, 0x40841}, 0x20048050)
r8 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_usb_connect(0x5, 0x36, &(0x7f0000000500)=ANY=[@ANYRESOCT=r4, @ANYRES16=r7, @ANYRESDEC=r0, @ANYRES16=r7, @ANYBLOB="2478f7e00647bcdde34698facfc6aa24a1a807d72f503f58e9c08b7eec729445f20426ba5a58652136d7ff2e0d7b22a73df5f5d8e700163ee2e4c23661d4354be362b4e372b81af4660d2f513561"], 0x0) (async)
syz_usb_connect(0x5, 0x36, &(0x7f0000000500)=ANY=[@ANYRESOCT=r4, @ANYRES16=r7, @ANYRESDEC=r0, @ANYRES16=r7, @ANYBLOB="2478f7e00647bcdde34698facfc6aa24a1a807d72f503f58e9c08b7eec729445f20426ba5a58652136d7ff2e0d7b22a73df5f5d8e700163ee2e4c23661d4354be362b4e372b81af4660d2f513561"], 0x0)
socket$kcm(0x10, 0x2, 0x0) (async)
r9 = socket$kcm(0x10, 0x2, 0x0)
r10 = userfaultfd(0x80000)
ioctl$UFFDIO_MOVE(r10, 0xc028aa05, &(0x7f0000000100)={&(0x7f00001d0000/0x1000)=nil, &(0x7f00005c5000/0xc000)=nil, 0x1000, 0x2})
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)=@rxrpc=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e24, 0xa, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0xfc2a}}, 0xffffff06, 0x0}, 0x4000000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000000)="d800000010008104685fa3aa7143a0f8c81ded0b25000000e8fe09a11800150006001400000000120800030043000040a8002b000a", 0x35}], 0x1}, 0x20000880)
write$cgroup_subtree(r9, &(0x7f0000000000)=ANY=[], 0xfe33)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

10.586343981s ago: executing program 6 (id=1684):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0xd, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xffffffff}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, 0x0, &(0x7f00000000c0))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x8000)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000240)='system.posix_acl_default\x00', 0x0, 0x2c, 0x0)
recvmmsg$unix(r3, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000180), 0x135880)
socket$key(0xf, 0x3, 0x2)
socket(0x2, 0x80805, 0x20000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, 0x0, &(0x7f0000000180)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000000)={r5, &(0x7f0000000280), 0x0}, 0x20)

9.858058291s ago: executing program 4 (id=1686):
lsm_set_self_attr(0x65, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x20, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r0, &(0x7f00000002c0)="f9", 0x1, 0x40, &(0x7f0000000040)={0xa, 0x0, 0xfffffffc, @rand_addr=' \x01\x00'}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x4, 0x5}, &(0x7f0000000240)=0x18)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=<r1=>0x0)
prlimit64(r1, 0x2, &(0x7f0000000140)={0x0, 0x100000000000008b}, 0x0)
r2 = socket(0x28, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r4, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x81, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f000000a200)='afs_cell\x00', r5}, 0x10)
r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000300)='source', &(0x7f00000000c0)='%(,:', 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90)
r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'dummy0\x00', <r9=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r7, r9, 0x25, 0x2, @void}, 0x10)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
bpf$LINK_DETACH(0x22, 0x0, 0x0)

7.516004938s ago: executing program 2 (id=1694):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000f80)=ANY=[@ANYBLOB="240000000408010400000000000000bb6f877f6c3b56eb93de9baab135000a0000000600"], 0x24}, 0x1, 0x0, 0x0, 0x20040404}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x74d, 0x0, 0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000240)=[{&(0x7f00000003c0)=""/219, 0xdb}], 0x1)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r5, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000b2"], 0x5b0}, 0x20008001)
sendmsg$inet6(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000022c0)="f14889c2ad234ad6f0a71da72859c7c1e176134eff431253493482c723f8633d838bf127adff9f48a8854702b889321dfefd5644a03e0e41fb1cd1e442ac39d59aa0370071b34de016c447989af4c7d374e269dcbc1ce5f7083363d5bb2641018094b1721358f7a6c82f35dd9ed03c7be3fc46e5ef7b1fde49376ecde0494076cbe41c8292de99cc323303fda797e0704d3143999a0f53c8c056f2d7c2614c1bd977cc3e42e07548870d6bf096bf0369ee6a3f85cb27ec069f135e88005eb6147c3c08e1c787c9b5f9579653b876d44f3eb55573068fd1355b6fb755d1a72cb8eddfb7928f40f81e88e41bd2b3477299f540275d5107cd0dcb493a6f84ddbb9b43a60169c9ce7abb46e2d65a662a4e48cfafe180fbad39ee09548985149d100a6df90948f173ee8d7884fe5a916395d9631d7c55a09db75724229f3f492aca7c60e7c0984e5e05d55524887462", 0x14d}], 0x1}, 0x20000044)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r4, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4e, 0x0, &(0x7f0000000140)="cca9efaa32a4009ea301f8c4cd3e8a2800daf9f7fcadfe677fe774109efbab5e9a00a08f6145640ff49d2c711fdf719ea8daa38a5306ddbf11a6ed1b53f931d8853c57a829aababd627e4f252059"})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x20, 0x0, &(0x7f0000000340)=[@request_death, @clear_death], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0xc, 0x0, &(0x7f0000000280)=[@dead_binder_done], 0x0, 0x0, 0x0})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(0x0, r3, 0x0)
io_uring_enter(r2, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000040)=0xc, 0x4)

7.26309602s ago: executing program 6 (id=1695):
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r0, 0x0, 0x0)
sendmsg$alg(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724190000006f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0ed9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab778c50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b28448692686ac80d81a89f9c29e276800"/2574], &(0x7f0000000140)='GPL\x00'}, 0x48)
r3 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r3, 0x0, 0x20000811)
r4 = socket$kcm(0x29, 0x2, 0x0)
writev(r4, &(0x7f0000000480)=[{&(0x7f00000001c0)="13", 0x1}], 0x1)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000040)={r3, r2})
ioctl$sock_kcm_SIOCKCMUNATTACH(r4, 0x89e1, &(0x7f0000000340)={r3})
close_range(r1, 0xffffffffffffffff, 0x0)

6.344318486s ago: executing program 3 (id=1697):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
unshare(0x22020600)
r1 = syz_io_uring_setup(0x17af, &(0x7f0000000500)={0x0, 0xbc48, 0x13290, 0x0, 0x1e1}, &(0x7f0000000300)=<r2=>0x0, &(0x7f0000000340)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1})
io_uring_enter(r1, 0x1, 0xffff4000, 0x1, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000c13bdacd210efe9a20e37f982000ad09000000000000000000000000002000e594000000000000009e258e0b2b2fc9544dc0d20003e56ddbb9ae4961e3efbc2140d36faf46f0623e00bf14182a1e1517e86a2a144f3aed0146863f6fec3bbef2f426b479ea470739d60e47c707b0bcbf"], &(0x7f0000000700)='GPL\x00', 0x40000, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendto$inet6(r7, &(0x7f0000000100), 0xffffffe3, 0x4004840, 0x0, 0xfffffffffffffe1b)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30)
openat$tun(0xffffffffffffff9c, 0x0, 0xa2f01, 0x0)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f00000000c0)={0x84, @local, 0x4e20, 0x3, 'rr\x00', 0x30, 0x4, 0x68}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'fo\x00', 0x11, 0x3240, 0x3a}, {@loopback, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44)

6.265111269s ago: executing program 2 (id=1698):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x8000)
recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0)

6.249267728s ago: executing program 6 (id=1699):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x42002, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r0 = open(&(0x7f00000000c0)='./cgroup/../file0\x00', 0x284800, 0x30)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x4, r0})
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x6d5)
socket$vsock_stream(0x28, 0x1, 0x0)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x28}}, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="200000001000010700000000e9ffffff0a0000000c0002006e6c3830323131"], 0x20}}, 0x0)
recvmmsg(r4, &(0x7f000001f240)=[{{&(0x7f0000000240)=@ieee802154={0x24, @long}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000040)=""/64, 0x40}, {&(0x7f0000000340)=""/88, 0x58}, {&(0x7f0000000480)=""/143, 0x8f}, {&(0x7f0000000600)=""/188, 0xbc}], 0x4, &(0x7f0000000740)=""/9, 0x9}, 0x5}, {{&(0x7f0000000780)=@generic, 0x80, 0x0}, 0x400}, {{0x0, 0x0, &(0x7f0000000cc0), 0x0, &(0x7f0000000d40)=""/180, 0xb4}, 0xf}, {{&(0x7f0000000e00)=@alg, 0x80, &(0x7f0000001f40)=[{&(0x7f0000000e80)=""/140, 0x8c}, {0x0}], 0x2, &(0x7f0000001f80)=""/97, 0x61}, 0x5b9}, {{0x0, 0x0, 0x0}, 0x1ea7}, {{0x0, 0x0, &(0x7f000001b580)=[{0x0}], 0x1}, 0x6}, {{&(0x7f000001b5c0)=@l2={0x1f, 0x0, @fixed}, 0x80, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f000001cd40)=[{&(0x7f000001b800)=""/165, 0xa5}, {0x0}, {&(0x7f000001b980)=""/194, 0xc2}, {&(0x7f000001f4c0)=""/237, 0xed}, {&(0x7f000001cb80)=""/234, 0xea}, {0x0}], 0x6, &(0x7f000001cdc0)=""/229, 0xe5}, 0x100}, {{0x0, 0x0, &(0x7f000001d140)}, 0xe}, {{&(0x7f000001d180)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f000001e200), 0x0, &(0x7f000001e240)=""/4096, 0x1000}, 0x2}], 0xa, 0x0, 0x0)

6.195422001s ago: executing program 2 (id=1700):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x15)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_io_uring_setup(0x5c00, &(0x7f0000000200)={0x0, 0xfec6, 0x80, 0x3, 0x1ea}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r6, 0x10e, 0xb, &(0x7f0000000000)=0x402, 0x4)
sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4000000)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0xdb4, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x9, 0x0, 0x8a, 0x0, 0x0, 0x2000000}})
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee", 0x15}, {&(0x7f0000000040)}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r7 = creat(&(0x7f0000000440)='./file0\x00', 0x0)
open_by_handle_at(r7, &(0x7f0000000140)=@OVL_FILEID_V1={0x13, 0x300fb, {'\x00', {0x0, 0xfb, 0x15, 0x7, 0x5, "e837282efe0868327a31a705ec978547"}}}, 0x830200)
r8 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_enable(r8, &(0x7f0000000100)='0', 0x1)

5.261685852s ago: executing program 3 (id=1702):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x50, 0x1)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, <r1=>0x0, 0x0, 0x0, 0x6, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GETFB(r0, 0xc01c64ad, &(0x7f0000000300)={r1})
getpid()
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
socket(0x10, 0x803, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000000300)=ANY=[], 0x1b0)
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, 0x0, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f0000000100)={0x2, 0x0, @rand_addr=0x64010101}, 0x10)
setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r6, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x80008, 0x1ff}, 0x0)
ioctl$KVM_SET_TSC_KHZ_cpu(r4, 0xaea2, 0x5)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
sched_setscheduler(0x0, 0x3, &(0x7f0000000040)=0x2c99e088)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x3, 0x0)
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000080)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r8, 0x7ab, &(0x7f0000000040)={&(0x7f0000001000)={{@host}, {@my=0x0, 0x4000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b8317ad07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7d9ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162f3abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c900"}, 0x418})
sendmmsg$inet(r7, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}, {{&(0x7f0000000140)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000300)="1c325258c4e68253404a8e505f6d82484d35fd088d9a9fcbd8f5a04abd040f55a5e37e70c0caedb50aed4f100ea70b63b50dcb7620b6cbf7023fd3940055a30faa4a0e0651e2c912807f2aac5135322643f1094ad512a94c326bb318ae3e837371f6f5abad5be48a46d6cfae385bd3e48206b530121a23bf658346bc60b9a85dfc22693c9948ec3f490d4a65099219ceaf602d64b8661e72d8b6a068a5b5323e5b267d44bbb7dacf8dbe08a9abfb16477e33838f68a045bfc3e791355abc545a1d3407b1c74febf2267271565d90f83e1ac7d6b0e11b020fb6b5", 0xda}, {&(0x7f0000000500)="047312454ad8cfc2aca3bc49e892d64ad6200f902b8bfadd254f5eafdeef751c5a09e9a2e0561ebb38d94f5096f36a165e1aabb2e50ffecb89e254d68637965e819c1bf72ee4e2e0dccc329f95a67ae48b61695666ad8e154f48cb3dcd6c10e25c3d681bfe16eccd1d0f66365732d9b99cfb3edab17efa0d73657e717ed3a75842b960da70b8e67bd7226759cca16155c96c69bb7f53180c9782077c2199b0cddeed39984a5dafa13067256c9092d6148212cac4a42554e99fd13c375c8255e63d90fe4311218715f13f8c4405539446be676dad3619a2e6c87df0707c2b63f29342b54f51965c549b438c027b5d10f73390ec50", 0xf4}, {&(0x7f0000000600)="ed45f51db6bd5caf6e0642c02a8c327d27620977e25592a723aa61405a8a7110dd470426d3ef4166adae90aabbc0dc6f264455ed4b2779420c3bf5540232a894a97b34eedd415ff8c2867c45cb6a87a05744487f5d97e3be149f1fd1b9894d50fdf3392578aff132ecba26d5bb8ff8dec734a528a3888d5bf117e40856c910b8ef0b6be15af25586dacd7618702d0942e08fc7a5c900cf3215da8a0796d87846801ba2fb5cfa165f66651e124d3aef14e2f94d8df4cb31a758d841a24763c07e666d2869653f24922bb891bc14d2ab7737b2b251bc6208d48b1964d4ef4c5bf799bf3e72f7f71d02d3c932d864", 0xed}], 0x3, &(0x7f0000000780)=ANY=[@ANYBLOB="1c000040000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac14141eac141444000000001400000000000000000000000200000005000000000000006c00000000000000000000000700000044247c200000000000000006000000ff0000000100000037000000010000000900000f20072779ac1414bbac1414aa0a010101ac1414aae00000010a01010264010102ffffffff640101010000440cf173ac1414bb000070da0000000000000014000000000000000000000001000000000f0000000000002c0000000000000000000000070000004408f9d0000000004404a3f3440c4d70000001ff00000010940400000000000011000000000000000000000001000000810000000000000014000000000000000000000001000000ff0f000000000000"], 0x120}}, {{&(0x7f0000000700)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f0000000a40)=[{&(0x7f00000008c0)="31340f7d150616bd9bad5709a3d286170342df06dc23d119e7801704f6c3c496f4807ab6f545a9880f103e8b7fa47a4560749ba5e053f9069531ee55068f4de66965f6d1b5d9b32518befe06c3cc7bef233f1e41cb", 0x55}, {&(0x7f0000000940)="54c761578224c70cef8ca2365801c682724f7134ea99b88577ddb6b11a5a04de7c7fd60ae5ab4f03b99140914825b738fdd7461ef261", 0x36}, {&(0x7f0000000980)="84208319144242340fbfabcdd382af0b83cbb74c5b72c5f2813562b6119d8a0471d9903809536913e8bccd2ae99e9626b1153f9806562d50161df3aba53f669a77d4ad47b243fb24a0c11f3ba14c0f18bceeb3f271b6839256f9c0d8e9517f2847cd9ee8ab0cc69a150849d0844f4774cf981990014802065e354a05d1997e27ddab4730c858d21fa481e22308a675645e3979", 0x93}], 0x3, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @multicast1}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @remote, @multicast2}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x81}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xe4}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xe4}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xf}}, @ip_retopts={{0x54, 0x0, 0x7, {[@generic={0x88, 0xb, "e4bfb96aef6f94ab5e"}, @timestamp_prespec={0x44, 0xc, 0xd1, 0x3, 0x2, [{@loopback, 0xf6b5}]}, @rr={0x7, 0xb, 0x4, [@loopback, @dev={0xac, 0x14, 0x14, 0x2d}]}, @generic={0x44, 0x11, "e5adeddbdd6d1378fc68e783327e38"}, @timestamp={0x44, 0x10, 0x20, 0x0, 0x5, [0x0, 0x8, 0x4]}]}}}], 0x110}}], 0x3, 0xf00)

4.829300215s ago: executing program 2 (id=1704):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0xd, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xffffffff}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, 0x0, &(0x7f00000000c0))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x8000)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000240)='system.posix_acl_default\x00', 0x0, 0x2c, 0x0)
recvmmsg$unix(r3, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000180), 0x135880)
socket$key(0xf, 0x3, 0x2)
socket(0x2, 0x80805, 0x20000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000001"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, 0x0, &(0x7f0000000180)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000000)={r5, &(0x7f0000000280), 0x0}, 0x20)

4.801505894s ago: executing program 6 (id=1705):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback, 0x5}, 0x1c)
connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x0, 0x0, {0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x32)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r1, 0x29, 0x37, &(0x7f0000000000)=ANY=[], 0x8)
writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000002"], 0x48)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
sendto$inet6(r1, 0x0, 0x0, 0x8, &(0x7f0000000380)={0xa, 0x4e24, 0x413, @mcast2, 0x5de3}, 0x1c)

4.756816274s ago: executing program 4 (id=1706):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x0, 0x37}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={r4, 0xfffffd63, &(0x7f00000002c0)={0x0, 0x41, 0x0, &(0x7f00000003c0)=""/166, 0xab}}, 0x10)
r5 = syz_io_uring_setup(0x237, &(0x7f0000000240)={0x0, 0x8101, 0x0, 0x0, 0x24f}, &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000600)=<r7=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f00000001c0)={&(0x7f0000001000)={[{0x0, 0x0, 0x1}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x80, 0x3, 0x0, 0x9276, 0x0, 0x0, {0x1}})
io_uring_enter(r5, 0x47bc, 0x3bf6, 0x7, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000500)=""/74, 0xeeef0000})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
unshare(0x64000600)
ioctl$VHOST_SET_LOG_BASE(r2, 0x4008af04, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(0x0, 0x0, 0x1e)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

3.845954554s ago: executing program 3 (id=1707):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x144024, &(0x7f0000000100))

3.637164207s ago: executing program 6 (id=1708):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000000)=0x714, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f00000000c0)=0x49c2, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r4=>0x0})
sendmsg$can_raw(r3, &(0x7f0000000000)={&(0x7f0000000780)={0x1d, r4}, 0x10, &(0x7f0000000200)={&(0x7f0000000040)=@can={{0x0, 0x0, 0x0, 0x1}, 0x5, 0x1, 0x0, 0x0, "09151995c95f32cc"}, 0x10}}, 0x44001)
recvmmsg(r1, 0x0, 0x0, 0x2001, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440))
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r5, 0x11, 0x67, &(0x7f0000000200)=0x3, 0x4)
connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @empty}], 0x10)
sendmsg$inet_sctp(r6, &(0x7f0000000140)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000380)=[{&(0x7f00000001c0)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x4000891)
recvfrom(r6, 0x0, 0x0, 0x142, 0x0, 0x0)
setsockopt$sock_linger(r5, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r1, 0x0, 0x4000000)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6)
getpriority(0x0, r7)

