last executing test programs:

9m42.079758748s ago: executing program 1 (id=532):
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f00000000c0)=[0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0], 0x0, 0x34, &(0x7f0000000380)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xb3, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
r1 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
ioctl$MON_IOCX_GET(r1, 0x40189206, &(0x7f0000000340)={&(0x7f00000011c0), 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
io_uring_enter(r3, 0x624, 0x7a94, 0x49, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000a0db000000000000000000850000000e000000c50000002a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
pipe(&(0x7f00000000c0)={<r6=>0xffffffffffffffff})
ioprio_set$uid(0x3, 0x0, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r7=>0x0)
io_submit(r7, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x0, r5, 0x0}])
r8 = dup3(r1, r2, 0x0)
ioctl$MON_IOCX_GETX(r8, 0x4018920a, &(0x7f0000000d80)={&(0x7f0000000000), &(0x7f0000002240)=""/4124, 0x101c})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000880)={0xffffffffffffffff, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000600)=[0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0], <r9=>0x0, 0x15, &(0x7f0000000680)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000006c0), &(0x7f0000000700), 0x8, 0x16, 0x8, 0x8, &(0x7f0000000740)}}, 0x10)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x0, 0x19, &(0x7f00000008c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@tail_call, @call={0x85, 0x0, 0x0, 0xc5}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6}, @jmp={0x5, 0x0, 0x0, 0x7, 0x4, 0x1, 0x1}, @generic={0x7, 0x6, 0x1, 0xf428, 0x8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000009c0)='GPL\x00', 0x8001, 0x87, &(0x7f0000000a00)=""/135, 0x40f00, 0x9, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000ac0)={0x7, 0x3}, 0x8, 0x10, &(0x7f0000000b00)={0x4, 0xd, 0x2, 0x8000}, 0x10, 0x0, 0xffffffffffffffff, 0x5, &(0x7f0000000b40)=[0xffffffffffffffff, 0x1], &(0x7f0000000b80)=[{0x1, 0x5, 0x7}, {0x2, 0x5, 0x10, 0x5}, {0x5, 0x1, 0xd, 0xb}, {0x0, 0x5, 0x0, 0x1}, {0x0, 0x4, 0x2, 0xc}], 0x10, 0x3}, 0x94)
r11 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r11, 0x7ac, 0x0)
r12 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4)
r13 = dup(r12)
ioctl$SIOCSIFHWADDR(r13, 0x400442c9, &(0x7f0000000080)={'macsec0\x00', @dev})
r14 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r15 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x1000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r15}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x7}, {0x3, 0x0, 0x6, 0xa, 0x8, 0xfff8, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r14}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r16 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000cc0)={0x0, 0x1}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0x0, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x826, 0x0, 0x0, 0x0, 0x9}, [@map_idx_val={0x18, 0x2, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfeb}]}, &(0x7f0000000040)='GPL\x00', 0x401, 0xd4, &(0x7f0000000280)=""/212, 0x41000, 0x4b, '\x00', r0, @fallback=0x9, r8, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r9, r10, 0x8, &(0x7f0000000d00)=[r13, 0xffffffffffffffff, r15, r16, 0x1], &(0x7f0000000d40)=[{0x0, 0x5, 0xa, 0x9}, {0x2, 0x3, 0x9, 0x1}, {0x3, 0x5, 0x7, 0x9}, {0x2, 0x5, 0x7, 0xb}, {0x3, 0x2, 0xb, 0x4}, {0x4, 0x3, 0x6, 0x5}, {0x5, 0x3, 0x2, 0x1}, {0x2, 0x2, 0x7, 0x28cef6a0a732e0c3}], 0x10, 0x2}, 0x94)
ioctl$TUNSETVNETHDRSZ(r8, 0x400454d8, &(0x7f0000000e80)=0xfffffff7)

9m41.807784434s ago: executing program 1 (id=533):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x58, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xfe}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x58}, 0x1, 0x2000}, 0x0)

9m41.559163168s ago: executing program 1 (id=536):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(0xffffffffffffffff, 0xc0585605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r4 = socket(0x1e, 0x5, 0x0)
listen(r4, 0x0)
r5 = socket(0x1e, 0x805, 0x0)
sendmsg$tipc(r5, &(0x7f0000000400)={&(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x1, {0xffea, 0x4, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x24000000}, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, 0x0, 0x0)
sendmsg$tipc(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)='Z', 0x1}], 0x1}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

9m40.367760556s ago: executing program 1 (id=539):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0xc, &(0x7f0000000680)=ANY=[@ANYRES8=r1, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000950000000000000000000000003eebb6cac0c1ea099fdfdfd848218950995d6b6e67d8539e8fd2e3bf521b2280cdb4eb39bc9fab20eb71d84c581838d098a7be20c6c6885f7360f16064cfea71eea134c50f9cbc7d01df5cf276646043809574169bc9635e331c39e655d5c0e09ec1e3a9bd84fdfcd0c8244c9f567069a709d6778a3170a2b2df47a6c020f240c697590b1add0087dcbdf6e1dc"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c0000001c0a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30"], 0x188}}, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r4}, 0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb02f8180000000000005e34000000000000fc"], &(0x7f0000001f80)=""/212, 0x1a, 0xd4, 0xa}, 0x28)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
connect$inet6(r0, &(0x7f0000000340)={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r2, 0xc0189377, &(0x7f00000002c0)={{0x1, 0x1, 0x18, <r7=>r1, {0x7, 0x7ff}}, './file0/../file0\x00'})
setsockopt$packet_tx_ring(r7, 0x107, 0xd, &(0x7f0000000300)=@req={0x82, 0xc02, 0x776, 0x10001}, 0x10)
sendmsg$nl_generic(r6, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socket$alg(0x26, 0x5, 0x0)
getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0/file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0)
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r9, &(0x7f0000003480)={0x2020}, 0x2020)
ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000100)={[{0x100, 0x2, 0x3, 0xa, 0x1, 0x75, 0x2, 0x0, 0x3, 0xfd, 0xb, 0xfa, 0x3}, {0xfffffff8, 0xb, 0x36, 0x8, 0x3, 0xc, 0x0, 0x3, 0x0, 0x3, 0x2, 0x8, 0x7f}, {0x5, 0xd11, 0x5, 0x9, 0xf5, 0xa9, 0x6, 0x9, 0x7, 0xd, 0x2, 0xa8, 0x39aa}], 0x1})
sendto$inet6(r0, 0x0, 0x0, 0x200000c1, &(0x7f00000000c0)={0xa, 0x4e1d, 0xff, @remote}, 0x1c)

9m39.377338722s ago: executing program 1 (id=542):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
unshare(0x22020400)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000640)='pagemap\x00')
lseek(r1, 0x1, 0x3)
writev(r0, &(0x7f0000000840), 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x105, 0x4800003a, r2, 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = open(&(0x7f0000000580)='./file1\x00', 0x80342, 0x1df2a23c5997fa5f)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)

9m38.980049984s ago: executing program 1 (id=544):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x200000000000000)

9m38.474006983s ago: executing program 32 (id=544):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x200000000000000)