3.503553755s ago: executing program 0 (id=1709):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000f80)=ANY=[@ANYBLOB="240000000408010400000000000000bb6f877f6c3b56eb93de9baab135000a0000000600"], 0x24}, 0x1, 0x0, 0x0, 0x20040404}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x74d, 0x0, 0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000240)=[{&(0x7f00000003c0)=""/219, 0xdb}], 0x1)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r5, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000b2"], 0x5b0}, 0x20008001)
sendmsg$inet6(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000022c0)="f14889c2ad234ad6f0a71da72859c7c1e176134eff431253493482c723f8633d838bf127adff9f48a8854702b889321dfefd5644a03e0e41fb1cd1e442ac39d59aa0370071b34de016c447989af4c7d374e269dcbc1ce5f7083363d5bb2641018094b1721358f7a6c82f35dd9ed03c7be3fc46e5ef7b1fde49376ecde0494076cbe41c8292de99cc323303fda797e0704d3143999a0f53c8c056f2d7c2614c1bd977cc3e42e07548870d6bf096bf0369ee6a3f85cb27ec069f135e88005eb6147c3c08e1c787c9b5f9579653b876d44f3eb55573068fd1355b6fb755d1a72cb8eddfb7928f40f81e88e41bd2b3477299f540275d5107cd0dcb493a6f84ddbb9b43a60169c9ce7abb46e2d65a662a4e48cfafe180fbad39ee09548985149d100a6df90948f173ee8d7884fe5a916395d9631d7c55a09db75724229f3f492aca7c60e7c0984e5e05d55524887462", 0x14d}], 0x1}, 0x20000044)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r4, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x4e, 0x0, &(0x7f0000000140)="cca9efaa32a4009ea301f8c4cd3e8a2800daf9f7fcadfe677fe774109efbab5e9a00a08f6145640ff49d2c711fdf719ea8daa38a5306ddbf11a6ed1b53f931d8853c57a829aababd627e4f252059"})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000000c0)={0x20, 0x0, &(0x7f0000000340)=[@request_death, @clear_death], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0xc, 0x0, &(0x7f0000000280)=[@dead_binder_done], 0x0, 0x0, 0x0})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(0x0, r3, 0x0)
io_uring_enter(r2, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f0000000040)=0xc, 0x4)

3.194003716s ago: executing program 3 (id=1710):
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r0, 0x0, 0x0)
sendmsg$alg(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724190000006f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0ed9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab778c50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b28448692686ac80d81a89f9c29e276800"/2574], &(0x7f0000000140)='GPL\x00'}, 0x48)
r3 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r3, 0x0, 0x20000811)
r4 = socket$kcm(0x29, 0x2, 0x0)
writev(r4, &(0x7f0000000480)=[{&(0x7f00000001c0)="13", 0x1}], 0x1)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000040)={r3, r2})
ioctl$sock_kcm_SIOCKCMUNATTACH(r4, 0x89e1, &(0x7f0000000340)={r3})
close_range(r1, 0xffffffffffffffff, 0x0)

2.204556144s ago: executing program 0 (id=1711):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$pokeuser(0x6, r0, 0x358, 0x800000000000)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000000b80)=@newqdisc={0x88, 0x24, 0x3fe3aa0262d8c59b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x6, 0x10}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0xb, [0x10, 0x10, 0x1, 0xc, 0xc, 0xd, 0x9, 0xc, 0xe, 0xd, 0xc, 0x2, 0xb, 0xa, 0xa, 0x3], 0x0, [0xb, 0x9ccd, 0x401, 0x81, 0x8, 0x9, 0xb6b, 0x0, 0xc7, 0xffff, 0xe0, 0x3, 0x6, 0x2, 0x32, 0x10], [0x6, 0x8, 0x3, 0xcc16, 0xfffa, 0x6, 0x3, 0x4, 0x8, 0x415, 0x2, 0x1, 0xfff8, 0x9, 0x1, 0x4]}}}}]}, 0x88}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
setuid(0xee00)
faccessat2(0xffffffffffffffff, 0x0, 0x0, 0x100)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)={0x88, r4, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x6a, 0x33, @beacon={{{}, {0xde1}, @broadcast}, 0x0, @default, 0x4001, @void, @val, @val={0x3, 0x1, 0xe}, @val={0x4, 0x6, {0x10, 0x97, 0x0, 0x2}}, @void, @val={0x5, 0x3, {0x0, 0x37, 0x2}}, @void, @val={0x2a, 0x1, {0x1, 0x1}}, @void, @val={0x2d, 0x1a, {0x2, 0x0, 0x3, 0x0, {0x2, 0xf34, 0x0, 0x1, 0x0, 0x1, 0x1, 0x3}, 0x7, 0x6, 0x4}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0xfc, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x9, 0x28}}, @void}}]}, 0x88}, 0x1, 0x0, 0x0, 0x880}, 0x0)

2.092655673s ago: executing program 6 (id=1712):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x0, 0x37}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={r4, 0xfffffd63, &(0x7f00000002c0)={0x0, 0x41, 0x0, &(0x7f00000003c0)=""/166, 0xab}}, 0x10)
r5 = syz_io_uring_setup(0x237, &(0x7f0000000240)={0x0, 0x8101, 0x0, 0x0, 0x24f}, &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000600)=<r7=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f00000001c0)={&(0x7f0000001000)={[{0x0, 0x0, 0x1}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x80, 0x3, 0x0, 0x9276, 0x0, 0x0, {0x1}})
io_uring_enter(r5, 0x47bc, 0x3bf6, 0x7, 0x0, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000500)=""/74, 0xeeef0000})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
unshare(0x64000600)
ioctl$VHOST_SET_LOG_BASE(r2, 0x4008af04, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
syz_80211_inject_frame(0x0, 0x0, 0x1e)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

2.091537003s ago: executing program 3 (id=1713):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='io\x00')
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x20d2, &(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRES64=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x2b, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='kvm_dirty_ring_reset\x00', r1}, 0x18)
ftruncate(0xffffffffffffffff, 0x0)
clock_gettime(0x0, &(0x7f0000000140))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000d80)=@e={0xff, 0xa, 0x0, 0x0, @SEQ_NOTEON=@special})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0000001000370400000000ffffffff00000000", @ANYRES32=0x0, @ANYBLOB="0b120500000000001c0012800b00010062726964676500000c00028008000400650c0000"], 0x3c}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x368, 0x1d0, 0x11, 0x148, 0x0, 0x0, 0x2d0, 0x2a8, 0x2a8, 0x2d0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x188, 0x1d0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv4=@remote, [0xffffff00, 0xff, 0xffffff00], @ipv6=@dev={0xfe, 0x80, '\x00', 0xe}, [0x0, 0xffffff00], @ipv4=@private=0xa010100, [0xffffff00, 0x0, 0xffffff00], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xff000000, 0xff000000, 0xff], 0x8, 0x6, 0x5e, 0x4e21, 0x4e23, 0x4e24, 0x4e21}, 0x40, 0x8e0}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0xffffffff, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@addrtype={{0x30}, {0x242, 0x75f65a4e97d6873f, 0x1}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x3, 0x6, 0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)
preadv(r0, &(0x7f0000000500)=[{&(0x7f0000000a40)=""/161, 0xa1}, {&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f0000000940)=""/206, 0xce}], 0x3, 0x401, 0x6)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_emit_ethernet(0x66, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
openat$binfmt_format(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

1.676608075s ago: executing program 0 (id=1714):
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000004440)=""/5)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x800000000a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000140)={0x0, <r1=>0x0})
fcntl$lock(r0, 0x24, &(0x7f0000000180)={0x2, 0x6, 0x8000000000000000, 0xe, r1})
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000fcffffff0000000000000000850000004100000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000004000002850000008600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x0, 0xe, 0x0, &(0x7f0000000480)="74111d7afab1a0ba8dd107396867", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r5, &(0x7f0000000240)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x11, r5, 0x0)
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r6, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @null, @null]}, 0x48)
eventfd(0x401)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f00000005c0))

1.609946332s ago: executing program 3 (id=1715):
lsm_set_self_attr(0x65, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x20, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r0, &(0x7f00000002c0)="f9", 0x1, 0x40, &(0x7f0000000040)={0xa, 0x0, 0xfffffffc, @rand_addr=' \x01\x00'}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x4, 0x5}, &(0x7f0000000240)=0x18)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)=<r1=>0x0)
prlimit64(r1, 0x2, &(0x7f0000000140)={0x0, 0x100000000000008b}, 0x0)
socket(0x28, 0x5, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r3, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x81, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f000000a200)='afs_cell\x00', r4}, 0x10)
r5 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000300)='source', &(0x7f00000000c0)='%(,:', 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=ANY=[@ANYBLOB="180200000000000000000000cfffffff850000001700000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'dummy0\x00', <r8=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r6, r8, 0x25, 0x2, @void}, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
bpf$LINK_DETACH(0x22, 0x0, 0x0)

1.498695488s ago: executing program 2 (id=1716):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x42002, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r0 = open(&(0x7f00000000c0)='./cgroup/../file0\x00', 0x284800, 0x30)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x4, r0})
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x6d5)
socket$vsock_stream(0x28, 0x1, 0x0)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x28}}, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="200000001000010700000000e9ffffff0a0000000c0002006e6c3830323131"], 0x20}}, 0x0)
recvmmsg(r4, &(0x7f000001f240)=[{{&(0x7f0000000240)=@ieee802154={0x24, @long}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000040)=""/64, 0x40}, {&(0x7f0000000340)=""/88, 0x58}, {&(0x7f0000000480)=""/143, 0x8f}, {&(0x7f0000000600)=""/188, 0xbc}], 0x4, &(0x7f0000000740)=""/9, 0x9}, 0x5}, {{&(0x7f0000000780)=@generic, 0x80, 0x0}, 0x400}, {{0x0, 0x0, &(0x7f0000000cc0), 0x0, &(0x7f0000000d40)=""/180, 0xb4}, 0xf}, {{&(0x7f0000000e00)=@alg, 0x80, &(0x7f0000001f40)=[{&(0x7f0000000e80)=""/140, 0x8c}, {0x0}], 0x2, &(0x7f0000001f80)=""/97, 0x61}, 0x5b9}, {{0x0, 0x0, 0x0}, 0x1ea7}, {{0x0, 0x0, &(0x7f000001b580)=[{0x0}], 0x1}, 0x6}, {{&(0x7f000001b5c0)=@l2={0x1f, 0x0, @fixed}, 0x80, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f000001cd40)=[{&(0x7f000001b800)=""/165, 0xa5}, {0x0}, {&(0x7f000001b980)=""/194, 0xc2}, {&(0x7f000001f4c0)=""/237, 0xed}, {&(0x7f000001cb80)=""/234, 0xea}, {0x0}], 0x6, &(0x7f000001cdc0)=""/229, 0xe5}, 0x100}, {{0x0, 0x0, &(0x7f000001d140)}, 0xe}, {{&(0x7f000001d180)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f000001e200), 0x0, &(0x7f000001e240)=""/4096, 0x1000}, 0x2}], 0xa, 0x0, 0x0)

1.112988198s ago: executing program 0 (id=1717):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x20088004, 0x0, 0x0)
open_tree(0xffffffffffffffff, 0x0, 0x100)
sendto$inet6(r4, &(0x7f00000009c0), 0x0, 0xc001, 0x0, 0x0)
setsockopt$inet6_udp_int(r4, 0x11, 0x1, &(0x7f0000000080), 0x4)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCSPASS(r5, 0x40107447, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x50, 0xff, 0x0, 0xffeffffd}]})

339.398798ms ago: executing program 2 (id=1718):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x304}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be4bae", "bb10000000000001"}, 0x28)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec21, 0x1000, 0x400001, 0x40000333}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
syz_usb_connect(0x5, 0x21e, &(0x7f00000006c0)={{0x12, 0x1, 0x201, 0x5a, 0xbc, 0xb8, 0x8, 0x2040, 0x200a, 0x9aa4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x20c, 0x1, 0x1, 0xf, 0x20, 0x19, [{{0x9, 0x4, 0xa6, 0x5, 0xa, 0xb9, 0xd0, 0x38, 0x3, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "bd5996d2a6"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x1c9, 0x11, 0x7f, 0x9}, [@network_terminal={0x7, 0x24, 0xa, 0x47, 0xaa, 0xd, 0xd9}, @dmm={0x7, 0x24, 0x14, 0x7ff, 0x80}, @network_terminal={0x7, 0x24, 0xa, 0x0, 0x5, 0x14, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0x6, 0x9, 0x4, 0xb}]}], [{{0x9, 0x5, 0x80, 0x3, 0x3ff, 0x7, 0xf, 0x5}}, {{0x9, 0x5, 0x5, 0x0, 0x10, 0xe3, 0x8, 0xf, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x6e, 0x7f}, @generic={0x32, 0x30, "4252fb304719aaf18c6f602a1d1aef7dfbaa5ef412f05b07b642db178b198ef9ac8170cec1b5ba0a8460835060e42eef"}]}}, {{0x9, 0x5, 0x3, 0xc612f6e03fc75a61, 0x20, 0x9, 0x6, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0xb8}]}}, {{0x9, 0x5, 0x0, 0x8, 0x400, 0xff, 0x9, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x10, 0x101}]}}, {{0x9, 0x5, 0x8, 0x0, 0x20, 0x3, 0xf8, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x8, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x6, 0x7ff}]}}, {{0x9, 0x5, 0xb, 0x10, 0x10, 0x80, 0x4, 0xb, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x5, 0x80}]}}, {{0x9, 0x5, 0x0, 0x8, 0x40, 0xd, 0x9, 0x8, [@generic={0xf7, 0x5, "703d105a1fcb2a74351a804723a9f8292319b12cb9d106a3b0c687de5b71c21c02e680ab2065085781505c312e379a89d1faa2ec1126568f74d0838ddecb8075d42b32f96f65b1d172ebced0967d1ad1a73efc5ee64ab18b2ed8466b12142459503f8e2f60170f80ed2037f159304bdc3e78ff8e5f313e3d1889cf84351e209f5e9b6b1675b84eb0c302c0d9b6541c38329c46d72b64b98938cec415622246a0767ba81762a43d232ecf6cbcccc983575f8133e8aaae047bc4b85a78e36d4fcc45e23711ea1cf8e902f17374b20f0c96bcab6295e985795013c48ca9f8cf641739470e6d79265736e321610d073db557d5b490cda3"}]}}, {{0x9, 0x5, 0x8, 0x10, 0x40, 0x2, 0x7, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xd3}]}}, {{0x9, 0x5, 0x80, 0x2, 0x200, 0x80, 0x9, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x1, 0x3}]}}, {{0x9, 0x5, 0x9, 0x1, 0x40, 0x5b, 0x0, 0x8}}]}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x6, 0x5, 0x0, 0xff, 0x1}, 0x5, &(0x7f0000000100)={0x5, 0xf, 0x5}, 0x2, [{0x7, &(0x7f0000000140)=@string={0x7, 0x3, "d3bcaaef14"}}, {0xcf, &(0x7f0000000240)=@string={0xcf, 0x3, "fc2926906806b69721dc7da20e86f845ecd375ccea5dacd0c17daaf250a221b24f73f49cf1ac05a955f4e3c76254aaf72c12365b1e4a194e31d9ebfbcad2f377dff998c7f4eeff7fe6a7b1b03d9197dd065448f95658e98f816288744179d085f031be705c6c6a958d0a3711520d7ef32e11678eeabd186809e1148208340ed18399509aa88dbda9b0b0819eecbceca16526321bbac828ca61ba549b426b5262dcaa7b21da1e88f8df72c3e9a251bdd667686353ff029da29414bdf7a0376ca61250b19f77fae98d4cdaf879d0"}}]})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CLOSE={0x13, 0x90, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r2}})
syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x118, &(0x7f0000000380)=0x1, 0x0, 0x4)

66.444754ms ago: executing program 0 (id=1719):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x50, 0x1)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, <r1=>0x0, 0x0, 0x0, 0x6, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GETFB(r0, 0xc01c64ad, &(0x7f0000000300)={r1})

0s ago: executing program 0 (id=1720):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0xd, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0xffffffff}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, 0x0, &(0x7f00000000c0))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x8000)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000000240)='system.posix_acl_default\x00', 0x0, 0x2c, 0x0)
recvmmsg$unix(r3, &(0x7f0000002380)=[{{0x0, 0x4000000, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0xecc}], 0x1}}], 0x8, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000180), 0x135880)
socket$key(0xf, 0x3, 0x2)
socket(0x2, 0x80805, 0x20000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, 0x0, &(0x7f0000000180)}, 0x20)

kernel console output (not intermixed with test programs):

bject_add+0x16e/0x240
[  469.253411][T11150]  ? __pfx_kobject_add+0x10/0x10
[  469.253438][T11150]  ? kobject_put+0xab/0x5a0
[  469.253466][T11150]  device_add+0x288/0x1aa0
[  469.253490][T11150]  ? __pfx_dev_set_name+0x10/0x10
[  469.253516][T11150]  ? __pfx_device_add+0x10/0x10
[  469.253540][T11150]  ? mgmt_send_event_skb+0x2fb/0x460
[  469.253572][T11150]  hci_conn_add_sysfs+0x17e/0x230
[  469.253598][T11150]  le_conn_complete_evt+0x1075/0x1d70
[  469.253624][T11150]  ? preempt_count_sub+0x150/0x160
[  469.253652][T11150]  ? find_held_lock+0x2b/0x80
[  469.253674][T11150]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  469.253698][T11150]  ? hci_event_packet+0x459/0x11c0
[  469.253729][T11150]  ? __mutex_unlock_slowpath+0x163/0x800
[  469.253754][T11150]  hci_le_conn_complete_evt+0x23c/0x370
[  469.253788][T11150]  hci_le_meta_evt+0x354/0x5e0
[  469.253815][T11150]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  469.253843][T11150]  hci_event_packet+0x682/0x11c0
[  469.253870][T11150]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  469.253900][T11150]  ? __pfx_hci_event_packet+0x10/0x10
[  469.253931][T11150]  ? kcov_remote_start+0x3d9/0x6d0
[  469.253957][T11150]  hci_rx_work+0x2c5/0x16b0
[  469.253981][T11150]  process_one_work+0x9cc/0x1b70
[  469.254017][T11150]  ? __pfx_process_one_work+0x10/0x10
[  469.254046][T11150]  ? assign_work+0x1a0/0x250
[  469.254067][T11150]  worker_thread+0x6c8/0xf10
[  469.254094][T11150]  ? __kthread_parkme+0x19e/0x250
[  469.254121][T11150]  ? __pfx_worker_thread+0x10/0x10
[  469.254141][T11150]  kthread+0x3c5/0x780
[  469.254161][T11150]  ? __pfx_kthread+0x10/0x10
[  469.254182][T11150]  ? rcu_is_watching+0x12/0xc0
[  469.254205][T11150]  ? __pfx_kthread+0x10/0x10
[  469.254225][T11150]  ret_from_fork+0x5d7/0x6f0
[  469.254242][T11150]  ? __pfx_kthread+0x10/0x10
[  469.254260][T11150]  ret_from_fork_asm+0x1a/0x30
[  469.254296][T11150]  </TASK>
[  469.254495][T11150] kobject: kobject_add_internal failed for hci6:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  469.516042][T11150] Bluetooth: hci6: failed to register connection device
[  469.541303][  T918] usb 6-1: config 1 interface 141 altsetting 7 endpoint 0x8A has an invalid bInterval 84, changing to 10
[  469.570286][  T918] usb 6-1: config 1 interface 141 altsetting 7 endpoint 0x8A has invalid maxpacket 50773, setting to 1024
[  469.596611][  T918] usb 6-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  469.619667][  T918] usb 6-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x2, skipping
[  469.645052][  T918] usb 6-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  469.839586][  T918] usb 6-1: config 1 interface 141 altsetting 7 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  469.869582][  T918] usb 6-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xC, skipping
[  469.903190][  T918] usb 6-1: config 1 interface 141 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  469.937377][  T918] usb 6-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  469.994996][  T918] usb 6-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  470.058394][  T918] usb 6-1: config 1 interface 141 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  470.159200][  T918] usb 6-1: config 1 interface 141 altsetting 7 has 14 endpoint descriptors, different from the interface descriptor's value: 13
[  470.213377][  T918] usb 6-1: config 1 interface 166 has no altsetting 0
[  470.251986][  T918] usb 6-1: config 1 interface 141 has no altsetting 0
[  470.401134][   T13] wlan1: Trigger new scan to find an IBSS to join
[  470.419013][  T918] usb 6-1: string descriptor 0 read error: -71
[  470.433065][  T918] usb 6-1: New USB device found, idVendor=2040, idProduct=200a, bcdDevice=9a.a4
[  470.540223][ T5911] usb 5-1: USB disconnect, device number 38
[  470.554375][  T918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.569296][T13212] loop9: detected capacity change from 0 to 7
[  470.593794][T13212] Dev loop9: unable to read RDB block 7
[  470.623222][T13212]  loop9: unable to read partition table
[  470.655428][  T918] usb 6-1: can't set config #1, error -71
[  470.690278][  T918] usb 6-1: USB disconnect, device number 4
[  470.815809][T13212] loop9: partition table beyond EOD, truncated
[  470.850448][T13212] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  471.670485][T13227] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  472.039090][T13233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  472.639856][ T5953] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  472.844061][ T5953] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  473.002747][T13322] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  473.796384][ T5953] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  473.816362][ T5953] usb 4-1: config 0 interface 0 has no altsetting 0
[  473.829824][ T5953] usb 4-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  473.838857][ T5953] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.990698][ T5953] usb 4-1: config 0 descriptor??
[  474.179853][  T918] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  474.582653][ T5062] wlan1: Trigger new scan to find an IBSS to join
[  474.584406][ T5953] hid_parser_main: 73 callbacks suppressed
[  474.584421][ T5953] hid-steam 0003:28DE:1102.000A: unknown main item tag 0x0
[  474.861312][ T5953] hid-steam 0003:28DE:1102.000A: unknown main item tag 0x0
[  474.870738][ T5953] hid-steam 0003:28DE:1102.000A: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.3-1/input0
[  475.064384][ T5953] hid-steam 0003:28DE:1102.000A: Steam Controller 'XXXXXXXXXX' connected
[  475.080617][  T918] usb 6-1: Using ep0 maxpacket: 8
[  475.084162][ T5953] input: Steam Controller as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28DE:1102.000A/input/input37
[  475.101840][  T918] usb 6-1: config 1 has an invalid interface number: 166 but max is 1
[  475.103270][T13357] mkiss: ax0: crc mode is auto.
[  475.140216][ T5953] hid-steam 0003:28DE:1102.000B: unknown main item tag 0x0
[  475.159575][  T918] usb 6-1: config 1 has an invalid interface number: 141 but max is 1
[  475.159774][ T5953] hid-steam 0003:28DE:1102.000B: unknown main item tag 0x0
[  475.195974][  T918] usb 6-1: config 1 has no interface number 0
[  475.228171][  T918] usb 6-1: config 1 has no interface number 1
[  475.256640][  T918] usb 6-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  475.278069][  T918] usb 6-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  475.289705][  T918] usb 6-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  475.320210][ T5953] hid-steam 0003:28DE:1102.000B: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.3-1/input0
[  475.346970][  T918] usb 6-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  475.384196][  T918] usb 6-1: config 1 interface 166 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[  475.384222][  T918] usb 6-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  475.384243][  T918] usb 6-1: config 1 interface 166 altsetting 5 endpoint 0x9 has an invalid bInterval 91, changing to 7
[  475.384270][  T918] usb 6-1: config 1 interface 166 altsetting 5 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  475.384307][  T918] usb 6-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0x12, changing to 0x2
[  475.384330][  T918] usb 6-1: config 1 interface 141 altsetting 7 bulk endpoint 0x2 has invalid maxpacket 32
[  475.384377][  T918] usb 6-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  475.384400][  T918] usb 6-1: config 1 interface 141 altsetting 7 endpoint 0x8A has an invalid bInterval 84, changing to 10
[  475.384424][  T918] usb 6-1: config 1 interface 141 altsetting 7 endpoint 0x8A has invalid maxpacket 50773, setting to 1024
[  475.384449][  T918] usb 6-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  475.384471][  T918] usb 6-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x2, skipping
[  475.384487][  T918] usb 6-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  475.384503][  T918] usb 6-1: config 1 interface 141 altsetting 7 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  475.384529][  T918] usb 6-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xC, skipping
[  475.384572][  T918] usb 6-1: config 1 interface 141 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  475.384592][  T918] usb 6-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  475.384612][  T918] usb 6-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  475.384632][  T918] usb 6-1: config 1 interface 141 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  475.384654][  T918] usb 6-1: config 1 interface 141 altsetting 7 has 14 endpoint descriptors, different from the interface descriptor's value: 13
[  475.384677][  T918] usb 6-1: config 1 interface 166 has no altsetting 0
[  475.384693][  T918] usb 6-1: config 1 interface 141 has no altsetting 0
[  475.386534][  T918] usb 6-1: New USB device found, idVendor=2040, idProduct=200a, bcdDevice=9a.a4
[  475.386579][  T918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.386599][  T918] usb 6-1: Product: syz
[  475.386614][  T918] usb 6-1: Manufacturer: ⧼逦٨鞶ꉽ蘎䗸포챵巪킬緁ꉐ눡獏鳴곱꤅쟣呢ሬ嬶䨞丙ﯫ틊石履잘翿꟦낱鄽吆賂塖迩抁璈祁藐ㇰ炾汜镪ઍᄷ൒ᄮ蹧뷪栘舔㐈턎馃驐趨ꦽ낰麁볬ꇬ♥ᬲ좺쨨멡魔歂扒ꫜⅻỚ狟冢횽桧卣˿ꊝᒔ㞠Ꙭ倒龱勺跩秸
[  475.386645][  T918] usb 6-1: SerialNumber: syz
[  475.466715][ T5953] usb 4-1: USB disconnect, device number 22
[  475.566769][ T5953] hid-steam 0003:28DE:1102.000A: Steam Controller 'XXXXXXXXXX' disconnected
[  475.709452][  T918] smsusb:smsusb_probe: board id=9, interface number 166
[  475.793093][  T918] smsusb:smsusb_probe: board id=9, interface number 141
[  475.989977][ T5847] Bluetooth: hci6: command 0x0406 tx timeout
[  476.321478][  T918] usb 6-1: USB disconnect, device number 5
[  476.329403][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  476.619127][T13443] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1169'.
[  478.089906][  T918] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  478.239848][  T918] usb 3-1: Using ep0 maxpacket: 32
[  478.247632][  T918] usb 3-1: config 211 has an invalid descriptor of length 0, skipping remainder of the config
[  478.253646][  T918] usb 3-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=7c.8a
[  478.253667][  T918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  478.253679][  T918] usb 3-1: Product: syz
[  478.253687][  T918] usb 3-1: Manufacturer: syz
[  478.253695][  T918] usb 3-1: SerialNumber: syz
[  478.267397][  T918] mct_u232 3-1:211.0: MCT U232 converter detected
[  478.268656][  T918] mct_u232 ttyUSB0: expected endpoint missing
[  478.573422][T13489] loop9: detected capacity change from 0 to 7
[  478.610926][T13489] Dev loop9: unable to read RDB block 7
[  478.610967][T13489]  loop9: unable to read partition table
[  478.611050][T13489] loop9: partition table beyond EOD, truncated
[  478.611064][T13489] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  479.350900][T13507] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  479.673084][T13522] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1177'.
[  479.723592][ T5845] usb 3-1: USB disconnect, device number 27
[  479.758020][ T5845] mct_u232 3-1:211.0: device disconnected
[  479.897148][   T30] audit: type=1400 audit(1755203063.943:3981): avc:  denied  { unmount } for  pid=5856 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  480.057404][   T30] audit: type=1400 audit(1755203064.103:3982): avc:  denied  { create } for  pid=13535 comm="syz.2.1180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  480.077642][    C1] vkms_vblank_simulate: vblank timer overrun
[  480.106809][   T30] audit: type=1400 audit(1755203064.143:3983): avc:  denied  { write } for  pid=13535 comm="syz.2.1180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  480.126959][    C1] vkms_vblank_simulate: vblank timer overrun
[  480.133539][   T30] audit: type=1400 audit(1755203064.143:3984): avc:  denied  { nlmsg_write } for  pid=13535 comm="syz.2.1180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  480.166502][   T30] audit: type=1400 audit(1755203064.213:3985): avc:  denied  { name_bind } for  pid=13535 comm="syz.2.1180" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  480.193828][   T30] audit: type=1400 audit(1755203064.243:3986): avc:  denied  { connect } for  pid=13535 comm="syz.2.1180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  480.232020][   T30] audit: type=1400 audit(1755203064.263:3987): avc:  denied  { write } for  pid=13535 comm="syz.2.1180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  480.320919][ T5845] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  480.372563][T13549] FAULT_INJECTION: forcing a failure.
[  480.372563][T13549] name failslab, interval 1, probability 0, space 0, times 0
[  480.385493][T13549] CPU: 0 UID: 0 PID: 13549 Comm: syz.2.1183 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) 
[  480.385518][T13549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  480.385527][T13549] Call Trace:
[  480.385537][T13549]  <TASK>
[  480.385543][T13549]  dump_stack_lvl+0x16c/0x1f0
[  480.385564][T13549]  should_fail_ex+0x512/0x640
[  480.385580][T13549]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  480.385594][T13549]  should_failslab+0xc2/0x120
[  480.385607][T13549]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  480.385618][T13549]  ? skb_clone+0x190/0x3f0
[  480.385632][T13549]  skb_clone+0x190/0x3f0
[  480.385643][T13549]  nfnetlink_rcv_batch+0x1cf/0x2330
[  480.385664][T13549]  ? __lock_acquire+0x62e/0x1ce0
[  480.385683][T13549]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  480.385707][T13549]  ? avc_has_perm_noaudit+0x149/0x3b0
[  480.385721][T13549]  ? __asan_memset+0x23/0x50
[  480.385742][T13549]  ? __nla_validate_parse+0x600/0x2880
[  480.385761][T13549]  ? __pfx___nla_validate_parse+0x10/0x10
[  480.385778][T13549]  ? cap_capable+0xb3/0x250
[  480.385793][T13549]  ? __nla_parse+0x40/0x60
[  480.385810][T13549]  nfnetlink_rcv+0x3c1/0x430
[  480.385825][T13549]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  480.385844][T13549]  netlink_unicast+0x5a7/0x870
[  480.385858][T13549]  ? __pfx_netlink_unicast+0x10/0x10
[  480.385870][T13549]  ? security_socket_getpeersec_dgram+0xe8/0x290
[  480.385892][T13549]  netlink_sendmsg+0x8d1/0xdd0
[  480.385907][T13549]  ? __pfx_netlink_sendmsg+0x10/0x10
[  480.385924][T13549]  ____sys_sendmsg+0xa98/0xc70
[  480.385939][T13549]  ? copy_msghdr_from_user+0x10a/0x160
[  480.385950][T13549]  ? __pfx_____sys_sendmsg+0x10/0x10
[  480.385970][T13549]  ___sys_sendmsg+0x134/0x1d0
[  480.385982][T13549]  ? __pfx____sys_sendmsg+0x10/0x10
[  480.386009][T13549]  __sys_sendmsg+0x16d/0x220
[  480.386020][T13549]  ? __pfx___sys_sendmsg+0x10/0x10
[  480.386030][T13549]  ? __pfx___schedule+0x10/0x10
[  480.386056][T13549]  do_syscall_64+0xcd/0x4c0
[  480.386069][T13549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.386080][T13549] RIP: 0033:0x7fd38bd8ebe9
[  480.386089][T13549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  480.386100][T13549] RSP: 002b:00007fd38cc4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  480.386111][T13549] RAX: ffffffffffffffda RBX: 00007fd38bfb6090 RCX: 00007fd38bd8ebe9
[  480.386118][T13549] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000004
[  480.386124][T13549] RBP: 00007fd38cc4e090 R08: 0000000000000000 R09: 0000000000000000
[  480.386130][T13549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  480.386137][T13549] R13: 00007fd38bfb6128 R14: 00007fd38bfb6090 R15: 00007ffff1484be8
[  480.386150][T13549]  </TASK>
[  480.726750][   T30] audit: type=1400 audit(1755203064.773:3988): avc:  denied  { execmem } for  pid=13545 comm="syz.2.1183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  480.791316][ T5845] usb 1-1: Using ep0 maxpacket: 8
[  480.811508][ T5845] usb 1-1: config 1 has an invalid interface number: 166 but max is 1
[  481.028371][ T5845] usb 1-1: config 1 has an invalid interface number: 141 but max is 1
[  481.038839][ T5845] usb 1-1: config 1 has no interface number 0
[  481.047720][ T5845] usb 1-1: config 1 has no interface number 1
[  481.054410][ T5845] usb 1-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  481.068500][ T5845] usb 1-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  481.080697][ T5845] usb 1-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  481.094020][ T5845] usb 1-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  481.106609][ T5845] usb 1-1: config 1 interface 166 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[  481.159858][ T5953] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  481.174066][ T5845] usb 1-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  481.236000][ T5845] usb 1-1: config 1 interface 166 altsetting 5 endpoint 0x9 has an invalid bInterval 91, changing to 7
[  481.251009][ T5845] usb 1-1: config 1 interface 166 altsetting 5 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  481.259885][   T10] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  481.276036][ T5845] usb 1-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0x12, changing to 0x2
[  481.289252][ T5845] usb 1-1: config 1 interface 141 altsetting 7 bulk endpoint 0x2 has invalid maxpacket 32
[  481.289471][T13569] netlink: 'syz.5.1186': attribute type 10 has an invalid length.
[  481.307634][ T5845] usb 1-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  481.307702][ T5845] usb 1-1: config 1 interface 141 altsetting 7 endpoint 0x8A has an invalid bInterval 84, changing to 10
[  481.307771][ T5845] usb 1-1: config 1 interface 141 altsetting 7 endpoint 0x8A has invalid maxpacket 50773, setting to 1024
[  481.344333][ T5845] usb 1-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  481.350698][T13569] team0: Port device dummy0 added
[  481.359830][ T5845] usb 1-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x2, skipping
[  481.378464][ T5845] usb 1-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  481.378749][ T5953] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  481.404097][ T5953] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.458468][ T5845] usb 1-1: config 1 interface 141 altsetting 7 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  481.470213][ T5953] usb 4-1: config 0 descriptor??
[  481.502189][ T5845] usb 1-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xC, skipping
[  481.535877][ T5953] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  481.550991][   T10] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  481.574232][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.574336][ T5845] usb 1-1: config 1 interface 141 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  481.599161][ T5845] usb 1-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  481.617640][ T5845] usb 1-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  481.623303][T13573] netlink: 'syz.2.1187': attribute type 10 has an invalid length.
[  481.682969][ T5845] usb 1-1: config 1 interface 141 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  481.687274][   T10] usb 5-1: config 0 descriptor??
[  481.720449][   T10] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  481.721961][ T5845] usb 1-1: config 1 interface 141 altsetting 7 has 14 endpoint descriptors, different from the interface descriptor's value: 13
[  481.757365][ T5845] usb 1-1: config 1 interface 166 has no altsetting 0
[  481.778344][ T5845] usb 1-1: config 1 interface 141 has no altsetting 0
[  481.803348][ T5845] usb 1-1: New USB device found, idVendor=2040, idProduct=200a, bcdDevice=9a.a4
[  481.815366][ T5845] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.824587][ T5845] usb 1-1: Product: syz
[  481.829554][ T5845] usb 1-1: Manufacturer: ⧼逦٨鞶ꉽ蘎䗸포챵巪킬緁ꉐ눡獏鳴곱꤅쟣呢ሬ嬶䨞丙ﯫ틊石履잘翿꟦낱鄽吆賂塖迩抁璈祁藐ㇰ炾汜镪ઍᄷ൒ᄮ蹧뷪栘舔㐈턎馃驐趨ꦽ낰麁볬ꇬ♥ᬲ좺쨨멡魔歂扒ꫜⅻỚ狟冢횽桧卣˿ꊝᒔ㞠Ꙭ倒龱勺跩秸
[  481.932890][ T5845] usb 1-1: SerialNumber: syz
[  482.177387][ T5845] smsusb:smsusb_probe: board id=9, interface number 166
[  482.412044][ T5845] smsusb:smsusb_probe: board id=9, interface number 141
[  482.596569][ T5845] usb 1-1: USB disconnect, device number 29
[  483.075623][T13606] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1189'.
[  483.675472][ T5953] usb 4-1: USB disconnect, device number 23
[  484.153759][   T10] usb 5-1: USB disconnect, device number 39
[  484.553173][   T10] usb 5-1: new low-speed USB device number 40 using dummy_hcd
[  484.705915][T13644] netlink: 76 bytes leftover after parsing attributes in process `syz.5.1194'.
[  484.717417][T13644] hsr_slave_0: left promiscuous mode
[  484.751105][T13644] hsr_slave_1: left promiscuous mode
[  484.760707][   T10] usb 5-1: device descriptor read/64, error -71
[  484.883461][T13645] loop9: detected capacity change from 0 to 7
[  484.940417][T13645] Dev loop9: unable to read RDB block 7
[  484.946207][T13645]  loop9: unable to read partition table
[  484.952819][T13645] loop9: partition table beyond EOD, truncated
[  484.959304][T13645] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  485.042975][   T10] usb 5-1: new low-speed USB device number 41 using dummy_hcd
[  485.289893][   T10] usb 5-1: device descriptor read/64, error -71
[  485.413232][   T10] usb usb5-port1: attempt power cycle