2m59.97911194s ago: executing program 4 (id=1721):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x796, 0x0, 0x0, 0x7fff})
sendmsg$inet6(r0, &(0x7f0000000040)={&(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x7f}, 0x1c, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="28fc00000000000029000000390000008402020100000000ff02000000000000000000000000310118000000000000002900000037"], 0x40}, 0x24004800)

2m58.831721771s ago: executing program 4 (id=1723):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r2 = socket$can_raw(0x1d, 0x3, 0x1)
clock_nanosleep(0x1, 0x1, &(0x7f0000000180)={0x0, 0x3938700}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r3=>0x0})
bind$can_raw(r2, &(0x7f00000001c0)={0x1d, r3}, 0x10)
io_setup(0x3ff, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000500)=ANY=[@ANYRES32=r3, @ANYRESOCT=r6, @ANYRES32, @ANYRESHEX=r7, @ANYRES16=r6], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480))
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYRES32=r5], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
recvmmsg(r2, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f00000016c0)=[{0x0}, {&(0x7f0000000240)=""/149, 0x95}], 0x2}, 0x8}], 0x1, 0x40010101, 0x0)
unshare(0x8040480)
pipe(&(0x7f0000000080))

2m56.119887917s ago: executing program 4 (id=1733):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x92, 0x5, 0x9, 0x7f}})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x0, 0x180, 0x4, 0x10, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x5, 0x0, 0xbdb], 0x1, 0x3c4210})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)

2m54.112757221s ago: executing program 4 (id=1736):
mmap(&(0x7f000015a000/0x2000)=nil, 0x2000, 0xe, 0x31, 0xffffffffffffffff, 0x7d992000)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0xfffffffffffffa8a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = fanotify_init(0xf00, 0x40000)
r3 = io_uring_setup(0xab1, 0x0)
io_uring_register$IORING_REGISTER_PBUF_STATUS(r3, 0x1a, &(0x7f0000000040), 0x1)
readv(r2, &(0x7f0000000940)=[{&(0x7f0000001080)=""/4096, 0x1000}], 0x1)
fanotify_mark(r2, 0x105, 0x4000997d, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x100)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
connect$inet6(r1, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000002c0), 0x220, 0x100, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="41d8edff000000001009000084000000050100", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000240), 0x800, r4}, 0x38)
setsockopt(0xffffffffffffffff, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e21, @multicast2}}}, 0x84)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000001080)=@mangle={'mangle\x00', 0x64, 0x6, 0x6a0, 0x2d8, 0xd0, 0x0, 0x3f0, 0x2d8, 0x5d0, 0x5d0, 0x5d0, 0x5d0, 0x5d0, 0x6, 0x0, {[{{@uncond, 0x11e, 0xa8, 0xd0, 0x1f000000, {0x0, 0x7}}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x400, 0x5}}}, {{@ipv6={@rand_addr=' \x01\x00', @dev, [0x0, 0x0, 0x0, 0xff], [], 'batadv_slave_0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x1e0, 0x208, 0x7400, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@dev, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @private2, @private1, @dev={0xfe, 0x80, '\x00', 0x39}, @loopback, @mcast2, @local, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, @loopback, @local, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3f0}}, {{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x68}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @inet=@TOS={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x700)
socket$inet_udp(0x2, 0x2, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)

2m52.154440512s ago: executing program 4 (id=1741):
futex(&(0x7f0000000440)=0x2, 0x8b, 0x2, &(0x7f0000000480), 0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x6, 0xb}, 0x50)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380), 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01032757c38d085641a7260000000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x20040005}, 0x0)

2m50.491573601s ago: executing program 4 (id=1745):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r2=>0x0})
ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000005c0), 0x4)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000600)={0x0, r5}, 0x8)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)={0x1b, 0x0, 0x0, 0x80000000, 0x0, r4, 0xffff7fec, '\x00', 0x0, r5, 0x10000, 0x4}, 0x50)
socket$inet_sctp(0x2, 0x1, 0x84)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r6, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{0x1, <r7=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000200)=r3}, 0x20)
ioctl$BLKCRYPTOGENERATEKEY(0xffffffffffffffff, 0xc030128a, &(0x7f0000000640)={&(0x7f00000006c0)=""/70, 0x46})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x17, 0x7, &(0x7f0000000680)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r7}}, @jmp={0x5, 0x1, 0x6, 0x5, 0x5, 0x4}, @generic={0x1, 0x8, 0x6, 0x1, 0x36b70bc8}], &(0x7f00000003c0)='GPL\x00', 0x80, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20}, 0x94)
connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0), 0x10)
socket$xdp(0x2c, 0x3, 0x0)
syz_open_dev$MSR(&(0x7f0000000480), 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x13)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e6008cb8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r8, &(0x7f0000000300), 0x0}, 0x20)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002700851600000a00180000000000000000001c005a80180001"], 0x4c}}, 0x4000804)
socket$nl_netfilter(0x10, 0x3, 0xc)

2m40.965715636s ago: executing program 0 (id=1769):
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=""/156, 0x9c}], 0x1}, 0x0)
set_mempolicy(0x6, &(0x7f0000000080)=0x9, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = fsopen(&(0x7f00000002c0)='gadgetfs\x00', 0x1)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x10c, 0x0, 0x0, 0x4)
r2 = socket$kcm(0x10, 0x8, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4000044)
socket$key(0xf, 0x3, 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x10040104)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005240), 0x0, 0x401eb94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000015000103000000", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, 0x0, 0x24000010)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
fsmount(r0, 0x0, 0x0)

2m39.041683183s ago: executing program 0 (id=1773):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f00000004c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000080)={{0x0, 0x4}, 'syz1\x00', 0x4b})
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_UNLINKAT={0x24, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x200})
syz_open_dev$admmidi(&(0x7f0000000000), 0x2, 0x1a9882)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x200000000000000)

2m37.865608889s ago: executing program 0 (id=1777):
mmap(&(0x7f000015a000/0x2000)=nil, 0x2000, 0xe, 0x31, 0xffffffffffffffff, 0x7d992000)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0xfffffffffffffa8a)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r3 = fanotify_init(0xf00, 0x40000)
r4 = io_uring_setup(0xab1, 0x0)
io_uring_register$IORING_REGISTER_PBUF_STATUS(r4, 0x1a, &(0x7f0000000040), 0x1)
readv(r3, &(0x7f0000000940)=[{&(0x7f0000001080)=""/4096, 0x1000}], 0x1)
fanotify_mark(r3, 0x105, 0x4000997d, r2, 0x0)
mkdirat(r2, &(0x7f0000000000)='./file0\x00', 0x100)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
connect$inet6(r1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="41d8edff000000001009000084000000050100", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r5, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r5, 0x84, 0x5, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e21, @multicast2}}}, 0x84)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000001080)=@mangle={'mangle\x00', 0x64, 0x6, 0x6a0, 0x2d8, 0xd0, 0x0, 0x3f0, 0x2d8, 0x5d0, 0x5d0, 0x5d0, 0x5d0, 0x5d0, 0x6, 0x0, {[{{@uncond, 0x11e, 0xa8, 0xd0, 0x1f000000, {0x0, 0x7}}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x400, 0x5}}}, {{@ipv6={@rand_addr=' \x01\x00', @dev, [0x0, 0x0, 0x0, 0xff], [], 'batadv_slave_0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x1e0, 0x208, 0x7400, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@dev, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @private2, @private1, @dev={0xfe, 0x80, '\x00', 0x39}, @loopback, @mcast2, @local, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, @loopback, @local, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3f0}}, {{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x68}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @inet=@TOS={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x700)
socket$rds(0x15, 0x5, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$smackfs_ipv6host(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)