[  485.846599][   T30] audit: type=1400 audit(1755203069.893:3989): avc:  denied  { write } for  pid=13658 comm="syz.0.1197" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  485.880357][   T10] usb 5-1: new low-speed USB device number 42 using dummy_hcd
[  485.920795][   T10] usb 5-1: device descriptor read/8, error -71
[  486.189960][   T10] usb 5-1: new low-speed USB device number 43 using dummy_hcd
[  486.232986][   T10] usb 5-1: device descriptor read/8, error -71
[  486.353671][   T10] usb usb5-port1: unable to enumerate USB device
[  486.527043][T13670] loop9: detected capacity change from 0 to 7
[  486.595221][T13670] Dev loop9: unable to read RDB block 7
[  486.601003][T13670]  loop9: unable to read partition table
[  486.639450][T13670] loop9: partition table beyond EOD, truncated
[  486.653940][T13670] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  487.209805][   T24] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  487.384839][   T24] usb 4-1: Using ep0 maxpacket: 8
[  487.626146][   T24] usb 4-1: config 1 has an invalid interface number: 166 but max is 1
[  487.647264][   T24] usb 4-1: config 1 has an invalid interface number: 141 but max is 1
[  487.712109][   T24] usb 4-1: config 1 has no interface number 0
[  487.756861][   T24] usb 4-1: config 1 has no interface number 1
[  487.817007][   T24] usb 4-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  487.906446][   T24] usb 4-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  488.018780][   T24] usb 4-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  488.173644][   T24] usb 4-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  488.210530][T13710] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1205'.
[  488.221479][T13710] bridge0: left allmulticast mode
[  488.252178][   T24] usb 4-1: config 1 interface 166 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[  488.284377][   T24] usb 4-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  488.316574][   T24] usb 4-1: config 1 interface 166 altsetting 5 endpoint 0x9 has an invalid bInterval 91, changing to 7
[  488.350169][   T24] usb 4-1: config 1 interface 166 altsetting 5 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  488.397848][   T24] usb 4-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0x12, changing to 0x2
[  488.435106][   T24] usb 4-1: config 1 interface 141 altsetting 7 bulk endpoint 0x2 has invalid maxpacket 32
[  488.462067][   T24] usb 4-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  488.493774][   T24] usb 4-1: config 1 interface 141 altsetting 7 endpoint 0x8A has an invalid bInterval 84, changing to 10
[  488.528971][   T24] usb 4-1: config 1 interface 141 altsetting 7 endpoint 0x8A has invalid maxpacket 50773, setting to 1024
[  488.561376][   T24] usb 4-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  488.588372][   T24] usb 4-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x2, skipping
[  488.618976][   T24] usb 4-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  488.651174][   T24] usb 4-1: config 1 interface 141 altsetting 7 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  488.685616][   T24] usb 4-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xC, skipping
[  488.714365][   T24] usb 4-1: config 1 interface 141 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  488.742776][   T24] usb 4-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  488.772173][   T24] usb 4-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  488.800186][   T24] usb 4-1: config 1 interface 141 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  488.828371][   T24] usb 4-1: config 1 interface 141 altsetting 7 has 14 endpoint descriptors, different from the interface descriptor's value: 13
[  489.236311][   T24] usb 4-1: config 1 interface 166 has no altsetting 0
[  489.363352][T13725] FAULT_INJECTION: forcing a failure.
[  489.363352][T13725] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  489.376616][T13725] CPU: 0 UID: 0 PID: 13725 Comm: syz.2.1208 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) 
[  489.376640][T13725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  489.376649][T13725] Call Trace:
[  489.376653][T13725]  <TASK>
[  489.376658][T13725]  dump_stack_lvl+0x16c/0x1f0
[  489.376677][T13725]  should_fail_ex+0x512/0x640
[  489.376693][T13725]  _copy_from_user+0x2e/0xd0
[  489.376708][T13725]  kstrtouint_from_user+0xd6/0x1d0
[  489.376719][T13725]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  489.376731][T13725]  ? __lock_acquire+0xb97/0x1ce0
[  489.376755][T13725]  proc_fail_nth_write+0x83/0x220
[  489.376769][T13725]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  489.376786][T13725]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  489.376798][T13725]  vfs_write+0x29d/0x11d0
[  489.376812][T13725]  ? __pfx___mutex_lock+0x10/0x10
[  489.376824][T13725]  ? __pfx_vfs_write+0x10/0x10
[  489.376839][T13725]  ? __fget_files+0x20e/0x3c0
[  489.376855][T13725]  ksys_write+0x12a/0x250
[  489.376866][T13725]  ? __pfx_ksys_write+0x10/0x10
[  489.376882][T13725]  do_syscall_64+0xcd/0x4c0
[  489.376894][T13725]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.376907][T13725] RIP: 0033:0x7fd38bd8d69f
[  489.376916][T13725] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  489.376927][T13725] RSP: 002b:00007fd38cc2d030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  489.376938][T13725] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd38bd8d69f
[  489.376945][T13725] RDX: 0000000000000001 RSI: 00007fd38cc2d0a0 RDI: 0000000000000008
[  489.376952][T13725] RBP: 00007fd38cc2d090 R08: 0000000000000000 R09: 0000000000000000
[  489.376958][T13725] R10: 00002000000000c0 R11: 0000000000000293 R12: 0000000000000001
[  489.376965][T13725] R13: 00007fd38bfb6218 R14: 00007fd38bfb6180 R15: 00007ffff1484be8
[  489.376978][T13725]  </TASK>
[  489.787774][   T24] usb 4-1: config 1 interface 141 has no altsetting 0
[  489.816269][   T24] usb 4-1: New USB device found, idVendor=2040, idProduct=200a, bcdDevice=9a.a4
[  489.842023][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  489.932710][T13730] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  490.094371][   T24] usb 4-1: Product: syz
[  490.137181][   T24] usb 4-1: Manufacturer: ⧼逦٨鞶ꉽ蘎䗸포챵巪킬緁ꉐ눡獏鳴곱꤅쟣呢ሬ嬶䨞丙ﯫ틊石履잘翿꟦낱鄽吆賂塖迩抁璈祁藐ㇰ炾汜镪ઍᄷ൒ᄮ蹧뷪栘舔㐈턎馃驐趨ꦽ낰麁볬ꇬ♥ᬲ좺쨨멡魔歂扒ꫜⅻỚ狟冢횽桧卣˿ꊝᒔ㞠Ꙭ倒龱勺跩秸
[  490.361394][T13744] loop9: detected capacity change from 0 to 7
[  490.392406][T13744] Dev loop9: unable to read RDB block 7
[  490.408905][T13744]  loop9: unable to read partition table
[  490.435378][   T24] usb 4-1: SerialNumber: syz
[  490.532814][   T24] usb 4-1: can't set config #1, error -71
[  490.539679][T13744] loop9: partition table beyond EOD, truncated
[  490.559035][T13744] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  490.755244][   T24] usb 4-1: USB disconnect, device number 24
[  490.820150][    T9] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  490.961623][ T5847] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  491.052777][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  491.073790][    T9] usb 3-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  491.091679][    T9] usb 3-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db
[  491.112821][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.132976][    T9] usb 3-1: Product: syz
[  491.142821][    T9] usb 3-1: Manufacturer: syz
[  491.152767][    T9] usb 3-1: SerialNumber: syz
[  491.961063][   T10] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  492.020568][    T9] usb 3-1: reset high-speed USB device number 28 using dummy_hcd
[  492.135011][    T9] usb 3-1: device reset changed ep0 maxpacket size!
[  492.250765][T13789] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1216'.
[  492.261426][T13788] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1216'.
[  492.367228][   T10] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  492.385167][    T9] usb 3-1: USB disconnect, device number 28
[  492.391778][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  492.412475][   T10] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  492.431687][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  492.479176][   T10] usb 6-1: Product: syz
[  492.513568][   T10] usb 6-1: Manufacturer: syz
[  492.548764][   T10] usb 6-1: SerialNumber: syz
[  492.559852][    T9] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  492.610520][   T10] usb 6-1: config 0 descriptor??
[  493.500582][   T10] usb 6-1: selecting invalid altsetting 0
[  493.799493][T13812] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  493.921605][   T24] usb 6-1: USB disconnect, device number 6
[  494.071165][ T5849] udevd[5849]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  494.129567][   T30] audit: type=1400 audit(1755203078.173:3990): avc:  denied  { associate } for  pid=13833 comm="syz.3.1221" name="bus" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  494.217655][T13846] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1223'.
[  494.329816][   T10] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  494.345913][T13849] binder: 13845:13849 ioctl c0306201 0 returned -14
[  495.028081][   T10] usb 5-1: Using ep0 maxpacket: 8
[  495.134732][T13849] binder: 13845:13849 ioctl c0306201 200000000240 returned -14
[  495.167798][   T10] usb 5-1: config 1 has an invalid interface number: 166 but max is 1
[  495.176273][   T10] usb 5-1: config 1 has an invalid interface number: 141 but max is 1
[  495.184736][   T10] usb 5-1: config 1 has no interface number 0
[  495.190956][   T10] usb 5-1: config 1 has no interface number 1
[  495.197135][   T10] usb 5-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  495.210250][   T10] usb 5-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  495.210279][   T10] usb 5-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  495.210299][   T10] usb 5-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  495.210318][   T10] usb 5-1: config 1 interface 166 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[  495.210353][   T10] usb 5-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  495.210374][   T10] usb 5-1: config 1 interface 166 altsetting 5 endpoint 0x9 has an invalid bInterval 91, changing to 7
[  495.210401][   T10] usb 5-1: config 1 interface 166 altsetting 5 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  495.210439][   T10] usb 5-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0x12, changing to 0x2
[  495.210463][   T10] usb 5-1: config 1 interface 141 altsetting 7 bulk endpoint 0x2 has invalid maxpacket 32
[  495.210486][   T10] usb 5-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  495.210510][   T10] usb 5-1: config 1 interface 141 altsetting 7 endpoint 0x8A has an invalid bInterval 84, changing to 10
[  495.210540][   T10] usb 5-1: config 1 interface 141 altsetting 7 endpoint 0x8A has invalid maxpacket 50773, setting to 1024
[  495.210563][   T10] usb 5-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  495.210582][   T10] usb 5-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x2, skipping
[  495.210601][   T10] usb 5-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  495.210622][   T10] usb 5-1: config 1 interface 141 altsetting 7 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  495.210644][   T10] usb 5-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xC, skipping
[  495.210663][   T10] usb 5-1: config 1 interface 141 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  495.210682][   T10] usb 5-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  495.210701][   T10] usb 5-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  495.210721][   T10] usb 5-1: config 1 interface 141 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  495.210756][   T10] usb 5-1: config 1 interface 141 altsetting 7 has 14 endpoint descriptors, different from the interface descriptor's value: 13
[  495.210779][   T10] usb 5-1: config 1 interface 166 has no altsetting 0
[  495.210795][   T10] usb 5-1: config 1 interface 141 has no altsetting 0
[  495.213611][   T10] usb 5-1: New USB device found, idVendor=2040, idProduct=200a, bcdDevice=9a.a4
[  495.544514][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  495.552829][   T10] usb 5-1: Product: syz
[  495.552846][   T10] usb 5-1: Manufacturer: ⧼逦٨鞶ꉽ蘎䗸포챵巪킬緁ꉐ눡獏鳴곱꤅쟣呢ሬ嬶䨞丙ﯫ틊石履잘翿꟦낱鄽吆賂塖迩抁璈祁藐ㇰ炾汜镪ઍᄷ൒ᄮ蹧뷪栘舔㐈턎馃驐趨ꦽ낰麁볬ꇬ♥ᬲ좺쨨멡魔歂扒ꫜⅻỚ狟冢횽桧卣˿ꊝᒔ㞠Ꙭ倒龱勺跩秸
[  495.552876][   T10] usb 5-1: SerialNumber: syz
[  495.864971][   T10] smsusb:smsusb_probe: board id=9, interface number 166
[  495.873259][   T10] smsusb:smsusb_probe: board id=9, interface number 141
[  495.878780][T13864] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  495.878813][T13864] CIFS: Unable to determine destination address
[  495.893969][   T10] usb 5-1: USB disconnect, device number 44
[  497.394550][T13884] bridge3: entered allmulticast mode
[  497.724363][T13891] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  498.171077][T13907] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1234'.
[  498.204307][T13911] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13911 comm=syz.4.1235
[  498.274824][T13907] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1234'.
[  498.429002][   T30] audit: type=1400 audit(1755203082.473:3991): avc:  denied  { append } for  pid=13910 comm="syz.4.1235" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  498.678328][T13927] veth0_to_team: entered promiscuous mode
[  498.684134][T13927] veth0_to_team: entered allmulticast mode
[  499.070263][   T30] audit: type=1400 audit(1755203082.543:3992): avc:  denied  { ioctl } for  pid=13910 comm="syz.4.1235" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 ioctlcmd=0x6405 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  499.236462][ T5953] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  499.423852][T13938] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1238'.
[  499.652442][ T5953] usb 4-1: Using ep0 maxpacket: 32
[  499.671631][ T5953] usb 4-1: descriptor type invalid, skip
[  499.738838][ T5953] usb 4-1: descriptor type invalid, skip
[  499.752969][ T5953] usb 4-1: descriptor type invalid, skip
[  499.766064][ T5953] usb 4-1: descriptor type invalid, skip
[  499.776967][ T5953] usb 4-1: descriptor type invalid, skip
[  499.793169][ T5953] usb 4-1: descriptor type invalid, skip
[  499.800871][ T5953] usb 4-1: config 5 has an invalid interface number: 89 but max is 0
[  499.833569][ T5953] usb 4-1: config 5 has no interface number 0
[  500.493569][ T5953] usb 4-1: config 5 interface 89 has no altsetting 0
[  500.513169][ T5953] usb 4-1: New USB device found, idVendor=046d, idProduct=08b3, bcdDevice=c8.89
[  500.533566][ T5953] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.559774][ T5953] usb 4-1: Product: syz
[  500.577824][ T5953] usb 4-1: Manufacturer: syz
[  500.591959][T13943] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  500.609803][ T5953] usb 4-1: SerialNumber: syz
[  500.973279][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  500.984582][   T30] audit: type=1326 audit(1755203084.903:3993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13919 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f708518ebe9 code=0x7ffc0000
[  501.169362][   T30] audit: type=1326 audit(1755203084.903:3994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13919 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f708518ebe9 code=0x7ffc0000
[  501.213520][   T30] audit: type=1326 audit(1755203084.903:3995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13919 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f708518ebe9 code=0x7ffc0000
[  501.261397][   T30] audit: type=1326 audit(1755203084.903:3996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13919 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f708518ebe9 code=0x7ffc0000
[  501.295366][   T30] audit: type=1326 audit(1755203084.903:3997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13919 comm="syz.3.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f708518ebe9 code=0x7ffc0000
[  501.679883][ T5847] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  501.686269][T11150] Bluetooth: hci1: command 0x1003 tx timeout
[  501.807753][T13995] loop9: detected capacity change from 0 to 7
[  501.819442][T13995] Dev loop9: unable to read RDB block 7
[  501.827586][T13995]  loop9: unable to read partition table
[  501.846648][T13995] loop9: partition table beyond EOD, truncated
[  501.853105][T13995] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  502.002843][T14000] bridge4: entered allmulticast mode
[  502.393071][ T5953] usb 4-1: USB disconnect, device number 25
[  502.778015][T14034] overlayfs: failed to resolve './file1': -2
[  502.880103][ T5953] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  502.889770][ T5845] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  503.038639][T14038] IPVS: wlc: SCTP 172.20.20.187:0 - no destination available
[  503.066628][ T5845] usb 6-1: Using ep0 maxpacket: 16
[  503.073828][ T5845] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  503.089647][ T5845] usb 6-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  503.099077][ T5845] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  503.112509][ T5845] usb 6-1: Product: syz
[  503.118761][ T5953] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  503.132839][ T5953] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  503.148172][ T5953] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  503.159803][ T5845] usb 6-1: Manufacturer: syz
[  503.164528][ T5845] usb 6-1: SerialNumber: syz
[  503.169419][ T5953] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.195050][ T5845] usb 6-1: config 0 descriptor??
[  503.211843][ T5845] usb 6-1: selecting invalid altsetting 1
[  503.229204][T14014] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  503.237487][ T5845] usb 6-1: Can not set alternate setting to 1, error: -22
[  503.276057][ T5845] synaptics_usb 6-1:0.0: probe with driver synaptics_usb failed with error -22
[  503.291868][ T5953] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  503.765322][   T30] audit: type=1400 audit(1755203087.573:3998): avc:  denied  { read } for  pid=14026 comm="syz.5.1249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  504.007954][T14050] netlink: 'syz.4.1252': attribute type 10 has an invalid length.
[  504.039184][T14027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  504.047777][T14027] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  504.205004][ T5845] usb 6-1: USB disconnect, device number 7
[  504.235301][   T30] audit: type=1326 audit(1755203088.133:3999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14006 comm="syz.3.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f708518ebe9 code=0x7ffc0000
[  504.297489][   T30] audit: type=1326 audit(1755203088.133:4000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14006 comm="syz.3.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f708518ebe9 code=0x7ffc0000
[  504.883098][   T30] audit: type=1326 audit(1755203088.133:4001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14006 comm="syz.3.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f708518ebe9 code=0x7ffc0000
[  504.943372][   T30] audit: type=1326 audit(1755203088.143:4002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14006 comm="syz.3.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f708518ebe9 code=0x7ffc0000
[  504.966859][    C1] vkms_vblank_simulate: vblank timer overrun
[  505.505160][   T10] usb 4-1: USB disconnect, device number 26
[  506.396882][T14116] netlink: 'syz.2.1261': attribute type 1 has an invalid length.
[  507.176563][T14130] loop9: detected capacity change from 0 to 7
[  507.242872][ T6004] Dev loop9: unable to read RDB block 7
[  507.248558][ T6004]  loop9: unable to read partition table
[  507.257445][ T6004] loop9: partition table beyond EOD, truncated
[  507.355331][T14130] Dev loop9: unable to read RDB block 7
[  507.382822][T14130]  loop9: unable to read partition table
[  507.415679][T14130] loop9: partition table beyond EOD, truncated
[  507.439849][  T918] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  507.455626][T14130] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  507.599949][  T918] usb 5-1: Using ep0 maxpacket: 16
[  507.607019][  T918] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  507.625192][  T918] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  507.699145][  T918] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  507.729558][  T918] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  507.768609][  T918] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  507.873426][  T918] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  507.884741][  T918] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  507.894306][  T918] usb 5-1: Manufacturer: syz
[  507.913484][  T918] usb 5-1: config 0 descriptor??
[  508.290176][  T918] rc_core: IR keymap rc-hauppauge not found
[  508.297942][  T918] Registered IR keymap rc-empty
[  508.306448][  T918] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  508.329998][  T918] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  508.359508][  T918] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  508.452952][  T918] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input38