2m35.978882673s ago: executing program 0 (id=1780):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
epoll_create(0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip_vti0\x00', &(0x7f00000002c0)={'erspan0\x00', 0x0, 0x20, 0x8, 0x8, 0xffffffff, {{0x5, 0x4, 0x2, 0x3, 0x14, 0x64, 0x0, 0x0, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x28}, @empty}}}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0)
unshare(0x2040600)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r3=>0x0})
sendto$packet(r2, &(0x7f00000002c0)="12040500d3fc03fc01004788031c09100628", 0xfd35, 0x4, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)

2m34.112615036s ago: executing program 33 (id=1745):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r2=>0x0})
ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r5 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000005c0), 0x4)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000600)={0x0, r5}, 0x8)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000500)={0x1b, 0x0, 0x0, 0x80000000, 0x0, r4, 0xffff7fec, '\x00', 0x0, r5, 0x10000, 0x4}, 0x50)
socket$inet_sctp(0x2, 0x1, 0x84)
r6 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r6, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r6, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{0x1, <r7=>0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000200)=r3}, 0x20)
ioctl$BLKCRYPTOGENERATEKEY(0xffffffffffffffff, 0xc030128a, &(0x7f0000000640)={&(0x7f00000006c0)=""/70, 0x46})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x17, 0x7, &(0x7f0000000680)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r7}}, @jmp={0x5, 0x1, 0x6, 0x5, 0x5, 0x4}, @generic={0x1, 0x8, 0x6, 0x1, 0x36b70bc8}], &(0x7f00000003c0)='GPL\x00', 0x80, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20}, 0x94)
connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0), 0x10)
socket$xdp(0x2c, 0x3, 0x0)
syz_open_dev$MSR(&(0x7f0000000480), 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x13)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e6008cb8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r8, &(0x7f0000000300), 0x0}, 0x20)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002700851600000a00180000000000000000001c005a80180001"], 0x4c}}, 0x4000804)
socket$nl_netfilter(0x10, 0x3, 0xc)

2m34.039290107s ago: executing program 0 (id=1786):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={0x0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x17, 0x8, 0x40, 0x42, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r1}, 0x38)

2m32.31613265s ago: executing program 0 (id=1788):
socket$alg(0x26, 0x5, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x45480, 0x0)
ioctl$BLKZEROOUT(r0, 0x1265, 0x0)
getsockopt(0xffffffffffffffff, 0x0, 0x12, &(0x7f0000000000)=""/3, &(0x7f0000000040)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000e868495fb58d00b6ad1f50ad32d6ad25dfd73a015e0ca6a0f68a7d007dc6751dfb265a0e3ccae669e173a64bc1cfd514600650a58f145ff1205fc9ddaa275e687d452d64e7cc957d77578f4c25235138d5521f9453559c35da860e8efbc64e57cbb7aee976f2b54421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983cd44c05bd0a48dfe3e26e7a23129d6606ed28a69989d552af6d9a9df2c3af36e0360070011bbecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f163d1a1a83109753f54b21cd027edd68149ee99eebc6f7d6dd4aed4af7588c8e1b44ccb19e810879b81a7000000e7ffffff00000000d7900a820b63278f4e9a217b98ef7042ad2a928903000000cbe43a1ed25268816b00000000000009d27d753a30a147b24a48435bd8a568669596e9e0867958e1dd7a0defb6670c06054002238260000000000040587c1ed797aa21a38e1e389f640a0b8b0000000000a835ad0f61ba739cd0c31b05c00fba8a4aee676d7caa2e53b91a68ff2e60da7b01a2"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x6}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000900)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000f0000001c0007800c000400002e0000000000000c0003002d"], 0x30}}, 0x0)
syz_usbip_server_init(0x3)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r7)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socket$netlink(0x10, 0x3, 0x0)

2m16.94631448s ago: executing program 34 (id=1788):
socket$alg(0x26, 0x5, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x45480, 0x0)
ioctl$BLKZEROOUT(r0, 0x1265, 0x0)
getsockopt(0xffffffffffffffff, 0x0, 0x12, &(0x7f0000000000)=""/3, &(0x7f0000000040)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000e868495fb58d00b6ad1f50ad32d6ad25dfd73a015e0ca6a0f68a7d007dc6751dfb265a0e3ccae669e173a64bc1cfd514600650a58f145ff1205fc9ddaa275e687d452d64e7cc957d77578f4c25235138d5521f9453559c35da860e8efbc64e57cbb7aee976f2b54421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983cd44c05bd0a48dfe3e26e7a23129d6606ed28a69989d552af6d9a9df2c3af36e0360070011bbecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f163d1a1a83109753f54b21cd027edd68149ee99eebc6f7d6dd4aed4af7588c8e1b44ccb19e810879b81a7000000e7ffffff00000000d7900a820b63278f4e9a217b98ef7042ad2a928903000000cbe43a1ed25268816b00000000000009d27d753a30a147b24a48435bd8a568669596e9e0867958e1dd7a0defb6670c06054002238260000000000040587c1ed797aa21a38e1e389f640a0b8b0000000000a835ad0f61ba739cd0c31b05c00fba8a4aee676d7caa2e53b91a68ff2e60da7b01a2"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x6}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000900)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000f0000001c0007800c000400002e0000000000000c0003002d"], 0x30}}, 0x0)
syz_usbip_server_init(0x3)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000850000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r7)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socket$netlink(0x10, 0x3, 0x0)

1m51.988425679s ago: executing program 3 (id=1850):
syz_emit_ethernet(0x46, &(0x7f0000000800)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0x1, @empty, @mcast2, {[], @ndisc_ra}}}}}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000000100)={0x2020, 0x0, <r3=>0x0}, 0xffffff2f)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002200)=ANY=[@ANYBLOB="d000000000000000", @ANYRES64=r3, @ANYRES64=r2], 0xd0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r4 = dup(r1)
write$FUSE_BMAP(r4, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r4, &(0x7f0000000480)={0x18}, 0x18)
write$FUSE_INIT(r4, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x772, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}})
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000380)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0)
setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a140000001000010000000000000100000000000a"], 0x28}}, 0x0)
write$FUSE_INIT(r5, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x1282, 0x400c6001, 0x5, 0x8, 0x10, 0xc40b, 0x0, 0x0, 0x40, 0x6}}, 0x50)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{0xfffffffc}, {}, {}, {0xa}, {}, {}]}, @func={0x0, 0x0, 0x0, 0xc, 0x2}, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x28)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000002240)=ANY=[@ANYBLOB="9feb01001800000000ed000c00004cb1000000020000000000000000ecff0400000000000035d5ebf22148d5fa8f640da894f569c60e018a08b5763259eb759e9e89368751d921fa67db3813fab9c68cba1bf42d24948eb762b6423a60f054a010c61979284683292fc85bd0d849f909539b"], 0x0, 0x26}, 0x20)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000002180)=ANY=[@ANYBLOB="180000002000000000000000000000009500000000000000", @ANYRES64=r5, @ANYRES16=r0, @ANYRESOCT=r7], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f00000021c0), 0x10}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r9, 0xd8, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001000), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10)

1m50.157162599s ago: executing program 3 (id=1854):
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100002b00010000000000ffdbdf25040100800c0003000000000000000000140001"], 0x114}], 0x1}, 0x80)
r2 = fcntl$dupfd(r0, 0x406, r0)
write$binfmt_script(r2, &(0x7f0000001b00), 0xfffffd9d)
r3 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2)
dup(r3)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xb)
syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
getpgrp(0x0)
mkdir(0x0, 0x141)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000780)='/sys/power/reserved_size', 0x0, 0x50)
ioctl$TCXONC(r5, 0x540a, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x8}})
socket$unix(0x1, 0x1, 0x0)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r6, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
sendmsg$can_raw(r6, &(0x7f0000000000)={&(0x7f00000005c0), 0x10, &(0x7f0000000500)={&(0x7f00000000c0)=@can={{}, 0x7f, 0x0, 0x4, 0x0, '\b-\x00'}, 0x10}}, 0x0)
ioctl$TCXONC(r5, 0x540a, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="040100001a0001000000000000000000fc00000000000000000000000000000020010000000000000000000000003c0100000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000aa00000a002b00000064010101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000200400000000000000014000e006401010200"/188], 0x104}}, 0x0)

1m47.657594199s ago: executing program 3 (id=1857):
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000380)=""/156, 0x9c}], 0x1}, 0x0)
set_mempolicy(0x6, &(0x7f0000000080)=0x9, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = fsopen(&(0x7f00000002c0)='gadgetfs\x00', 0x1)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x10c, 0x0, 0x0, 0x4)
r2 = socket$kcm(0x10, 0x8, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4000044)
socket$key(0xf, 0x3, 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x10040104)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005240), 0x0, 0x401eb94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000015000103000000", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, 0x0, 0x24000010)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
fsmount(r0, 0x0, 0x0)

1m46.637272459s ago: executing program 3 (id=1862):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100001f5ff000000000000000000000a98000000060a0b0400000000000000003eec24c709464e6d492ff7f2020000006c00048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000e08000340000000042c0001800a0001006c696d69740000001c0002800c00014000000000000000640c0002400000000000000001090001007837b1662dcbf8d4a4"], 0xc0}}, 0x0)

1m45.579807758s ago: executing program 3 (id=1864):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$cdc_ecm(0x4, 0x56, &(0x7f0000000080)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x8, 0x0, 0x80, [{{0x9, 0x4, 0x0, 0x6, 0x3, 0x2, 0x6, 0x0, 0x3, {{0x5}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x101, 0xff}}, {[{{0x9, 0x5, 0x81, 0x3, 0x8, 0x4, 0x0, 0x7}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x3, 0x0, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x7, 0xb, 0xa3}}}}}]}}]}}, 0x0)
mkdir(&(0x7f0000000080)='./file1\x00', 0x18)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x1, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29, r3}, './file0\x00'})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="6000000010000103ffeb00feffffff00000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800e00010069703665727370616e0000002c00028014000500"/49], 0x60}}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r6, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@getnexthop={0x24, 0x6a, 0x10, 0x70bd2d, 0x25dfdbfc, {}, [@NHA_ID={0x8, 0x1, 0x1}, @NHA_FDB={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x91}, 0x8080)

1m43.88401539s ago: executing program 3 (id=1867):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
epoll_create(0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip_vti0\x00', &(0x7f00000002c0)={'erspan0\x00', 0x0, 0x20, 0x8, 0x8, 0xffffffff, {{0x5, 0x4, 0x2, 0x3, 0x14, 0x64, 0x0, 0x0, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x28}, @empty}}}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f00000002c0)="12040500d3fc03fc01004788031c09100628", 0xfd35, 0x4, &(0x7f0000000140)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)

1m28.230327043s ago: executing program 35 (id=1867):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
epoll_create(0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip_vti0\x00', &(0x7f00000002c0)={'erspan0\x00', 0x0, 0x20, 0x8, 0x8, 0xffffffff, {{0x5, 0x4, 0x2, 0x3, 0x14, 0x64, 0x0, 0x0, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x28}, @empty}}}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r4=>0x0})
sendto$packet(r2, &(0x7f00000002c0)="12040500d3fc03fc01004788031c09100628", 0xfd35, 0x4, &(0x7f0000000140)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)

19.47971863s ago: executing program 5 (id=2062):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a000000020000000200000004"], 0x2d)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r2=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000002c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x19, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000a17000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYBLOB="0000000000000000b70500000800000085000000a5000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10)
r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r4, 0x707, &(0x7f0000000300)={&(0x7f00000002c0)=[{0x6, 0x10, 0x0, 0x0}, {0x3, 0x4001, 0x0, 0x0}, {0x2, 0x4000, 0x20, 0x0}], 0x3})

19.267597533s ago: executing program 5 (id=2064):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009c323f08a504033007c8d1b93c010902120011000200000904"], 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000006000000060000000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x30, r7, 0x5, 0x3, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@crypto_settings=[@NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0x3025c6e3582963f7}], @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x30}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r5}, 0x10)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e1, 0x0) (async)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e1, 0x0)
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r2, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}, 0x1, 0x0, 0x0, 0x2}, 0x22044800) (async)
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r2, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}, 0x1, 0x0, 0x0, 0x2}, 0x22044800)
syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0) (async)
syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

15.108134797s ago: executing program 5 (id=2077):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x94173000)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
syz_clone(0x81a800, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

9.922658775s ago: executing program 7 (id=2090):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000040000000200000000000008000000000000610010d1109ebe4a9ad384e32af443cfebe6dfd36a2ea84b3c6b58ac169ed21280e87d2c205f5131e8315c9b53953500451bb468b2888ca27f89f01701be22db93987ae2335b9e6f387e35fd9746d8e4e7ad92a8b8bae150338c14fd6f08d4a3269cfbdad8eee67a82bab1c785d4ca3a30f992e4e4268bfb0462b2b428e46b3a37fd1e0f22509711ed0e78118e9d1f721e16fa517ccaf3a24bd6f6a66ffba7ee35bb94449ccbbe1fcd79408b44c959fd2434d4e336"], 0x0, 0x28}, 0x20)
r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40})
r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
ioctl$vim2m_VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000700)=@multiplanar_overlay={0x9, 0x3, 0x4, 0x0, 0x9, {}, {0x3, 0xc, 0x0, 0x47, 0x9, 0xfb, "4f5fcd2f"}, 0x3, 0x3, {0x0}, 0x2})
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000280)={0xffffffff}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[], 0x9c}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20)
r7 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
preadv(r7, &(0x7f0000000040)=[{&(0x7f0000000180)=""/66, 0x42}, {&(0x7f0000000240)=""/225, 0xe1}], 0x2, 0x0, 0x3)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendto$packet(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r9=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r8, 0x3b85, &(0x7f00000001c0)={0x28, 0x7, r9, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r8, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r9, 0x0, <r10=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r8, 0x3ba0, &(0x7f0000000040)={0x6e, 0x7, r10, 0x0, 0x0, 0x0, 0x4000000000000000, 0x2})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r8, 0x3ba0, &(0x7f00000004c0)={0x48, 0x7, r10, 0x0, 0x10000, 0x0, 0x8, 0x20cc7a, 0x60cd2})