[  508.498229][  T918] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  508.521767][  T918] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  508.550017][  T918] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  508.589891][  T918] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  508.609980][  T918] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  508.640303][T12445] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  508.649837][  T918] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  508.689844][  T918] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  508.743706][  T918] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  508.769904][  T918] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  508.801104][  T918] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  508.831977][  T918] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  508.843173][  T918] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  508.995812][T14168] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.1270'.
[  509.120203][  T918] usb 5-1: USB disconnect, device number 45
[  509.410816][T14170] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1272'.
[  510.298003][T14196] netlink: 'syz.5.1273': attribute type 10 has an invalid length.
[  510.399895][T11150] Bluetooth: hci6: command 0x0406 tx timeout
[  510.559990][ T5845] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  510.708672][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  510.708686][   T30] audit: type=1400 audit(1755203094.753:4024): avc:  denied  { unmount } for  pid=5842 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  510.922315][ T5845] usb 3-1: Using ep0 maxpacket: 16
[  510.929735][ T5845] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  510.976363][ T5845] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  511.550558][ T5845] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  511.561462][T14213] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  511.592914][ T5845] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  511.651446][ T5845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.656595][T14213] syzkaller0: entered promiscuous mode
[  511.659438][ T5845] usb 3-1: Product: syz
[  511.659456][ T5845] usb 3-1: Manufacturer: syz
[  511.659471][ T5845] usb 3-1: SerialNumber: syz
[  511.679815][T14213] syzkaller0: entered allmulticast mode
[  511.689615][T14213] tipc: Resetting bearer <eth:syzkaller0>
[  511.729198][T14212] tipc: Resetting bearer <eth:syzkaller0>
[  512.266464][ T5845] usb 3-1: 0:2 : does not exist
[  512.427399][ T5845] usb 3-1: USB disconnect, device number 30
[  512.945577][T14249] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  514.667616][T14254] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  515.588841][T14212] tipc: Disabling bearer <eth:syzkaller0>
[  515.980257][   T24] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  516.156564][   T24] usb 4-1: Using ep0 maxpacket: 8
[  516.178439][   T24] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  516.316127][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  516.334502][T14319] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1288'.
[  517.072493][   T24] pvrusb2: Hardware description: Terratec Grabster AV400
[  517.093147][   T24] pvrusb2: **********
[  517.222760][T14325] netlink: 'syz.4.1291': attribute type 10 has an invalid length.
[  517.243948][   T24] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  517.444118][   T24] pvrusb2: Important functionality might not be entirely working.
[  517.555561][   T24] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  517.585950][   T30] audit: type=1400 audit(1755203101.593:4025): avc:  denied  { append } for  pid=14306 comm="syz.5.1289" name="loop7" dev="devtmpfs" ino=654 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  517.625944][   T24] pvrusb2: **********
[  517.733361][T14279] netlink: 'syz.3.1285': attribute type 5 has an invalid length.
[  517.768923][ T2338] pvrusb2: Invalid write control endpoint
[  517.919146][   T24] usb 4-1: USB disconnect, device number 27
[  518.023439][   T30] audit: type=1400 audit(1755203102.053:4026): avc:  denied  { map } for  pid=14354 comm="syz.4.1295" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  518.158558][   T30] audit: type=1400 audit(1755203102.053:4027): avc:  denied  { execute } for  pid=14354 comm="syz.4.1295" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  519.164244][ T2338] pvrusb2: Invalid write control endpoint
[  519.219805][ T5845] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  519.239830][ T2338] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  519.266740][ T2338] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  519.359206][T14387] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1298'.
[  519.414026][T14388] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1298'.
[  520.232713][ T5845] usb 6-1: config 0 has an invalid interface number: 204 but max is 0
[  520.244748][ T5845] usb 6-1: config 0 has no interface number 0
[  520.262849][ T2338] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  520.276517][ T2338] pvrusb2: Device being rendered inoperable
[  520.286649][ T2338] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  520.296420][ T2338] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  520.304451][ T5845] usb 6-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=29.3d
[  520.315305][ T5845] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.348776][ T2338] pvrusb2: Attached sub-driver cx25840
[  520.369639][ T5845] usb 6-1: Product: syz
[  520.383761][ T5845] usb 6-1: Manufacturer: syz
[  520.393202][ T2338] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  520.442356][ T5845] usb 6-1: SerialNumber: syz
[  520.458969][ T2338] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  521.116460][ T5845] usb 6-1: config 0 descriptor??
[  521.243731][   T30] audit: type=1400 audit(1755203105.293:4028): avc:  denied  { unmount } for  pid=11627 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  521.248134][ T5845] usb 6-1: can't set config #0, error -71
[  521.299217][ T5845] usb 6-1: USB disconnect, device number 8
[  521.659928][ T5925] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  521.807585][T14456] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7 sclass=netlink_route_socket pid=14456 comm=syz.4.1303
[  521.871183][ T5925] usb 1-1: Using ep0 maxpacket: 8
[  521.903617][ T5925] usb 1-1: unable to get BOS descriptor or descriptor too short
[  521.924264][ T5925] usb 1-1: config 4 interface 0 has no altsetting 0
[  521.950857][ T5925] usb 1-1: string descriptor 0 read error: -22
[  521.957223][ T5925] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  521.968341][ T5925] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  521.991669][ T5925] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  522.012876][ T5925] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  522.037872][   T30] audit: type=1400 audit(1755203106.083:4029): avc:  denied  { create } for  pid=14448 comm="syz.3.1304" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  522.058820][ T5925] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  522.076151][ T5925] usb 1-1: media controller created
[  522.087378][   T30] audit: type=1400 audit(1755203106.083:4030): avc:  denied  { ioctl } for  pid=14448 comm="syz.3.1304" path="socket:[28900]" dev="sockfs" ino=28900 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  522.143434][T14457] input: syz1 as /devices/virtual/input/input39
[  522.396223][ T5925] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  522.976657][T14481] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1306'.
[  523.600005][ T5925] zl10353_read_register: readreg error (reg=127, ret==0)
[  523.810695][T14482] binder: 14480:14482 ioctl c0306201 200000000240 returned -14
[  523.984255][T14491] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1307'.
[  524.929152][T14496] binder: 14488:14496 ioctl c0306201 200000000240 returned -14
[  525.052582][T14494] FAULT_INJECTION: forcing a failure.
[  525.052582][T14494] name failslab, interval 1, probability 0, space 0, times 0
[  525.065368][T14494] CPU: 0 UID: 0 PID: 14494 Comm: syz.3.1309 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) 
[  525.065384][T14494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  525.065390][T14494] Call Trace:
[  525.065395][T14494]  <TASK>
[  525.065400][T14494]  dump_stack_lvl+0x16c/0x1f0
[  525.065417][T14494]  should_fail_ex+0x512/0x640
[  525.065433][T14494]  should_failslab+0xc2/0x120
[  525.065446][T14494]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  525.065460][T14494]  ? sidtab_sid2str_get+0x17a/0x680
[  525.065479][T14494]  kmemdup_noprof+0x29/0x60
[  525.065491][T14494]  sidtab_sid2str_get+0x17a/0x680
[  525.065513][T14494]  sidtab_entry_to_string+0x33/0x110
[  525.065530][T14494]  security_sid_to_context_core+0x35c/0x640
[  525.065548][T14494]  avc_audit_post_callback+0x109/0x8f0
[  525.065560][T14494]  ? __pfx_audit_log_lsm_data+0x10/0x10
[  525.065576][T14494]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  525.065594][T14494]  ? skb_put+0x138/0x1b0
[  525.065609][T14494]  ? audit_log_n_string+0x253/0x540
[  525.065625][T14494]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  525.065643][T14494]  common_lsm_audit+0x24b/0x300
[  525.065659][T14494]  ? __pfx_common_lsm_audit+0x10/0x10
[  525.065674][T14494]  ? avc_denied+0x14a/0x190
[  525.065687][T14494]  slow_avc_audit+0x186/0x210
[  525.065698][T14494]  ? __pfx_slow_avc_audit+0x10/0x10
[  525.065710][T14494]  ? find_held_lock+0x2b/0x80
[  525.065729][T14494]  avc_has_perm+0x1b5/0x1f0
[  525.065742][T14494]  ? __pfx_avc_has_perm+0x10/0x10
[  525.065753][T14494]  ? cap_capable+0xb3/0x250
[  525.065769][T14494]  selinux_kernel_load_data+0xec/0x5a0
[  525.065780][T14494]  security_kernel_load_data+0x1ec/0x210
[  525.065797][T14494]  __x64_sys_kexec_load+0xce/0x230
[  525.065814][T14494]  do_syscall_64+0xcd/0x4c0
[  525.065826][T14494]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  525.065838][T14494] RIP: 0033:0x7f708518ebe9
[  525.065847][T14494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  525.065857][T14494] RSP: 002b:00007f70833f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f6
[  525.065869][T14494] RAX: ffffffffffffffda RBX: 00007f70853b5fa0 RCX: 00007f708518ebe9
[  525.065876][T14494] RDX: 0000200000000900 RSI: 0000000000000001 RDI: 000000000000ff0e
[  525.065882][T14494] RBP: 00007f70833f6090 R08: 0000000000000000 R09: 0000000000000000
[  525.065889][T14494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  525.065895][T14494] R13: 00007f70853b6038 R14: 00007f70853b5fa0 R15: 00007ffd44573d68
[  525.065909][T14494]  </TASK>
[  525.330639][   T30] audit: type=1400 audit(1755203109.103:4031): avc:  denied  { kexec_image_load } for  pid=14493 comm="syz.3.1309" ssid=148 tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  525.506069][T14509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  525.514871][T14509] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  525.839925][T12455] syzkaller0: tun_net_xmit 76
[  525.845004][T12455] syzkaller0: tun_net_xmit 48
[  525.856569][T14499] syzkaller0: create flow: hash 1882794315 index 1
[  525.864323][   T10] syzkaller0: tun_net_xmit 76
[  525.906675][T14508] syzkaller0: entered promiscuous mode
[  525.912427][T14508] syzkaller0: entered allmulticast mode
[  526.114665][T14522] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1313'.
[  526.124011][T14522] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1313'.
[  526.134574][T14498] syzkaller0: delete flow: hash 1882794315 index 1
[  529.698879][T14562] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1320'.
[  530.545889][T14563] binder: 14561:14563 ioctl c0306201 200000000240 returned -14
[  530.687065][T14569] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1322'.
[  532.063319][T14588] sctp: [Deprecated]: syz.4.1325 (pid 14588) Use of int in max_burst socket option deprecated.
[  532.063319][T14588] Use struct sctp_assoc_value instead
[  532.160250][   T30] audit: type=1400 audit(1755203116.193:4032): avc:  denied  { setopt } for  pid=14585 comm="syz.3.1326" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  532.757753][   T30] audit: type=1400 audit(1755203116.803:4033): avc:  denied  { ioctl } for  pid=14583 comm="syz.4.1325" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x3e04 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  532.880842][   T30] audit: type=1400 audit(1755203116.893:4034): avc:  denied  { map } for  pid=14583 comm="syz.4.1325" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  532.998337][   T30] audit: type=1400 audit(1755203117.043:4035): avc:  denied  { audit_write } for  pid=14599 comm="syz.2.1329" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  533.074632][   T30] audit: type=1400 audit(1755203117.123:4036): avc:  denied  { watch watch_reads } for  pid=14599 comm="syz.2.1329" path="/proc/1019/task" dev="proc" ino=29111 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  534.863205][T14616] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  534.933045][T14616] cramfs: wrong magic
[  535.324160][T14634] loop9: detected capacity change from 0 to 7
[  535.344099][T14634] Dev loop9: unable to read RDB block 7
[  535.350064][T14634]  loop9: unable to read partition table
[  535.357643][T14634] loop9: partition table beyond EOD, truncated
[  535.367186][T14634] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  535.947832][T14645] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1338'.
[  536.235641][T14654] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1339'.
[  537.189971][   T59] Bluetooth: Error in BCSP hdr checksum
[  537.440219][   T36] Bluetooth: Error in BCSP hdr checksum
[  537.592264][ T5855] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  537.603060][ T5855] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  537.628365][ T5855] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  537.651941][ T5855] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  537.659415][ T5855] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  537.843698][T14674] syz.2.1343: attempt to access beyond end of device
[  537.843698][T14674] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  537.860675][T14674] syz.2.1343: attempt to access beyond end of device
[  537.860675][T14674] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0
[  537.924942][T14674] Mount JFS Failure: -5
[  538.059774][T14428] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  538.065744][T14667] chnl_net:caif_netlink_parms(): no params data found
[  538.293161][T14667] bridge0: port 1(bridge_slave_0) entered blocking state
[  538.305384][T14667] bridge0: port 1(bridge_slave_0) entered disabled state
[  538.316440][T14667] bridge_slave_0: entered allmulticast mode
[  538.327744][T14667] bridge_slave_0: entered promiscuous mode
[  538.390046][T14667] bridge0: port 2(bridge_slave_1) entered blocking state
[  538.403639][T14667] bridge0: port 2(bridge_slave_1) entered disabled state
[  538.412290][T14667] bridge_slave_1: entered allmulticast mode
[  538.412310][T14428] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  538.412341][T14428] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  538.419578][T14667] bridge_slave_1: entered promiscuous mode
[  538.563132][T14428] usb 4-1: config 0 descriptor??
[  538.593878][T14428] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  538.704451][T14667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  538.784663][T14667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  538.880325][T11150] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  539.760618][ T5855] Bluetooth: hci5: command tx timeout
[  540.655255][ T1155] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  541.869798][ T5855] Bluetooth: hci5: command tx timeout
[  542.173271][   T59] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  542.306461][T14667] team0: Port device team_slave_0 added
[  542.545320][T14667] team0: Port device team_slave_1 added
[  542.823781][   T59] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  542.949024][T14667] batman_adv: batadv0: Adding interface: batadv_slave_0
[  542.957265][T14667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  543.018727][T14428] usb 4-1: USB disconnect, device number 28
[  543.464075][T14667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  543.498225][   T59] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.517083][T14667] batman_adv: batadv0: Adding interface: batadv_slave_1
[  543.527966][T14667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  543.577148][T14667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  543.646023][   T59] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.920092][ T5855] Bluetooth: hci5: command tx timeout
[  544.146574][T14954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  544.250684][T14667] hsr_slave_0: entered promiscuous mode
[  544.264033][T14667] hsr_slave_1: entered promiscuous mode
[  544.890446][   T59] bridge_slave_1: left allmulticast mode
[  544.914734][   T59] bridge_slave_1: left promiscuous mode
[  544.938878][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  544.992555][   T59] bridge_slave_0: left allmulticast mode
[  545.039927][   T59] bridge_slave_0: left promiscuous mode
[  545.059822][    T9] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  545.084262][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  545.238176][T15115] CIFS mount error: No usable UNC path provided in device string!
[  545.238176][T15115] 
[  545.248549][T15115] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  545.263520][    T9] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  545.953839][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.060023][ T5855] Bluetooth: hci5: command tx timeout
[  546.145383][    T9] usb 5-1: config 0 descriptor??
[  546.164224][    T9] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  547.615110][T15134] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  548.642427][   T59] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  548.998588][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  549.013661][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  549.048387][   T59] bond0 (unregistering): Released all slaves
[  549.089355][T15144] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1364'.
[  549.397283][T15159] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1365'.
[  549.409130][T15159] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1365'.
[  550.275202][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  550.289130][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  550.340480][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  550.387994][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  550.406478][T15199] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1369'.
[  550.434188][T15199] unsupported nlmsg_type 40
[  550.450636][T15199] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  550.457383][T15199] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  550.480598][T15199] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  550.504614][T15199] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  550.518461][   T59] veth1_macvtap: left promiscuous mode
[  550.521996][T15199] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  550.549203][T15199] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  550.558303][   T59] veth0_macvtap: left promiscuous mode
[  550.585061][    T9] usb 5-1: USB disconnect, device number 46
[  550.593468][   T59] veth1_vlan: left promiscuous mode
[  550.607229][   T59] veth0_vlan: left promiscuous mode
[  550.617315][T15199] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  550.656794][T15199] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  550.672987][T15199] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  550.717626][T15199] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  550.732582][T15199] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  550.756983][T15199] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  550.767616][T15199] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4)
[  550.778441][T15199] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4)
[  550.792207][T15199] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffff5,4)
[  550.800247][T15199] comedi comedi3: 8255: I/O port conflict (0xffffffffffffeadb,4)
[  550.849949][T15199] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  551.242307][T15199] comedi comedi3: 8255: I/O port conflict (0x8,4)
[  551.285815][T15199] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  551.300214][T15223] loop9: detected capacity change from 0 to 7
[  551.317098][T15182] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  551.400820][T15199] comedi comedi3: 8255: I/O port conflict (0x8000000,4)
[  551.410281][T15199] comedi comedi3: 8255: I/O port conflict (0xffffffffdffffffa,4)
[  551.432586][T15223] Dev loop9: unable to read RDB block 7
[  551.439969][T15223]  loop9: unable to read partition table
[  551.458883][T15223] loop9: partition table beyond EOD, truncated