8.45087484s ago: executing program 2 (id=2094):
r0 = socket(0x40000000015, 0x5, 0x0)
syz_open_dev$media(0x0, 0x3, 0x0)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(r1, 0xfffffffd)
timer_create(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000380)={0x1d, r4, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmmsg$sock(r1, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000200)}], 0x1}}], 0x1, 0x4010)
ioctl$int_in(r1, 0x5452, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x10, 0x2, 0xff, 0x5a, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x22, 0x20}, 0xe)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg$unix(r0, &(0x7f00000034c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000100, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r5)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00'})

7.587390794s ago: executing program 7 (id=2095):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2}, &(0x7f0000000340), &(0x7f0000000380)}, 0x20)

6.851100434s ago: executing program 7 (id=2098):
mmap(&(0x7f000015a000/0x2000)=nil, 0x2000, 0xe, 0x31, 0xffffffffffffffff, 0x7d992000)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0xfffffffffffffa8a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r3 = fanotify_init(0xf00, 0x40000)
r4 = io_uring_setup(0xab1, 0x0)
io_uring_register$IORING_REGISTER_PBUF_STATUS(r4, 0x1a, &(0x7f0000000040), 0x1)
readv(r3, &(0x7f0000000940)=[{&(0x7f0000001080)=""/4096, 0x1000}], 0x1)
fanotify_mark(r3, 0x105, 0x4000997d, r2, 0x0)
mkdirat(r2, &(0x7f0000000000)='./file0\x00', 0x100)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
connect$inet6(r1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="41d8edff000000001009000084000000050100", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r5, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r5, 0x84, 0x5, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e21, @multicast2}}}, 0x84)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000001080)=@mangle={'mangle\x00', 0x64, 0x6, 0x6a0, 0x2d8, 0xd0, 0x0, 0x3f0, 0x2d8, 0x5d0, 0x5d0, 0x5d0, 0x5d0, 0x5d0, 0x6, 0x0, {[{{@uncond, 0x11e, 0xa8, 0xd0, 0x1f000000, {0x0, 0x7}}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x400, 0x5}}}, {{@ipv6={@rand_addr=' \x01\x00', @dev, [0x0, 0x0, 0x0, 0xff], [], 'batadv_slave_0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x1e0, 0x208, 0x7400, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@dev, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @private2, @private1, @dev={0xfe, 0x80, '\x00', 0x39}, @loopback, @mcast2, @local, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, @loopback, @local, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3f0}}, {{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x68}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @inet=@TOS={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x700)
socket$rds(0x15, 0x5, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$smackfs_ipv6host(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)

6.744178537s ago: executing program 2 (id=2099):
mbind(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x0, &(0x7f00000004c0)=0x6, 0x10, 0xffffffffffffbfff)

6.674826485s ago: executing program 8 (id=2100):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000240)={0x0, &(0x7f0000000100)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$SIOCX25SDTEFACILITIES(0xffffffffffffffff, 0x89eb, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/cgroups\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
sendfile(r3, r2, &(0x7f00000000c0)=0x8b, 0x100000500)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x85}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000240)={0xffffffffffffffff, &(0x7f00000000c0), 0x0}, 0x20)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, {0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x20, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

6.568807143s ago: executing program 7 (id=2101):
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
truncate(&(0x7f00000000c0)='./cgroup/cgroup.procs\x00', 0x0)
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
unshare(0x22020600)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x4, 0x0, 0x5374}, 0x1d, [0x8000, 0x78, 0xf, 0x9, 0x80, 0x2, 0x203, 0x7e, 0x6, 0x4b, 0x39cc1919, 0x40, 0x9, 0x5, 0xffff2d37, 0xffffffff, 0x6, 0x3, 0x0, 0x5, 0x4, 0x3, 0x5, 0x3c5b, 0x1, 0x0, 0x9, 0x3, 0x15bb, 0x2, 0xe65f, 0x3, 0x7, 0x3, 0x7fff, 0x7, 0x80000000, 0xa72, 0x3, 0x7, 0x0, 0x71, 0xe, 0x5, 0x1, 0x5, 0x9, 0x3a, 0x7, 0x6, 0x6, 0xfffbffff, 0x5, 0x4, 0x8, 0x0, 0x80, 0x2, 0x4, 0x9, 0x8, 0x7, 0x21, 0x40], [0x10000007, 0x3, 0x800, 0x8000, 0x10, 0xffeffff3, 0x8, 0x200c7, 0xf9, 0x10, 0x2bf, 0x6c9, 0xfff, 0xfffffffc, 0x5, 0x0, 0xd14, 0x5, 0x2f, 0xe, 0x4312, 0x7c, 0xea4, 0x0, 0x4, 0x22, 0x8000, 0x40009, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x5, 0x5f31, 0x7f9, 0x5, 0x2, 0x2, 0x9, 0x5, 0x9, 0x8, 0x800000d, 0x88da, 0x2007, 0xd, 0x1, 0xfe000000, 0xffff, 0x2, 0x7b, 0x9, 0x3, 0x3, 0x8, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0xffff], [0x7, 0xf5fd, 0x0, 0x5, 0x1, 0x100, 0x8d2, 0x9, 0x800003, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x5, 0x20000005, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x0, 0x3e7, 0xa, 0x5, 0x200, 0x5, 0x3, 0x8, 0x8, 0x6cfc, 0x5, 0x39, 0x7, 0x200, 0x80, 0x3, 0x4e0a, 0x7, 0x1000, 0xa2, 0x7, 0x5, 0x3, 0x6, 0xac8, 0xffffffff, 0x2, 0x11, 0x7ff, 0xfffffff9, 0x0, 0x10000, 0xffff, 0x2b98, 0x1, 0x4, 0x120000, 0xbe, 0x0, 0xa2ed, 0x2, 0x25], [0x9, 0xbb31, 0x7, 0xb, 0x5, 0x3, 0xa, 0x80000006, 0x0, 0x5, 0x7d, 0xc9, 0x6, 0x6, 0x8, 0x57b, 0x7, 0x10000, 0x6, 0x7ffd, 0xfffd, 0x4, 0x20002, 0x5, 0xe8a0556, 0x2, 0x14c, 0x3, 0x6, 0x6, 0x3, 0x80000000, 0x5, 0x8, 0xce, 0xee1, 0xfffff000, 0x179, 0x3, 0x7e, 0x100, 0x9600, 0x56e, 0x2, 0x1007, 0x40000006, 0x1, 0x0, 0x8, 0x8, 0x30b1d693, 0xa1f, 0xc, 0x800007, 0xfffffffe, 0x3, 0x0, 0x4, 0x8000007, 0x2bf, 0x3, 0x200, 0xffff3441, 0x2]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000480)='\xf5\xfc\xd2\xec]\x95zx8*\xa2d\x11\xb5\xb1\x01\x00\x00\x00\xe49{\x8a{\x81s\xea$\xdfg\xb1\x03DY!\x97\xadM\xd7\xff\x8a\xcd[>\x12e\xc3]d8\xba\x8ec\x00\x00\x00\x00\x00\x00\x00\xa0\xe2\xd5y\xec\x90\x00\x98Y\x91\x19\x16\x89\xd0\x1a\xad\xcd\xd6\xd0\xc6\xb9\xeb\x95\xd3\x9cl\x9cu#\xb4\xee\xe5\x9d\t\fV\xd4\xda\xfc`2?\x15P\xba\x14b\x1c\xcc\xd5\xb9jA$s\xb9g3\x15M\xd9\xb9 \xca[\xc7\xec\xa9;\xee\x01\xc9\xc4\x1f\xc3\xe4\xfa\xd3fU\x0e\x86\xc8\xa7\xaf\xaf\x04p\xa3\x8bb\xbf\\\xdb\x83\x00\x96sy\x14\x1eo\xcc9&\x946\xf9\xf5v\xee\xb5m$;\x01\xb8\xeau\x00\xd1S=\x920H\xc2z\xb5\xbe\x95\xef\xeb\xd1\xc8\xa1\xba\xach\xbef\xa8\x86\xc2\x18\x9cC\x15\x9c^\xcf\xe9\xbcp\xb4Ff\x00\x9d>p\"\x19\xd8}|~\xae\xdb\a59f\xb8?\xba\xf2\x8e\xa5y\\\xf0\fkd??-\x983\xf3\x19\xc7\xc0/\xe9\x1a\x80=\xa72)\xd2\x00'/277, &(0x7f0000000340)='/\x00\x01\x00H\x98', 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
mq_timedsend(0xffffffffffffffff, &(0x7f0000000580)="e7d6eb5857f545d7517c0cb2ec28c980d32b723e1e533ae80a", 0x19, 0xd, &(0x7f0000000300))

6.504072349s ago: executing program 2 (id=2102):
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip_vti0\x00', &(0x7f00000002c0)={'erspan0\x00', 0x0, 0x20, 0x8, 0x8, 0xffffffff, {{0x5, 0x4, 0x2, 0x3, 0x14, 0x64, 0x0, 0x0, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x28}, @empty}}}})
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f00000002c0)="12040500d3fc03fc01004788031c09100628", 0xfd35, 0x4, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)

6.44162246s ago: executing program 5 (id=2104):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, 0x0, 0x8000)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r1}, 0x18)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
read$FUSE(r2, &(0x7f0000000440)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002480)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000085"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r3}, 0x18)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)

5.940144028s ago: executing program 2 (id=2105):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x17, 0xf, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000bb008f64202065b1b357b402840000bf090800000000005509010083e06d7a0367def3f9c2d52f15029283026200009500000000000000bc91100000000000b70200000100000085000000ba000000045b010f5e40abf47ad207ec59efe9cb8fcff52e2c45e82b3fca72811064b7cccf2c7a0bdf94e0e0ae7e98e930c6cc08f3707941796adfdbb3e981ba2223748a2c96271fd7317c1b02c908dafb8365c52f903cde663150d6a814125d1a9087872e99016b02fc158834b8155101049b165cfabb001f059f6915a49fc482eebb64ee30d2db449c79532eda59ff16e5b94645408947d0a7bd2d36bba1519c1ae2f6fe266032accd705301fdcc263ebcf3fcef394029b46d6529225aedbe7ced17b22f6facb24587a4833705c246eadeeee6"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
r2 = socket(0x2000000000000021, 0x2, 0x10000000000002)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={<r3=>0x0, 0x10, &(0x7f0000002300)=[@in={0x2, 0x4e22, @remote}]}, &(0x7f0000000440)=0x10)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r4, &(0x7f0000002340)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000002380)="0e", 0x1, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
pipe(&(0x7f0000000040))
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000a00)={r3, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x9c)

5.000120418s ago: executing program 8 (id=2106):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000240)={0x0, &(0x7f0000000100)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000140)={0x1, 0x101})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCX25SDTEFACILITIES(0xffffffffffffffff, 0x89eb, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/cgroups\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
sendfile(r3, r2, &(0x7f00000000c0)=0x8b, 0x100000500)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x85}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_sock_diag(0x10, 0x3, 0x4)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000240)={0xffffffffffffffff, &(0x7f00000000c0), 0x0}, 0x20)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, {0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x20, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

4.584274222s ago: executing program 6 (id=2107):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00') (async)
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00')
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@fallback=r0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r1)
r3 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, 0x0, @fixed}, &(0x7f0000000100)=0xe, 0x80800)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e000000004000000680000000000000001000000000000000002000000000000080000000000000000000000000000000000000000000000000000000000000006000000070000000100000000000000aac1213bdf56cf14a0171402fa00000000000056d8a61a00000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200"/779])
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r4, 0x404c4701, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd800000000000000032000"})
r5 = open(&(0x7f0000000040)='.\x00', 0x189500, 0x0)
r6 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
close(r6)
inotify_init1(0x800) (async)
inotify_init1(0x800)
fcntl$setstatus(r6, 0x4, 0x2c00) (async)
fcntl$setstatus(r6, 0x4, 0x2c00)
close_range(r5, 0xffffffffffffffff, 0x0) (async)
close_range(r5, 0xffffffffffffffff, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa08001900e000000214001b0017"], 0x58}}, 0x0)

4.268084689s ago: executing program 2 (id=2108):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2}, &(0x7f0000000340), &(0x7f0000000380)}, 0x20)

4.191632567s ago: executing program 5 (id=2109):
r0 = socket(0x40000000015, 0x5, 0x0)
syz_open_dev$media(0x0, 0x3, 0x0)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(r1, 0xfffffffd)
timer_create(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000380)={0x1d, r4, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmmsg$sock(r1, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000200)}], 0x1}}], 0x1, 0x4010)
ioctl$int_in(r1, 0x5452, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x10, 0x2, 0xff, 0x5a, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x22, 0x20}, 0xe)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg$unix(r0, &(0x7f00000034c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000100, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r5)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00'})

3.469633336s ago: executing program 6 (id=2110):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000240)={0x0, &(0x7f0000000100)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000140)={0x1, 0x101})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCX25SDTEFACILITIES(0xffffffffffffffff, 0x89eb, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/cgroups\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
sendfile(r3, r2, &(0x7f00000000c0)=0x8b, 0x100000500)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x85}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_sock_diag(0x10, 0x3, 0x4)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000240)={0xffffffffffffffff, &(0x7f00000000c0), 0x0}, 0x20)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, {0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x20, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.236087245s ago: executing program 2 (id=2111):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x200, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_emit_ethernet(0x6e, &(0x7f0000000c40)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b88ef", 0x38, 0x3a, 0x0, @private1, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "bdd7c3", 0x0, 0x33, 0x0, @loopback, @empty, [@hopopts={0x2c}]}}}}}}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'pim6reg0\x00', 0x2})
ioctl$TUNSETOFFLOAD(r1, 0x400454c9, 0x3)
ioctl$TUNSETLINK(r1, 0x400454cd, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000140), 0xe5e, 0x24000)
mmap$usbfs(&(0x7f000060a000/0x4000)=nil, 0x4000, 0x3000000, 0x8010, r3, 0x100000001)
accept$unix(r2, &(0x7f0000000080), &(0x7f0000000100)=0x6e)
r4 = socket$nl_audit(0x10, 0x3, 0x9)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000040)=0x1, 0x4)