[  551.497622][T15223] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  551.716376][T15231] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  551.986129][T15228] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  552.044721][T15228] kvm: requested 12571 ns i8254 timer period limited to 200000 ns
[  552.054460][T15228] kvm: requested 12571 ns i8254 timer period limited to 200000 ns
[  552.104655][T15228] kvm: requested 85485 ns i8254 timer period limited to 200000 ns
[  552.114839][T15228] kvm: requested 93028 ns i8254 timer period limited to 200000 ns
[  552.127379][T15228] kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[  552.151149][T15228] kvm: requested 10057 ns i8254 timer period limited to 200000 ns
[  552.176207][T15228] kvm: requested 155047 ns i8254 timer period limited to 200000 ns
[  552.197872][T15228] kvm: requested 160914 ns i8254 timer period limited to 200000 ns
[  552.378983][   T59] team0 (unregistering): Port device team_slave_1 removed
[  552.478749][   T59] team0 (unregistering): Port device team_slave_0 removed
[  552.630590][   T30] audit: type=1400 audit(1755203136.683:4037): avc:  denied  { getopt } for  pid=15243 comm="syz.2.1375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  553.742881][   T59] team0 (unregistering): Port device dummy0 removed
[  553.999778][T14667] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  554.060504][T14667] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  554.214000][T14667] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  554.240813][T14667] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  554.253956][T15312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  554.269522][T15312] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  554.410110][   T24] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  554.436773][   T59] IPVS: stop unused estimator thread 0...
[  554.466532][T14667] 8021q: adding VLAN 0 to HW filter on device bond0
[  554.552730][T14667] 8021q: adding VLAN 0 to HW filter on device team0
[  554.574661][   T24] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  554.592531][T12445] bridge0: port 1(bridge_slave_0) entered blocking state
[  554.599762][T12445] bridge0: port 1(bridge_slave_0) entered forwarding state
[  554.601100][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  554.618050][T15337] FAULT_INJECTION: forcing a failure.
[  554.618050][T15337] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  554.626254][T12455] bridge0: port 2(bridge_slave_1) entered blocking state
[  554.638189][T12455] bridge0: port 2(bridge_slave_1) entered forwarding state
[  554.642915][T15337] CPU: 0 UID: 0 PID: 15337 Comm: syz.3.1383 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) 
[  554.642937][T15337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  554.642946][T15337] Call Trace:
[  554.642952][T15337]  <TASK>
[  554.642958][T15337]  dump_stack_lvl+0x16c/0x1f0
[  554.642979][T15337]  should_fail_ex+0x512/0x640
[  554.643000][T15337]  _copy_from_user+0x2e/0xd0
[  554.643021][T15337]  memdup_user+0x6b/0xe0
[  554.643039][T15337]  strndup_user+0x78/0xe0
[  554.643056][T15337]  __x64_sys_fsopen+0x9c/0x240
[  554.643078][T15337]  do_syscall_64+0xcd/0x4c0
[  554.643099][T15337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  554.643115][T15337] RIP: 0033:0x7f708518ebe9
[  554.643128][T15337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  554.643143][T15337] RSP: 002b:00007f70833f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae
[  554.643158][T15337] RAX: ffffffffffffffda RBX: 00007f70853b5fa0 RCX: 00007f708518ebe9
[  554.643168][T15337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000400
[  554.643177][T15337] RBP: 00007f70833f6090 R08: 0000000000000000 R09: 0000000000000000
[  554.643186][T15337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  554.643195][T15337] R13: 00007f70853b6038 R14: 00007f70853b5fa0 R15: 00007ffd44573d68
[  554.643221][T15337]  </TASK>
[  554.811351][   T24] usb 5-1: config 0 descriptor??
[  554.822659][   T24] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  555.178588][T15363] loop9: detected capacity change from 0 to 7
[  555.246560][T15363] Dev loop9: unable to read RDB block 7
[  555.261319][T15363]  loop9: unable to read partition table
[  555.277546][T15363] loop9: partition table beyond EOD, truncated
[  555.291738][T15363] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  556.214638][T14667] 8021q: adding VLAN 0 to HW filter on device batadv0
[  557.652281][T15410] syzkaller0: create flow: hash 1882794315 index 1
[  558.105952][   T24] usb 5-1: USB disconnect, device number 47
[  558.343655][   T59] syzkaller0: tun_net_xmit 76
[  558.348955][   T59] syzkaller0: tun_net_xmit 48
[  558.370310][T14428] syzkaller0: tun_net_xmit 76
[  558.631611][T15400] syzkaller0: delete flow: hash 1882794315 index 1
[  560.549164][T14667] veth0_vlan: entered promiscuous mode
[  560.563066][T14667] veth1_vlan: entered promiscuous mode
[  560.645224][T14667] veth0_macvtap: entered promiscuous mode
[  560.761220][T14667] veth1_macvtap: entered promiscuous mode
[  560.852737][T14667] batman_adv: batadv0: Interface activated: batadv_slave_0
[  560.921347][T14667] batman_adv: batadv0: Interface activated: batadv_slave_1
[  561.007116][   T36] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  561.026700][   T36] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  561.073125][   T36] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  561.079776][   T24] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  561.239902][   T24] usb 3-1: Using ep0 maxpacket: 8
[  561.386191][   T36] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  561.400522][   T24] usb 3-1: config 1 has an invalid interface number: 166 but max is 1
[  561.410010][   T59] Bluetooth: Error in BCSP hdr checksum
[  561.427575][   T24] usb 3-1: config 1 has an invalid interface number: 141 but max is 1
[  561.485618][   T24] usb 3-1: config 1 has no interface number 0
[  561.516373][   T24] usb 3-1: config 1 has no interface number 1
[  561.534885][   T24] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  561.553337][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  561.574687][   T24] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  561.588379][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  561.618555][   T24] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  561.661335][ T1155] Bluetooth: Error in BCSP hdr checksum
[  561.707898][   T24] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  561.814344][   T24] usb 3-1: config 1 interface 166 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[  561.950076][   T24] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  562.064176][   T24] usb 3-1: config 1 interface 166 altsetting 5 endpoint 0x9 has an invalid bInterval 91, changing to 7
[  562.178447][   T24] usb 3-1: config 1 interface 166 altsetting 5 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  562.316644][   T24] usb 3-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0x12, changing to 0x2
[  562.407679][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  562.469758][   T24] usb 3-1: config 1 interface 141 altsetting 7 bulk endpoint 0x2 has invalid maxpacket 32
[  562.583552][   T24] usb 3-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  562.692512][   T24] usb 3-1: config 1 interface 141 altsetting 7 endpoint 0x8A has an invalid bInterval 84, changing to 10
[  562.801350][   T24] usb 3-1: config 1 interface 141 altsetting 7 endpoint 0x8A has invalid maxpacket 50773, setting to 1024
[  562.912002][   T24] usb 3-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  563.027222][   T24] usb 3-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x2, skipping
[  563.042677][ T5855] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  563.151185][   T24] usb 3-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  563.287678][   T24] usb 3-1: config 1 interface 141 altsetting 7 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  563.317679][T12459] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  563.358984][   T24] usb 3-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xC, skipping
[  563.399822][T12459] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  563.445089][   T24] usb 3-1: config 1 interface 141 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  563.498812][   T24] usb 3-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  563.541197][   T24] usb 3-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  563.579354][   T24] usb 3-1: config 1 interface 141 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  563.627285][   T24] usb 3-1: config 1 interface 141 altsetting 7 has 14 endpoint descriptors, different from the interface descriptor's value: 13
[  563.722530][   T24] usb 3-1: config 1 interface 166 has no altsetting 0
[  563.729475][   T24] usb 3-1: config 1 interface 141 has no altsetting 0
[  563.742309][   T24] usb 3-1: New USB device found, idVendor=2040, idProduct=200a, bcdDevice=9a.a4
[  563.752342][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  564.026418][   T24] usb 3-1: Product: syz
[  564.035032][   T24] usb 3-1: Manufacturer: ⧼逦٨鞶ꉽ蘎䗸포챵巪킬緁ꉐ눡獏鳴곱꤅쟣呢ሬ嬶䨞丙ﯫ틊石履잘翿꟦낱鄽吆賂塖迩抁璈祁藐ㇰ炾汜镪ઍᄷ൒ᄮ蹧뷪栘舔㐈턎馃驐趨ꦽ낰麁볬ꇬ♥ᬲ좺쨨멡魔歂扒ꫜⅻỚ狟冢횽桧卣˿ꊝᒔ㞠Ꙭ倒龱勺跩秸
[  564.206643][T15530] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1401'.
[  564.687903][   T24] usb 3-1: SerialNumber: syz
[  564.739200][   T24] usb 3-1: can't set config #1, error -71
[  565.167089][   T24] usb 3-1: USB disconnect, device number 31
[  565.269005][   T30] audit: type=1400 audit(1755203149.313:4038): avc:  denied  { listen } for  pid=15547 comm="syz.6.1404" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  566.000096][T15561] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  568.280554][T15601] ntfs3(nullb0): Primary boot signature is not NTFS.
[  568.287653][T15601] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  568.789531][T15620] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1413'.
[  569.268740][T15623] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  571.719967][T15648] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  572.474839][   T30] audit: type=1400 audit(1755203156.523:4039): avc:  denied  { map } for  pid=15649 comm="syz.4.1422" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  572.540049][   T30] audit: type=1400 audit(1755203156.523:4040): avc:  denied  { execute } for  pid=15649 comm="syz.4.1422" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  573.486993][T15683] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  573.960162][T12455] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  574.012348][T15692] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  575.359116][T15726] bond0: entered promiscuous mode
[  575.419953][T15726] bond_slave_0: entered promiscuous mode
[  575.427406][T15726] bond_slave_1: entered promiscuous mode
[  575.474008][T15726] bond0: entered allmulticast mode
[  575.521710][T15726] bond_slave_0: entered allmulticast mode
[  575.549979][T15726] bond_slave_1: entered allmulticast mode
[  575.711143][T15736] NILFS (nullb0): couldn't find nilfs on the device
[  576.552166][T15769] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1439'.
[  577.019029][   T30] audit: type=1400 audit(1755203161.017:4041): avc:  denied  { watch_reads } for  pid=15773 comm="syz.4.1440" path="/273/bus" dev="overlay" ino=1490 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  577.995488][T15795] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  578.626050][T15797] netlink: 180 bytes leftover after parsing attributes in process `syz.3.1444'.
[  579.451409][T15808] program syz.0.1446 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  581.505863][T15817] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15817 comm=syz.4.1448
[  581.889960][T15841] bridge5: entered allmulticast mode
[  582.420278][T15864] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  582.949531][T15871] syzkaller0: create flow: hash 1882794315 index 1
[  583.172382][T15875] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1459'.
[  583.310573][T15879] binder: 15873:15879 ioctl c0306201 0 returned -14
[  583.546834][T12453] syzkaller0: tun_net_xmit 76
[  583.552394][T12453] syzkaller0: tun_net_xmit 48
[  583.569978][ T5845] syzkaller0: tun_net_xmit 76
[  583.962571][ T5845] syzkaller0: tun_net_xmit 76
[  584.252811][T15859] syzkaller0: delete flow: hash 1882794315 index 1
[  584.576895][T15913] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15913 comm=syz.2.1463
[  586.667899][T15948] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  588.031368][T15972] loop9: detected capacity change from 0 to 7
[  588.038496][T15972] Dev loop9: unable to read RDB block 7
[  588.045928][T15972]  loop9: unable to read partition table
[  588.052444][T15972] loop9: partition table beyond EOD, truncated
[  588.073729][T15972] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  592.814426][T16053] loop9: detected capacity change from 0 to 7
[  592.824352][ T6004] Dev loop9: unable to read RDB block 7
[  593.307205][ T6004]  loop9: unable to read partition table
[  593.313331][ T6004] loop9: partition table beyond EOD, truncated
[  593.376936][T16053] Dev loop9: unable to read RDB block 7
[  593.462788][T16053]  loop9: unable to read partition table
[  593.476469][T16053] loop9: partition table beyond EOD, truncated
[  593.491142][T16053] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  594.596802][ T5855] Bluetooth: hci5: unexpected event 0x2f length: 509 > 260
[  595.999774][T11150] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  596.735466][T16124] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  597.197254][T16134] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  597.690108][T16134] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.881938][T16144] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1500'.
[  598.682133][T16163] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1505'.
[  599.042919][   T30] audit: type=1400 audit(1755203183.057:4042): avc:  denied  { read } for  pid=16176 comm="syz.6.1509" path="socket:[32852]" dev="sockfs" ino=32852 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  600.440788][T16168] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  600.784194][T16231] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1513'.
[  602.179153][T16251] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  602.295754][T16255] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  603.716335][T16267] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1519'.
[  603.909738][   T30] audit: type=1400 audit(1755203187.942:4043): avc:  denied  { map } for  pid=16276 comm="syz.6.1522" path="/dev/vcs" dev="devtmpfs" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  603.990635][T16271] loop9: detected capacity change from 0 to 7
[  604.029888][T16271] Dev loop9: unable to read RDB block 7
[  604.037209][T16271]  loop9: unable to read partition table
[  604.044888][T16271] loop9: partition table beyond EOD, truncated
[  604.051166][T16271] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  604.614268][ T5845] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  604.799755][ T5845] usb 7-1: Using ep0 maxpacket: 16
[  604.815371][ T5845] usb 7-1: config 255 has an invalid interface number: 43 but max is 3
[  604.830100][ T5845] usb 7-1: config 255 has an invalid interface number: 93 but max is 3
[  604.859754][ T5845] usb 7-1: config 255 has an invalid interface number: 106 but max is 3
[  604.892804][ T5845] usb 7-1: config 255 contains an unexpected descriptor of type 0x1, skipping
[  604.916699][ T5845] usb 7-1: config 255 has no interface number 0
[  604.938753][ T5845] usb 7-1: config 255 has no interface number 2
[  604.961888][ T5845] usb 7-1: config 255 has no interface number 3
[  604.985179][ T5845] usb 7-1: config 255 interface 43 altsetting 14 has an invalid descriptor for endpoint zero, skipping
[  605.036117][ T5845] usb 7-1: config 255 interface 43 altsetting 14 has an invalid descriptor for endpoint zero, skipping
[  605.094109][ T5845] usb 7-1: config 255 interface 43 altsetting 14 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  605.155925][ T5845] usb 7-1: config 255 interface 93 altsetting 127 has a duplicate endpoint with address 0x5, skipping
[  606.060899][ T5845] usb 7-1: config 255 interface 93 altsetting 127 has a duplicate endpoint with address 0x6, skipping
[  606.071995][ T5845] usb 7-1: config 255 interface 106 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  606.083250][ T5845] usb 7-1: config 255 interface 106 altsetting 0 has a duplicate endpoint with address 0x4, skipping
[  606.094210][ T5845] usb 7-1: config 255 interface 106 altsetting 0 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[  606.105569][ T5845] usb 7-1: config 255 interface 1 altsetting 9 has a duplicate endpoint with address 0x6, skipping
[  606.116670][ T5845] usb 7-1: config 255 interface 1 altsetting 9 has a duplicate endpoint with address 0xA, skipping
[  606.127686][ T5845] usb 7-1: config 255 interface 1 altsetting 9 has a duplicate endpoint with address 0x8, skipping
[  606.139731][ T5845] usb 7-1: config 255 interface 1 altsetting 9 has a duplicate endpoint with address 0x5, skipping
[  606.150562][ T5845] usb 7-1: config 255 interface 43 has no altsetting 0
[  606.157470][ T5845] usb 7-1: config 255 interface 93 has no altsetting 0
[  606.157994][ T1155] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  606.178238][ T5845] usb 7-1: config 255 interface 1 has no altsetting 0
[  606.243421][ T5845] usb 7-1: New USB device found, idVendor=0b95, idProduct=1790, bcdDevice=e7.6b
[  606.289706][   T10] IPVS: starting estimator thread 0...
[  606.369827][ T5845] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.390831][T16295] IPVS: using max 73 ests per chain, 175200 per kthread
[  606.418971][ T5845] usb 7-1: Product: syz
[  606.459715][ T5845] usb 7-1: Manufacturer: ࠠ
[  606.472739][ T5845] usb 7-1: SerialNumber: syz
[  606.495716][T16303] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1525'.
[  606.514672][T16304] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  606.737410][ T5845] ax88179_178a 7-1:255.43: probe with driver ax88179_178a failed with error -22
[  607.116314][ T5845] usb 7-1: USB disconnect, device number 2
[  608.720440][T16348] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  612.222423][T16412] FAULT_INJECTION: forcing a failure.
[  612.222423][T16412] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  612.237169][T16412] CPU: 0 UID: 0 PID: 16412 Comm: syz.3.1535 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) 
[  612.237193][T16412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  612.237203][T16412] Call Trace:
[  612.237209][T16412]  <TASK>
[  612.237215][T16412]  dump_stack_lvl+0x16c/0x1f0
[  612.237238][T16412]  should_fail_ex+0x512/0x640
[  612.237263][T16412]  _copy_from_user+0x2e/0xd0
[  612.237286][T16412]  copy_msghdr_from_user+0x98/0x160
[  612.237305][T16412]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  612.237327][T16412]  ? kfree+0x24f/0x4d0
[  612.237351][T16412]  ? __lock_acquire+0x62e/0x1ce0
[  612.237381][T16412]  ___sys_recvmsg+0xdb/0x1a0
[  612.237399][T16412]  ? __pfx____sys_recvmsg+0x10/0x10
[  612.237431][T16412]  ? __pfx___might_resched+0x10/0x10
[  612.237458][T16412]  do_recvmmsg+0x2fe/0x750
[  612.237477][T16412]  ? __pfx_do_recvmmsg+0x10/0x10
[  612.237493][T16412]  ? ksys_write+0x190/0x250
[  612.237514][T16412]  ? __mutex_unlock_slowpath+0x163/0x800
[  612.237537][T16412]  ? __fget_files+0x20e/0x3c0
[  612.237554][T16412]  __x64_sys_recvmmsg+0x22a/0x280
[  612.237567][T16412]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  612.237583][T16412]  do_syscall_64+0xcd/0x4c0
[  612.237596][T16412]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  612.237608][T16412] RIP: 0033:0x7f708518ebe9
[  612.237617][T16412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  612.237629][T16412] RSP: 002b:00007f70833d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  612.237640][T16412] RAX: ffffffffffffffda RBX: 00007f70853b6090 RCX: 00007f708518ebe9
[  612.237647][T16412] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006
[  612.237653][T16412] RBP: 00007f70833d5090 R08: 0000000000000000 R09: 0000000000000000
[  612.237659][T16412] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  612.237666][T16412] R13: 00007f70853b6128 R14: 00007f70853b6090 R15: 00007ffd44573d68
[  612.237679][T16412]  </TASK>
[  612.987987][T16417] loop9: detected capacity change from 0 to 7
[  613.016664][T16417] Dev loop9: unable to read RDB block 7
[  613.032499][T16417]  loop9: unable to read partition table
[  613.054338][T16417] loop9: partition table beyond EOD, truncated
[  613.069154][T16417] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  613.909729][   T10] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  614.069833][   T10] usb 5-1: Using ep0 maxpacket: 8
[  614.099104][   T10] usb 5-1: config 1 has an invalid interface number: 166 but max is 1
[  614.153701][   T10] usb 5-1: config 1 has an invalid interface number: 141 but max is 1
[  614.164898][   T10] usb 5-1: config 1 has no interface number 0
[  614.171242][   T10] usb 5-1: config 1 has no interface number 1
[  614.177506][   T10] usb 5-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  614.211204][   T10] usb 5-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  614.236494][   T10] usb 5-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  614.251029][   T10] usb 5-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  614.279398][   T10] usb 5-1: config 1 interface 166 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[  614.527134][   T10] usb 5-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  614.539772][   T10] usb 5-1: config 1 interface 166 altsetting 5 endpoint 0x9 has an invalid bInterval 91, changing to 7
[  614.963289][   T10] usb 5-1: config 1 interface 166 altsetting 5 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  614.977493][   T10] usb 5-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0x12, changing to 0x2
[  614.989278][   T10] usb 5-1: config 1 interface 141 altsetting 7 bulk endpoint 0x2 has invalid maxpacket 32
[  614.999331][   T10] usb 5-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  615.042442][T16450] bridge1: entered allmulticast mode
[  615.055306][   T10] usb 5-1: config 1 interface 141 altsetting 7 endpoint 0x8A has an invalid bInterval 84, changing to 10
[  615.068713][   T10] usb 5-1: config 1 interface 141 altsetting 7 endpoint 0x8A has invalid maxpacket 50773, setting to 1024
[  615.148087][   T10] usb 5-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  615.177634][   T10] usb 5-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x2, skipping
[  615.194550][   T10] usb 5-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  615.213283][   T10] usb 5-1: config 1 interface 141 altsetting 7 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  615.224623][   T10] usb 5-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xC, skipping
[  615.368427][   T10] usb 5-1: config 1 interface 141 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  615.390104][   T10] usb 5-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  615.413040][   T10] usb 5-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  615.435923][   T10] usb 5-1: config 1 interface 141 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  615.452351][   T10] usb 5-1: config 1 interface 141 altsetting 7 has 14 endpoint descriptors, different from the interface descriptor's value: 13
[  615.467606][   T10] usb 5-1: config 1 interface 166 has no altsetting 0
[  615.541528][   T10] usb 5-1: config 1 interface 141 has no altsetting 0
[  615.550781][   T10] usb 5-1: New USB device found, idVendor=2040, idProduct=200a, bcdDevice=9a.a4
[  615.560238][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  615.568704][   T10] usb 5-1: Product: syz
[  615.574346][   T10] usb 5-1: Manufacturer: ⧼逦٨鞶ꉽ蘎䗸포챵巪킬緁ꉐ눡獏鳴곱꤅쟣呢ሬ嬶䨞丙ﯫ틊石履잘翿꟦낱鄽吆賂塖迩抁璈祁藐ㇰ炾汜镪ઍᄷ൒ᄮ蹧뷪栘舔㐈턎馃驐趨ꦽ낰麁볬ꇬ♥ᬲ좺쨨멡魔歂扒ꫜⅻỚ狟冢횽桧卣˿ꊝᒔ㞠Ꙭ倒龱勺跩秸
[  615.681841][   T10] usb 5-1: SerialNumber: syz
[  615.809767][ T5845] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  615.929542][   T10] smsusb:smsusb_probe: board id=9, interface number 166
[  615.949953][   T10] smsusb:smsusb_probe: board id=9, interface number 141
[  615.961930][ T5845] usb 3-1: Using ep0 maxpacket: 8
[  615.970438][ T5845] usb 3-1: config 1 has an invalid interface number: 166 but max is 1
[  615.978855][ T5845] usb 3-1: config 1 has an invalid interface number: 141 but max is 1
[  615.997472][   T10] usb 5-1: USB disconnect, device number 48
[  616.221918][ T5845] usb 3-1: config 1 has no interface number 0
[  616.228554][ T5845] usb 3-1: config 1 has no interface number 1
[  616.235604][ T5845] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  616.261275][ T5845] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  616.354652][T16491] bridge7: entered allmulticast mode
[  616.394789][ T5845] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  616.439488][ T5845] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  616.463268][ T5845] usb 3-1: config 1 interface 166 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[  616.488110][ T5845] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  616.522455][ T5845] usb 3-1: config 1 interface 166 altsetting 5 endpoint 0x9 has an invalid bInterval 91, changing to 7
[  616.550074][T16501] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  616.778578][ T5845] usb 3-1: config 1 interface 166 altsetting 5 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  616.843869][ T5845] usb 3-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0x12, changing to 0x2
[  616.856483][ T5845] usb 3-1: config 1 interface 141 altsetting 7 bulk endpoint 0x2 has invalid maxpacket 32
[  616.871478][ T5845] usb 3-1: config 1 interface 141 altsetting 7 has an endpoint descriptor with address 0xAA, changing to 0x8A
[  617.376285][ T5845] usb 3-1: config 1 interface 141 altsetting 7 endpoint 0x8A has an invalid bInterval 84, changing to 10
[  617.547862][ T5845] usb 3-1: config 1 interface 141 altsetting 7 endpoint 0x8A has invalid maxpacket 50773, setting to 1024
[  617.562997][ T5845] usb 3-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  617.574002][ T5845] usb 3-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x2, skipping
[  617.586096][ T5845] usb 3-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  617.626300][ T5845] usb 3-1: config 1 interface 141 altsetting 7 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  617.637904][ T5845] usb 3-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xC, skipping
[  617.800215][ T5845] usb 3-1: config 1 interface 141 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  617.811241][ T5845] usb 3-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  618.309557][ T5845] usb 3-1: config 1 interface 141 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  618.324976][ T5845] usb 3-1: config 1 interface 141 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  618.370282][ T5845] usb 3-1: config 1 interface 141 altsetting 7 has 14 endpoint descriptors, different from the interface descriptor's value: 13
[  618.386089][ T5845] usb 3-1: config 1 interface 166 has no altsetting 0
[  618.395079][ T5845] usb 3-1: config 1 interface 141 has no altsetting 0
[  618.430825][ T5845] usb 3-1: New USB device found, idVendor=2040, idProduct=200a, bcdDevice=9a.a4
[  618.449712][ T5845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  618.459792][ T5845] usb 3-1: Product: syz
[  618.464136][ T5845] usb 3-1: Manufacturer: ⧼逦٨鞶ꉽ蘎䗸포챵巪킬緁ꉐ눡獏鳴곱꤅쟣呢ሬ嬶䨞丙ﯫ틊石履잘翿꟦낱鄽吆賂塖迩抁璈祁藐ㇰ炾汜镪ઍᄷ൒ᄮ蹧뷪栘舔㐈턎馃驐趨ꦽ낰麁볬ꇬ♥ᬲ좺쨨멡魔歂扒ꫜⅻỚ狟冢횽桧卣˿ꊝᒔ㞠Ꙭ倒龱勺跩秸
[  618.496424][ T5845] usb 3-1: SerialNumber: syz
[  618.547015][ T5845] smsusb:smsusb_probe: board id=9, interface number 166
[  618.586771][ T5845] smsusb:smsusb_probe: board id=9, interface number 141
[  618.635708][ T5845] usb 3-1: USB disconnect, device number 32
[  619.459824][   T10] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  619.789718][   T10] usb 3-1: Using ep0 maxpacket: 8
[  619.795933][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  619.846234][   T10] usb 3-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00
[  619.859687][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.875593][   T10] usb 3-1: config 0 descriptor??
[  620.367974][   T10] lenovo 0003:17EF:6062.000C: hidraw0: USB HID v0.00 Device [HID 17ef:6062] on usb-dummy_hcd.2-1/input0
[  620.621322][   T10] usb 3-1: USB disconnect, device number 33
[  622.231935][   T30] audit: type=1400 audit(1755203206.238:4044): avc:  denied  { listen } for  pid=16628 comm="syz.0.1570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  622.280206][   T30] audit: type=1400 audit(1755203206.238:4045): avc:  denied  { accept } for  pid=16628 comm="syz.0.1570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  623.819185][T16652] FAULT_INJECTION: forcing a failure.
[  623.819185][T16652] name failslab, interval 1, probability 0, space 0, times 0
[  623.854543][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  623.868963][T16652] CPU: 1 UID: 0 PID: 16652 Comm: syz.6.1575 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) 
[  623.868988][T16652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  623.869002][T16652] Call Trace:
[  623.869008][T16652]  <TASK>
[  623.869014][T16652]  dump_stack_lvl+0x16c/0x1f0
[  623.869036][T16652]  should_fail_ex+0x512/0x640
[  623.869055][T16652]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  623.869077][T16652]  should_failslab+0xc2/0x120
[  623.869096][T16652]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  623.869113][T16652]  ? __alloc_skb+0x2b2/0x380
[  623.869144][T16652]  __alloc_skb+0x2b2/0x380
[  623.869169][T16652]  ? __pfx___alloc_skb+0x10/0x10
[  623.869197][T16652]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  623.869221][T16652]  netlink_alloc_large_skb+0x69/0x130
[  623.869241][T16652]  netlink_sendmsg+0x6a1/0xdd0
[  623.869264][T16652]  ? __pfx_netlink_sendmsg+0x10/0x10
[  623.869292][T16652]  ____sys_sendmsg+0xa98/0xc70
[  623.869315][T16652]  ? copy_msghdr_from_user+0x10a/0x160
[  623.869333][T16652]  ? __pfx_____sys_sendmsg+0x10/0x10
[  623.869366][T16652]  ___sys_sendmsg+0x134/0x1d0
[  623.869385][T16652]  ? __pfx____sys_sendmsg+0x10/0x10
[  623.869425][T16652]  ? __mutex_unlock_slowpath+0x100/0x800
[  623.869452][T16652]  __sys_sendmsg+0x16d/0x220
[  623.869469][T16652]  ? __pfx___sys_sendmsg+0x10/0x10
[  623.869504][T16652]  do_syscall_64+0xcd/0x4c0
[  623.869525][T16652]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.869544][T16652] RIP: 0033:0x7fd4ce98ebe9
[  623.869558][T16652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  623.869574][T16652] RSP: 002b:00007fd4cf741038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  623.869591][T16652] RAX: ffffffffffffffda RBX: 00007fd4cebb5fa0 RCX: 00007fd4ce98ebe9
[  623.869603][T16652] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 000000000000000e
[  623.869613][T16652] RBP: 00007fd4cf741090 R08: 0000000000000000 R09: 0000000000000000
[  623.869623][T16652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  623.869633][T16652] R13: 00007fd4cebb6038 R14: 00007fd4cebb5fa0 R15: 00007ffecf334fe8
[  623.869656][T16652]  </TASK>
[  624.114445][T16658] syz.4.1573: attempt to access beyond end of device
[  624.114445][T16658] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  624.340023][T16658] syz.4.1573: attempt to access beyond end of device
[  624.340023][T16658] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0
[  624.381795][T16658] Mount JFS Failure: -5
[  627.774161][T16695] bridge6: entered allmulticast mode
[  629.129886][ T5949] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  629.201514][ T5855] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  629.299925][ T5949] usb 3-1: Using ep0 maxpacket: 16
[  629.319008][ T5949] usb 3-1: config 255 has an invalid interface number: 43 but max is 3
[  629.344680][ T5949] usb 3-1: config 255 has an invalid interface number: 93 but max is 3
[  629.364482][ T5949] usb 3-1: config 255 has an invalid interface number: 106 but max is 3
[  629.375580][T16740] netlink: 'syz.6.1592': attribute type 10 has an invalid length.
[  629.383786][ T5949] usb 3-1: config 255 contains an unexpected descriptor of type 0x1, skipping
[  629.408632][T16740] team0: Port device dummy0 added
[  629.414138][ T5949] usb 3-1: config 255 has no interface number 0
[  629.424419][ T5949] usb 3-1: config 255 has no interface number 2
[  629.430980][ T5949] usb 3-1: config 255 has no interface number 3
[  629.437591][ T5949] usb 3-1: config 255 interface 43 altsetting 14 has an invalid descriptor for endpoint zero, skipping
[  629.453116][ T5949] usb 3-1: config 255 interface 43 altsetting 14 has an invalid descriptor for endpoint zero, skipping
[  629.487308][ T5949] usb 3-1: config 255 interface 43 altsetting 14 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  629.499601][ T5949] usb 3-1: config 255 interface 93 altsetting 127 has a duplicate endpoint with address 0x5, skipping
[  629.516273][ T5949] usb 3-1: config 255 interface 93 altsetting 127 has a duplicate endpoint with address 0x6, skipping
[  629.636798][ T5949] usb 3-1: config 255 interface 106 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  629.650191][ T5949] usb 3-1: config 255 interface 106 altsetting 0 has a duplicate endpoint with address 0x4, skipping
[  629.664066][ T5949] usb 3-1: config 255 interface 106 altsetting 0 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[  629.755931][ T5949] usb 3-1: config 255 interface 1 altsetting 9 has a duplicate endpoint with address 0x6, skipping
[  629.805797][T16751] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1595'.
[  629.819069][T16750] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1595'.
[  629.980601][ T5949] usb 3-1: config 255 interface 1 altsetting 9 has a duplicate endpoint with address 0xA, skipping
[  629.991807][ T5949] usb 3-1: config 255 interface 1 altsetting 9 has a duplicate endpoint with address 0x8, skipping
[  630.002879][ T5949] usb 3-1: config 255 interface 1 altsetting 9 has a duplicate endpoint with address 0x5, skipping
[  630.014079][ T5949] usb 3-1: config 255 interface 43 has no altsetting 0
[  630.021409][ T5949] usb 3-1: config 255 interface 93 has no altsetting 0
[  630.054939][ T5949] usb 3-1: config 255 interface 1 has no altsetting 0
[  630.084532][ T5949] usb 3-1: New USB device found, idVendor=0b95, idProduct=1790, bcdDevice=e7.6b
[  630.094812][ T5949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.103349][ T5949] usb 3-1: Product: syz
[  630.108583][ T5949] usb 3-1: Manufacturer: ࠠ
[  630.114980][ T5949] usb 3-1: SerialNumber: syz
[  630.138888][T16755] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  630.240611][T12453] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  630.251156][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  630.261041][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  630.269949][ T5845] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  630.344521][ T5949] ax88179_178a 3-1:255.43: probe with driver ax88179_178a failed with error -22
[  630.397065][ T5949] usb 3-1: USB disconnect, device number 34
[  631.352026][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  631.492829][T16803] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  631.975879][T16810] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1601'.
[  631.986624][T16808] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1601'.
[  632.132798][T16816] bridge2: entered allmulticast mode
[  632.210289][   T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  632.346843][T16826] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280
[  632.400155][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  632.640228][   T30] audit: type=1400 audit(1755203216.674:4046): avc:  denied  { getopt } for  pid=16829 comm="syz.3.1607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  632.808789][ T1155] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  632.853049][   T30] audit: type=1400 audit(1755203216.834:4047): avc:  denied  { bind } for  pid=16828 comm="syz.6.1605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  634.250362][   T30] audit: type=1400 audit(1755203218.264:4048): avc:  denied  { ioctl } for  pid=16851 comm="syz.4.1613" path="socket:[34203]" dev="sockfs" ino=34203 ioctlcmd=0x581f scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  634.807734][   T30] audit: type=1400 audit(1755203218.274:4049): avc:  denied  { write } for  pid=16851 comm="syz.4.1613" path="socket:[34207]" dev="sockfs" ino=34207 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  634.831375][    C0] vkms_vblank_simulate: vblank timer overrun
[  635.498440][T16877] net_ratelimit: 6 callbacks suppressed
[  635.498456][T16877] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  635.517264][   T30] audit: type=1400 audit(1755203219.564:4050): avc:  denied  { remount } for  pid=16875 comm="syz.6.1618" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  635.692250][   T30] audit: type=1400 audit(1755203219.564:4051): avc:  denied  { unmount } for  pid=14667 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  636.223186][ T5845] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  636.248218][T12449] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  636.274539][ T5949] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  636.284229][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  636.326929][T16887] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1619'.
[  636.939356][T16901] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  637.378660][T16906] loop9: detected capacity change from 0 to 7
[  637.388478][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  637.398470][T16906] Dev loop9: unable to read RDB block 7
[  637.413183][T16906]  loop9: unable to read partition table
[  637.419052][T16906] loop9: partition table beyond EOD, truncated
[  637.425280][T16906] loop_reread_partitions: partition scan of loop9 (�被x�������� ) failed (rc=-5)
[  637.440948][   T30] audit: type=1400 audit(1755203221.444:4052): avc:  denied  { lock } for  pid=16900 comm="syz.6.1624" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  637.464594][    C0] vkms_vblank_simulate: vblank timer overrun
[  637.626976][   T30] audit: type=1400 audit(1755203221.654:4053): avc:  denied  { bind } for  pid=16900 comm="syz.6.1624" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  637.646351][    C0] vkms_vblank_simulate: vblank timer overrun
[  637.920205][   T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  637.928349][   T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  637.937199][ T5949] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  639.792877][T16934] input: syz1 as /devices/virtual/input/input40
[  639.844382][T12449] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  639.925193][T16940] netlink: 'syz.0.1629': attribute type 2 has an invalid length.
[  639.935600][T16940] netlink: 'syz.0.1629': attribute type 8 has an invalid length.
[  639.943683][T16940] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1629'.
[  640.562386][ T5855] Bluetooth: hci1: command 0x1003 tx timeout
[  640.568616][T11150] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  641.549991][ T5953] net_ratelimit: 6 callbacks suppressed
[  641.550009][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  642.630022][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  642.641191][ T1155] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  642.655373][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  642.689898][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  643.680823][T12449] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  643.689545][T12445] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  643.697678][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  643.706717][ T5845] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  643.715316][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  644.174254][T16987] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  645.213371][T16996] FAULT_INJECTION: forcing a failure.
[  645.213371][T16996] name failslab, interval 1, probability 0, space 0, times 0
[  645.261797][T16996] CPU: 1 UID: 0 PID: 16996 Comm: syz.4.1642 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) 
[  645.261822][T16996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  645.261833][T16996] Call Trace:
[  645.261838][T16996]  <TASK>
[  645.261845][T16996]  dump_stack_lvl+0x16c/0x1f0
[  645.261868][T16996]  should_fail_ex+0x512/0x640
[  645.261886][T16996]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  645.261909][T16996]  should_failslab+0xc2/0x120
[  645.261929][T16996]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  645.261948][T16996]  ? mptcp_pm_nl_add_addr_doit+0x1e6/0xc80
[  645.261977][T16996]  kmemdup_noprof+0x29/0x60
[  645.261994][T16996]  mptcp_pm_nl_add_addr_doit+0x1e6/0xc80
[  645.262024][T16996]  ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10
[  645.262067][T16996]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  645.262091][T16996]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  645.262120][T16996]  genl_family_rcv_msg_doit+0x209/0x2f0
[  645.262144][T16996]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  645.262178][T16996]  ? bpf_lsm_capable+0x9/0x10
[  645.262201][T16996]  ? security_capable+0x7e/0x260
[  645.262224][T16996]  ? ns_capable+0xd7/0x110
[  645.262247][T16996]  genl_rcv_msg+0x55c/0x800
[  645.262270][T16996]  ? __pfx_genl_rcv_msg+0x10/0x10
[  645.262290][T16996]  ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10
[  645.262332][T16996]  netlink_rcv_skb+0x158/0x420
[  645.262350][T16996]  ? __pfx_genl_rcv_msg+0x10/0x10
[  645.262371][T16996]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  645.262399][T16996]  ? netlink_deliver_tap+0x1ae/0xd30
[  645.262421][T16996]  genl_rcv+0x28/0x40
[  645.262439][T16996]  netlink_unicast+0x5a7/0x870
[  645.262460][T16996]  ? __pfx_netlink_unicast+0x10/0x10
[  645.262477][T16996]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  645.262501][T16996]  netlink_sendmsg+0x8d1/0xdd0
[  645.262522][T16996]  ? __pfx_netlink_sendmsg+0x10/0x10
[  645.262551][T16996]  ____sys_sendmsg+0xa98/0xc70
[  645.262574][T16996]  ? copy_msghdr_from_user+0x10a/0x160
[  645.262592][T16996]  ? __pfx_____sys_sendmsg+0x10/0x10