1.893789956s ago: executing program 6 (id=2112):
mmap(&(0x7f000015a000/0x2000)=nil, 0x2000, 0xe, 0x31, 0xffffffffffffffff, 0x7d992000)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0xfffffffffffffa8a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r3 = fanotify_init(0xf00, 0x40000)
r4 = io_uring_setup(0xab1, 0x0)
io_uring_register$IORING_REGISTER_PBUF_STATUS(r4, 0x1a, &(0x7f0000000040), 0x1)
readv(r3, &(0x7f0000000940)=[{&(0x7f0000001080)=""/4096, 0x1000}], 0x1)
fanotify_mark(r3, 0x105, 0x4000997d, r2, 0x0)
mkdirat(r2, &(0x7f0000000000)='./file0\x00', 0x100)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
connect$inet6(r1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="41d8edff000000001009000084000000050100", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r5, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r5, 0x84, 0x5, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e21, @multicast2}}}, 0x84)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000001080)=@mangle={'mangle\x00', 0x64, 0x6, 0x6a0, 0x2d8, 0xd0, 0x0, 0x3f0, 0x2d8, 0x5d0, 0x5d0, 0x5d0, 0x5d0, 0x5d0, 0x6, 0x0, {[{{@uncond, 0x11e, 0xa8, 0xd0, 0x1f000000, {0x0, 0x7}}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x400, 0x5}}}, {{@ipv6={@rand_addr=' \x01\x00', @dev, [0x0, 0x0, 0x0, 0xff], [], 'batadv_slave_0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x1e0, 0x208, 0x7400, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@dev, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @private2, @private1, @dev={0xfe, 0x80, '\x00', 0x39}, @loopback, @mcast2, @local, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, @loopback, @local, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3f0}}, {{@uncond, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x68}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @inet=@TOS={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x700)
socket$rds(0x15, 0x5, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$smackfs_ipv6host(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)

1.822965128s ago: executing program 7 (id=2113):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000240)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, &(0x7f0000000280)=[0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0], <r5=>0x0, 0xf1, &(0x7f0000000380)=[{}], 0x8, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x6e, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000400)='./file0\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./bus\x00', 0x2)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r8 = openat(r7, &(0x7f0000004280)='.\x00', 0x800, 0x0)
getdents64(r8, &(0x7f00000004c0)=""/44, 0x2c)
getdents(r8, &(0x7f0000000000)=""/73, 0x49)
socket$inet6(0xa, 0x1, 0x7)

1.696702409s ago: executing program 5 (id=2114):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x94173000)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, &(0x7f0000000480)})
syz_clone(0x81a800, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.429954736s ago: executing program 8 (id=2115):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$rxrpc(0x21, 0x2, 0xa)
connect$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x200, @dev={0xfe, 0x80, '\x00', 0x26}, 0x1}}, 0x24)
sendmsg$inet(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0xef72, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
recvfrom$rxrpc(r0, 0x0, 0x0, 0xe8ce25b3ffff0000, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f, 0x9}}, 0x20)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000000))
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x4})
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000380)={0x2, 0x0, 0x4})
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='ntfs3\x00', 0x2208004, 0x0)

1.235495746s ago: executing program 6 (id=2116):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r0, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
fcntl$lock(r0, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9})
fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x90})

439.241203ms ago: executing program 8 (id=2117):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000019100)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NG_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xfffffffb}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket(0x10, 0x3, 0x9)
sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000b00)={{0x14, 0x3f8, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x3f3}}, 0x28}}, 0x40)
bind$alg(r1, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x4}, 0x10)
write(r3, &(0x7f0000000240)="240000001a007f0214f9f4070009040803000000000000050000000008000f40fe00000e", 0x24)
r4 = accept$alg(r1, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000100)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="66348451d22f5e2e4385e0bf75c5c3d303", 0x11}], 0x1, 0x0, 0x0, 0x40880}], 0x1, 0x4814)
recvmmsg(r4, &(0x7f0000003c80)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000012c0)=""/4096, 0x1000}], 0x1}, 0xffffff0d}], 0x2, 0x2001, 0x0)
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000007, 0x12, 0xffffffffffffffff, 0x8000000)
r6 = io_uring_setup(0x669, &(0x7f00000002c0))
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0x1f, 0x20000002, r7)
syz_io_uring_submit(r5, 0x0, &(0x7f00000000c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x28, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r7}})

376.133385ms ago: executing program 6 (id=2118):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES64=r0], 0x104}, 0x1, 0x0, 0x0, 0x400c041}, 0x24044011)

224.07811ms ago: executing program 8 (id=2119):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000440)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {<r0=>0xffffffffffffffff}}, './bus\x00'})
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000480)=<r1=>0x0)
mount$nfs(&(0x7f0000000100)='overlay\x00', &(0x7f0000000300)='./file1\x00', &(0x7f0000000400), 0x110c12, &(0x7f00000004c0)={[{}, {'\'.,$'}, {'&#%($['}, {'/#\\%$)\xe7:$@)}[[){]-$--\xc7\\'}, {'cgroup\x00'}], [{@uid_lt={'uid<', r0}}, {@flag='posixacl'}, {@uid_lt={'uid<', r1}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'upperdir'}}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='./bus\x00', 0xa4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000001840)=@filter={'filter\x00', 0x42, 0x4, 0x1350, 0xffffffff, 0x98, 0x11e0, 0x0, 0xffffffff, 0xffffffff, 0x12b8, 0x12b8, 0x12b8, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'netpci0\x00', 'nr0\x00'}, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x28}}, {{@ip={@multicast2, @multicast2, 0x0, 0x0, 'ip6gretap0\x00', 'team_slave_1\x00'}, 0x287, 0x10e8, 0x1148, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup.cpu/syz0\x00'}}, @common=@unspec=@limit={{0x48}, {0x0, 0x7}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x3}}}}, {{@ip={@loopback, @broadcast, 0x0, 0x0, 'dvmrp1\x00', 'dummy0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @common=@unspec=@CONNSECMARK={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x13b0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0xe0, 0x1000, &(0x7f0000000180)="58d1eedac890ac1bf81869a4d4ad12db00db8b066843dec8fa30aa5fbed91a2d875dc1c8bfd28f58fcceeb6ceadee68a2bb9fb0db89e13c4766ae6792ba1a157b86af9b44335ab1ad54977d3b5074a6999dff5370cec48e73b4ce5d24a61f025216ec4eeba7591babbf142f3fee8dbddf0a643e39d5089c12c73c8dec5018a2bac14f78dfde49deb9e8475d2ab85206661a5c6e7a5200f97b5bf4df029d40ce8be95798ee34387cfe0dc392a1a5315d31fdd2a4d4b4dcf7b987f7dc8578f8c6dfa16b4d93330469703414be9eb87223cc4b0b21305d582edd2156372e62d2893", &(0x7f0000002c00)=""/4096, 0x3, 0x0, 0x77, 0x38, &(0x7f0000000280)="a271cf3bac13b21a65c673debd0d02abb6fc020e63665500d1ca6f8233456f3f7a87176c3e1f81d71d2d34cfc5cb0dee07220aed2813305a6385ed8ac1bef069d4e722a7a7d825bdf019bf27f442e9deb8dfdc87aa2748718323547aa7df82ac4a07fa6d409621635c918896e3927cdfb392ddfdd5cb12", &(0x7f0000000000)="8ed09444ed8ccecb2ad14328cc9a0c3efbc29fd3e4b677a55a24720af58e5890188062c8a9686809986259cc9708c22f93012412bc82be0f", 0x0, 0x0, 0x9c6}, 0x50)
mount$overlay(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0xc0189436, &(0x7f0000000140))