[  645.262626][T16996]  ___sys_sendmsg+0x134/0x1d0
[  645.262645][T16996]  ? __pfx____sys_sendmsg+0x10/0x10
[  645.262683][T16996]  ? __mutex_unlock_slowpath+0x100/0x800
[  645.262709][T16996]  __sys_sendmsg+0x16d/0x220
[  645.262726][T16996]  ? __pfx___sys_sendmsg+0x10/0x10
[  645.262762][T16996]  do_syscall_64+0xcd/0x4c0
[  645.262783][T16996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.262801][T16996] RIP: 0033:0x7f96dbf8ebe9
[  645.262816][T16996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  645.262834][T16996] RSP: 002b:00007f96dcd1b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  645.262851][T16996] RAX: ffffffffffffffda RBX: 00007f96dc1b5fa0 RCX: 00007f96dbf8ebe9
[  645.262864][T16996] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000007
[  645.262874][T16996] RBP: 00007f96dcd1b090 R08: 0000000000000000 R09: 0000000000000000
[  645.262885][T16996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  645.262896][T16996] R13: 00007f96dc1b6038 R14: 00007f96dc1b5fa0 R15: 00007ffc88476c28
[  645.262921][T16996]  </TASK>
[  645.849964][T17009] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1644'.
[  646.991583][T17024] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  647.048504][ T5949] net_ratelimit: 5 callbacks suppressed
[  647.048519][ T5949] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  647.062284][ T5845] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  647.679226][T17034] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  647.959749][T17035] mkiss: ax0: crc mode is auto.
[  647.999946][T17040] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1651'.
[  648.100965][ T5845] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  648.212142][T12455] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  648.221532][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  648.230020][ T5845] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  648.270821][T17039] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1651'.
[  649.336306][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  649.442155][   T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  649.451894][T12449] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  649.460607][ T5911] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  649.676522][T17072] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1656'.
[  650.734109][T17084] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  650.777424][T17084] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  651.015406][T17091] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  651.438528][T17099] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1660'.
[  652.051097][T17103] tc_dump_action: action bad kind
[  652.559799][ T5855] Bluetooth: hci1: command 0x1003 tx timeout
[  652.567132][T11150] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  652.657692][ T5953] net_ratelimit: 4 callbacks suppressed
[  652.657707][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  653.575317][T17132] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1667'.
[  653.600046][T15106] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  653.680748][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  653.919974][T12445] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  653.930421][ T5911] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  653.976293][T14428] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  655.051870][T14428] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  655.200307][T12445] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  655.208484][T12445] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  655.224151][T14428] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  658.233768][T17197] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1680'.
[  658.394187][T17198] binder: 17195:17198 ioctl c0306201 200000000240 returned -14
[  658.402126][T14428] net_ratelimit: 4 callbacks suppressed
[  658.402138][T14428] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  658.479865][ T5949] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  659.176173][T17207] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  659.451314][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  659.702491][T12453] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  659.739515][ T5949] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  659.750713][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  660.404157][T17236] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  660.412873][T17236] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  660.421133][T17236] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  662.093708][ T5855] Bluetooth: hci5: command 0x0406 tx timeout
[  662.506756][T17275] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1694'.
[  664.016564][T15106] net_ratelimit: 14 callbacks suppressed
[  664.016578][T15106] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  664.441019][T14428] IPVS: starting estimator thread 0...
[  664.450552][T14428] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  664.549749][T17300] IPVS: using max 73 ests per chain, 175200 per kthread
[  664.841245][T17305] kvm: user requested TSC rate below hardware speed
[  664.884905][T17299] overlayfs: failed to decode file handle (len=4, type=251, flags=0, err=-22)
[  665.660779][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  665.668871][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  665.677487][ T5911] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  665.730337][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  666.558584][T17352] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1709'.
[  666.770386][   T36] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  666.779347][   T59] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  666.800036][ T5911] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  667.041601][T15106] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  667.778218][T17321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  667.911784][T17379] bridge8: entered allmulticast mode
[  669.393967][ T5911] net_ratelimit: 1 callbacks suppressed
[  669.393979][ T5911] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  669.538918][T17376] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  669.869773][ T5911] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  669.940678][   T31] INFO: task kworker/0:5:5925 blocked for more than 143 seconds.
[  670.070140][   T31]       Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0
[  670.081481][ T5949] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  670.101014][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  670.120982][   T31] task:kworker/0:5     state:D stack:23720 pid:5925  tgid:5925  ppid:2      task_flags:0x4208060 flags:0x00004000
[  670.179740][   T31] Workqueue: usb_hub_wq hub_event
[  670.209663][   T31] Call Trace:
[  670.214178][   T31]  <TASK>
[  670.218320][   T31]  __schedule+0x1190/0x5de0
[  670.222927][ T5911] usb 3-1: Using ep0 maxpacket: 8
[  670.229980][   T31]  ? __lock_acquire+0x62e/0x1ce0
[  670.231326][ T5911] usb 3-1: config 1 has an invalid interface number: 166 but max is 0
[  670.245199][   T31]  ? __pfx___schedule+0x10/0x10
[  670.251822][   T31]  ? find_held_lock+0x2b/0x80
[  670.263634][ T5911] usb 3-1: config 1 has no interface number 0
[  670.286273][   T31]  ? schedule+0x2d7/0x3a0
[  670.302272][ T5911] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  670.316692][   T31]  schedule+0xe7/0x3a0
[  670.339073][   T31]  schedule_timeout+0x257/0x290
[  670.371447][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  670.376864][   T31]  ? mark_held_locks+0x49/0x80
[  670.383080][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  670.394746][ T5911] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  670.400637][   T31]  __wait_for_common+0x2fc/0x4e0
[  670.405795][   T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  670.414143][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  670.424738][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  670.434299][   T31]  ? __pfx_device_del+0x10/0x10
[  670.439794][   T31]  ? kobject_put+0xab/0x5a0
[  670.446314][   T31]  i2c_del_adapter+0x546/0x6f0
[  670.454984][   T31]  ? __pfx_i2c_del_adapter+0x10/0x10
[  670.460850][   T31]  ? kfree+0x2b4/0x4d0
[  670.464947][   T31]  ? media_device_cleanup+0x53/0x80
[  670.473443][   T31]  ? dvb_usbv2_exit.isra.0+0x3c6/0x9f0
[  670.479046][   T31]  dvb_usbv2_exit.isra.0+0x45b/0x9f0
[  670.484713][   T31]  dvb_usbv2_probe+0x1f61/0x3e50
[  670.511704][ T5911] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  670.523010][ T5911] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  670.534868][ T5911] usb 3-1: config 1 interface 166 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[  670.546047][ T5911] usb 3-1: config 1 interface 166 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  670.557627][ T5911] usb 3-1: config 1 interface 166 altsetting 5 endpoint 0x9 has an invalid bInterval 91, changing to 7
[  670.569261][ T5911] usb 3-1: config 1 interface 166 altsetting 5 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  670.583228][ T5911] usb 3-1: config 1 interface 166 has no altsetting 0
[  670.590553][   T31]  ? __pfx_dvb_usbv2_probe+0x10/0x10
[  670.596031][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  670.601647][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  670.611192][ T5911] usb 3-1: New USB device found, idVendor=2040, idProduct=200a, bcdDevice=9a.a4
[  670.620695][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.629233][   T31]  ? __pm_runtime_set_status+0x13c/0xa80
[  670.635682][ T5911] usb 3-1: Product: syz
[  670.640476][   T31]  usb_probe_interface+0x303/0xa40
[  670.646046][ T5911] usb 3-1: Manufacturer: ⧼逦٨鞶ꉽ蘎䗸포챵巪킬緁ꉐ눡獏鳴곱꤅쟣呢ሬ嬶䨞丙ﯫ틊石履잘翿꟦낱鄽吆賂塖迩抁璈祁藐ㇰ炾汜镪ઍᄷ൒ᄮ蹧뷪栘舔㐈턎馃驐趨ꦽ낰麁볬ꇬ♥ᬲ좺쨨멡魔歂扒ꫜⅻỚ狟冢횽桧卣˿ꊝᒔ㞠Ꙭ倒龱勺跩秸
[  670.677972][   T31]  ? __pfx_usb_probe_interface+0x10/0x10
[  670.688931][   T31]  really_probe+0x241/0xa90
[  670.693841][   T31]  __driver_probe_device+0x1de/0x440
[  670.700041][   T31]  driver_probe_device+0x4c/0x1b0
[  670.705428][   T31]  __device_attach_driver+0x1df/0x310
[  670.711676][ T5911] usb 3-1: SerialNumber: syz
[  670.716672][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  670.738027][   T31]  bus_for_each_drv+0x159/0x1e0
[  670.750329][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  670.756082][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  670.761840][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  670.768065][   T31]  __device_attach+0x1e4/0x4b0
[  670.773439][   T31]  ? __pfx___device_attach+0x10/0x10
[  670.779036][   T31]  ? do_raw_spin_unlock+0x172/0x230
[  670.784883][   T31]  bus_probe_device+0x17f/0x1c0
[  670.793666][   T31]  device_add+0x1148/0x1aa0
[  670.798458][   T31]  ? __pfx_device_add+0x10/0x10
[  670.816661][   T31]  ? usb_cache_string+0xf2/0x150
[  670.822542][   T31]  usb_set_configuration+0x1187/0x1e20
[  670.829063][   T31]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[  670.839229][   T31]  usb_generic_driver_probe+0xb1/0x110
[  670.845240][   T31]  usb_probe_device+0xec/0x3e0
[  670.853266][   T31]  ? __pfx_usb_probe_device+0x10/0x10
[  670.859279][   T31]  really_probe+0x241/0xa90
[  670.864860][   T31]  __driver_probe_device+0x1de/0x440
[  670.873657][   T31]  ? usb_driver_applicable+0x1c7/0x220
[  670.879888][   T31]  driver_probe_device+0x4c/0x1b0
[  670.885048][   T31]  __device_attach_driver+0x1df/0x310
[  670.893675][   T31]  ? __pfx___device_attach_driver+0x10/0x10
[  670.903656][   T31]  bus_for_each_drv+0x159/0x1e0
[  670.908906][   T31]  ? __pfx_bus_for_each_drv+0x10/0x10
[  670.917502][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  670.923229][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  670.929880][   T31]  __device_attach+0x1e4/0x4b0
[  670.935870][   T31]  ? __pfx___device_attach+0x10/0x10
[  670.944231][   T31]  ? do_raw_spin_unlock+0x172/0x230
[  670.960661][ T5911] smsusb:smsusb_probe: board id=9, interface number 166
[  670.997631][   T31]  bus_probe_device+0x17f/0x1c0
[  671.034093][ T5911] usb 3-1: USB disconnect, device number 35
[  671.043431][   T31]  device_add+0x1148/0x1aa0
[  671.059020][   T31]  ? __pfx_device_add+0x10/0x10
[  671.092326][   T31]  ? usb_detect_static_quirks+0x335/0x3e0
[  671.098858][   T31]  ? __usb_get_extra_descriptor+0x158/0x1c0
[  671.107461][   T31]  usb_new_device+0xd07/0x1a60
[  671.112622][   T31]  ? do_raw_spin_lock+0x12c/0x2b0
[  671.117845][   T31]  ? __pfx_usb_new_device+0x10/0x10
[  671.125855][   T31]  ? mark_held_locks+0x49/0x80
[  671.134087][   T31]  hub_event+0x2f34/0x4fe0
[  671.139029][   T31]  ? __pfx_hub_event+0x10/0x10
[  671.147438][   T31]  ? interval_tree_iter_first+0x70/0x250
[  671.153498][   T31]  ? rcu_is_watching+0x12/0xc0
[  671.158668][   T31]  process_one_work+0x9cc/0x1b70
[  671.166312][   T31]  ? __pfx_hcd_resume_work+0x10/0x10
[  671.172040][   T31]  ? __pfx_process_one_work+0x10/0x10
[  671.177892][   T31]  ? assign_work+0x1a0/0x250
[  671.185260][   T31]  worker_thread+0x6c8/0xf10
[  671.190502][   T31]  ? __kthread_parkme+0x19e/0x250
[  671.195848][   T31]  ? __pfx_worker_thread+0x10/0x10
[  671.201540][T12455] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  671.210792][ T5949] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  671.213122][   T31]  kthread+0x3c5/0x780
[  671.223841][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  671.234671][   T31]  ? __pfx_kthread+0x10/0x10
[  671.241285][   T31]  ? rcu_is_watching+0x12/0xc0
[  671.247047][   T31]  ? __pfx_kthread+0x10/0x10
[  671.259790][   T31]  ret_from_fork+0x5d7/0x6f0
[  671.264635][   T31]  ? __pfx_kthread+0x10/0x10
[  671.270053][   T31]  ret_from_fork_asm+0x1a/0x30
[  671.275206][   T31]  </TASK>
[  671.279524][   T31] 
[  671.279524][   T31] Showing all locks held in the system:
[  671.290426][   T31] 3 locks held by kworker/0:0/9:
[  671.295843][   T31]  #0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  671.314843][   T31]  #1: ffffc900000e7d10 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  671.326233][   T31]  #2: ffffffff8e5cc640 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0
[  671.339277][   T31] 1 lock held by khungtaskd/31:
[  671.417643][   T31]  #0: ffffffff8e5c11e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  671.427854][   T31] 2 locks held by kworker/u8:6/1155:
[  671.435253][   T31]  #0: ffff888146afe148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  671.449161][   T31]  #1: ffffc90003bcfd10 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  671.464147][   T31] 2 locks held by getty/5609:
[  671.468892][   T31]  #0: ffff8880365160a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  671.478803][   T31]  #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  671.492045][   T31] 3 locks held by kworker/1:4/5911:
[  671.497276][   T31]  #0: ffff88801eeff148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  671.513048][   T31]  #1: ffffc900044cfd10 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  671.524449][   T31]  #2: ffff8880296cc198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fe0
[  671.535331][   T31] 5 locks held by kworker/0:5/5925:
[  671.540743][   T31]  #0: ffff88801eeff148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  671.579547][   T31]  #1: ffffc90002f17d10 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  671.609682][   T31]  #2: ffff888029481198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fe0
[  671.618771][   T31]  #3: ffff888057689198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[  671.628510][   T31]  #4: ffff8880336b4160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[  671.640466][   T31] 5 locks held by kworker/u8:13/12449:
[  671.645998][   T31]  #0: ffff88801c6f4148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  671.656767][   T31]  #1: ffffc9000f8bfd10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  671.666983][   T31]  #2: ffffffff9036bc30 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890
[  671.676472][   T31]  #3: ffffffff90381e88 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x7e9/0xab0
[  671.685706][   T31]  #4: ffffffff8e5cc778 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[  671.695866][   T31] 2 locks held by kworker/u8:16/12455:
[  671.701541][   T31]  #0: ffff888146afe148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  671.712536][   T31]  #1: ffffc9000f5f7d10 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  671.724298][   T31] 
[  671.726652][   T31] =============================================
[  671.726652][   T31] 
[  671.758131][   T31] NMI backtrace for cpu 0
[  671.758147][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) 
[  671.758170][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  671.758180][   T31] Call Trace:
[  671.758186][   T31]  <TASK>
[  671.758193][   T31]  dump_stack_lvl+0x116/0x1f0
[  671.758218][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  671.758240][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  671.758269][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  671.758297][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  671.758324][   T31]  watchdog+0xf0e/0x1260
[  671.758350][   T31]  ? __pfx_watchdog+0x10/0x10
[  671.758367][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  671.758391][   T31]  ? __kthread_parkme+0x19e/0x250
[  671.758416][   T31]  ? __pfx_watchdog+0x10/0x10
[  671.758435][   T31]  kthread+0x3c5/0x780
[  671.758453][   T31]  ? __pfx_kthread+0x10/0x10
[  671.758471][   T31]  ? rcu_is_watching+0x12/0xc0
[  671.758493][   T31]  ? __pfx_kthread+0x10/0x10
[  671.758510][   T31]  ret_from_fork+0x5d7/0x6f0
[  671.758526][   T31]  ? __pfx_kthread+0x10/0x10
[  671.758544][   T31]  ret_from_fork_asm+0x1a/0x30
[  671.758576][   T31]  </TASK>
[  671.758593][   T31] Sending NMI from CPU 0 to CPUs 1:
[  671.886501][    C1] NMI backtrace for cpu 1
[  671.886513][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) 
[  671.886529][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  671.886536][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  671.886552][    C1] Code: 9c 62 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 b2 16 00 fb f4 <e9> 4c 0d 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  671.886564][    C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c2
[  671.886576][    C1] RAX: 00000000036d7ef1 RBX: 0000000000000001 RCX: ffffffff8b935c29
[  671.886584][    C1] RDX: 0000000000000000 RSI: ffffffff8de4f235 RDI: ffffffff8c162580
[  671.886592][    C1] RBP: ffffed1003c5d488 R08: 0000000000000001 R09: ffffed10170a6655
[  671.886600][    C1] R10: ffff8880b85332ab R11: 0000000000000000 R12: 0000000000000001
[  671.886608][    C1] R13: ffff88801e2ea440 R14: ffffffff90ab3590 R15: 0000000000000000
[  671.886617][    C1] FS:  0000000000000000(0000) GS:ffff8881247bc000(0000) knlGS:0000000000000000
[  671.886632][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  671.886642][    C1] CR2: 00005555650dc5c8 CR3: 00000000747da000 CR4: 00000000003526f0
[  671.886652][    C1] Call Trace:
[  671.886657][    C1]  <TASK>
[  671.886662][    C1]  default_idle+0x13/0x20
[  671.886679][    C1]  default_idle_call+0x6d/0xb0
[  671.886696][    C1]  do_idle+0x391/0x510
[  671.886716][    C1]  ? __pfx_do_idle+0x10/0x10
[  671.886733][    C1]  ? trace_sched_exit_tp+0x2f/0x120
[  671.886751][    C1]  cpu_startup_entry+0x4f/0x60
[  671.886765][    C1]  start_secondary+0x21d/0x2b0
[  671.886783][    C1]  ? __pfx_start_secondary+0x10/0x10
[  671.886803][    C1]  common_startup_64+0x13e/0x148
[  671.886824][    C1]  </TASK>
[  672.074909][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  672.081761][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.17.0-rc1-syzkaller-00038-g0cc53520e68b #0 PREEMPT(full) 
[  672.093531][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  672.103560][   T31] Call Trace:
[  672.106816][   T31]  <TASK>
[  672.109730][   T31]  dump_stack_lvl+0x3d/0x1f0
[  672.114294][   T31]  vpanic+0x6e8/0x7a0
[  672.118262][   T31]  ? __pfx_vpanic+0x10/0x10
[  672.122748][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  672.127923][   T31]  panic+0xca/0xd0
[  672.131625][   T31]  ? __pfx_panic+0x10/0x10
[  672.136034][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  672.141411][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[  672.147557][   T31]  ? watchdog+0xd78/0x1260
[  672.151948][   T31]  ? watchdog+0xd6b/0x1260
[  672.156338][   T31]  watchdog+0xd89/0x1260
[  672.160559][   T31]  ? __pfx_watchdog+0x10/0x10
[  672.165213][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  672.170405][   T31]  ? __kthread_parkme+0x19e/0x250
[  672.175426][   T31]  ? __pfx_watchdog+0x10/0x10
[  672.180089][   T31]  kthread+0x3c5/0x780
[  672.184131][   T31]  ? __pfx_kthread+0x10/0x10
[  672.188690][   T31]  ? rcu_is_watching+0x12/0xc0
[  672.193430][   T31]  ? __pfx_kthread+0x10/0x10
[  672.198001][   T31]  ret_from_fork+0x5d7/0x6f0
[  672.202573][   T31]  ? __pfx_kthread+0x10/0x10
[  672.207131][   T31]  ret_from_fork_asm+0x1a/0x30
[  672.211880][   T31]  </TASK>
[  672.215080][   T31] Kernel Offset: disabled
[  672.219381][   T31] Rebooting in 86400 seconds..