183.310314ms ago: executing program 6 (id=2120):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='5\x00'/12, @ANYBLOB='@'], 0x20)
r2 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async, rerun: 32)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a0000000000fa82a3fa211411fa0008000a40000000000900020073797a31000000000900010073797a30000000000800054000000000080008400000000014000000110001"], 0x6c}}, 0x0) (async, rerun: 32)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) (async)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(r3, 0xab00, r5)
setsockopt$inet_icmp_ICMP_FILTER(r5, 0x1, 0x1, &(0x7f0000000240)={0x1}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0xb76}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0) (async)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000000)=0x7)
clock_settime(0x0, &(0x7f0000003c80)={0x77359400}) (async)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x2, 0x3, @mcast2, 0x9}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000080)=0xfe00, 0x4) (async, rerun: 64)
syz_usb_connect(0x4, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100009e173610ef171e7206de01020301290212000100000000090400000002060000"], 0x0) (rerun: 64)

76.244405ms ago: executing program 7 (id=2121):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000080)={{0x0, 0x4}, 'syz1\x00', 0x4b})
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_UNLINKAT={0x24, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x200})
syz_open_dev$admmidi(&(0x7f0000000000), 0x2, 0x1a9882)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r1, 0xffffffffffffffff, 0x200000000000000)

0s ago: executing program 8 (id=2122):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xc0080, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
setitimer(0x2, 0x0, &(0x7f0000000440))
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0, 0x300}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c000400"/44, @ANYRES32=0x0], 0x30}], 0x1, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x10080, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, <r4=>0x0], &(0x7f0000000200), 0x4, r3})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[r5], &(0x7f00000000c0)=[0x10000, 0xb03d, 0x0, 0x8, 0x0], &(0x7f0000000580)=[r4], &(0x7f0000000040)})

kernel console output (not intermixed with test programs):

 552.178696][T10975] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  552.206298][   T43] usb 6-1: device descriptor read/all, error -71
[  552.227644][T10975] binder_alloc: 10969: binder_alloc_buf size 12312 failed, no address space
[  552.239611][T10975] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 12280 (num: 1 largest: 12280)
[  552.469228][T10984] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1339'.
[  552.587100][T10990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1338'.
[  552.876040][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  552.876062][   T30] audit: type=1804 audit(1751297262.438:258): pid=11001 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.1345" name="/newroot/293/file0" dev="tmpfs" ino=1589 res=1 errno=0
[  553.159607][T11005] xt_bpf: check failed: parse error
[  553.892486][    T9] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  554.097836][    T9] usb 4-1: Using ep0 maxpacket: 32
[  554.290134][    T9] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  554.445937][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  554.458968][    T9] usb 4-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[  554.468413][    T9] usb 4-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  554.634970][    T9] usb 4-1: Product: syz
[  555.309630][    T9] usb 4-1: config 0 descriptor??
[  555.989735][    C1] vcan0: j1939_tp_rxtimer: 0xffff888033296800: rx timeout, send abort
[  555.999712][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888033296800: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  556.001466][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888033780400: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  556.279173][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  556.290816][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  556.359311][    T9] usb 4-1: USB disconnect, device number 44
[  557.290016][    C1] vcan0: j1939_tp_rxtimer: 0xffff888058cb7800: rx timeout, send abort
[  557.298441][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888058cb7800: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  557.312957][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888058cb6400: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[  558.302087][T11048] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  560.235272][T11072] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  560.243757][T11072] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  560.254554][T11072] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  560.262824][T11072] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock
[  560.415724][T11072] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1366'.
[  560.853891][T11086] futex_wake_op: syz.0.1371 tries to shift op by -1; fix this program
[  560.886112][T11087] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  560.902506][T11087] random: crng reseeded on system resumption
[  561.595728][T10872] Bluetooth: hci4: command 0x0405 tx timeout
[  561.619124][T11084] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1373'.
[  561.668615][T11088] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1371'.
[  562.498501][T11088] hsr_slave_1 (unregistering): left promiscuous mode
[  562.537621][T11090] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1374'.
[  562.592322][T11097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1375'.
[  562.946860][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  565.430815][ T5889] usb 4-1: new full-speed USB device number 45 using dummy_hcd
[  566.748663][ T5830] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  566.943204][ T5830] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  566.956592][ T5830] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 97, changing to 10
[  566.968491][ T5830] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 25449, setting to 1024
[  566.984980][ T5830] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  566.988249][   T10] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  567.008810][ T5830] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  567.049592][ T5830] usb 5-1: Product: syz
[  567.053839][ T5830] usb 5-1: Manufacturer: syz
[  567.069463][ T5830] usb 5-1: SerialNumber: syz
[  567.160169][T11160] ntfs3(nullb0): Primary boot signature is not NTFS.
[  567.167075][T11160] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  567.175921][   T10] usb 6-1: Using ep0 maxpacket: 32
[  567.187245][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  567.197072][   T10] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  567.209998][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  567.222262][   T10] usb 6-1: Product: syz
[  567.226579][   T10] usb 6-1: Manufacturer: syz
[  567.232371][   T10] usb 6-1: SerialNumber: syz
[  567.244357][   T10] usb 6-1: config 0 descriptor??
[  567.315882][T11163] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1396'.
[  567.361780][T11163] 8021q: adding VLAN 0 to HW filter on device bond2
[  567.395564][T11163] 8021q: adding VLAN 0 to HW filter on device bond2
[  567.403105][T11163] bond2: (slave vti0): The slave device specified does not support setting the MAC address
[  567.414728][T11163] bond2: (slave vti0): Error -95 calling set_mac_address
[  567.427645][T11165] netlink: 'syz.2.1396': attribute type 11 has an invalid length.
[  567.784069][   T10] gs_usb 6-1:0.0: Configuring for 1 interfaces
[  568.119757][T11173] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1398'.
[  568.409116][ T5889] usb 4-1: new full-speed USB device number 46 using dummy_hcd
[  568.608374][ T5917] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  568.617597][ T9515] usb 6-1: USB disconnect, device number 25
[  568.764697][ T5889] usb 4-1: unable to get BOS descriptor or descriptor too short
[  568.788978][ T5889] usb 4-1: not running at top speed; connect to a high speed hub
[  568.809375][ T5889] usb 4-1: config 1 has an invalid interface number: 138 but max is 0
[  568.821776][ T5889] usb 4-1: config 1 has no interface number 0
[  568.829451][ T5889] usb 4-1: config 1 interface 138 has no altsetting 0
[  568.848717][ T5889] usb 4-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[  568.859712][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.868075][ T5889] usb 4-1: Product: syz
[  568.872324][ T5889] usb 4-1: Manufacturer: syz
[  568.877002][ T5889] usb 4-1: SerialNumber: syz
[  568.912101][ T5830] cdc_ncm 5-1:1.0: bind() failure
[  568.929665][ T5917] usb 3-1: Using ep0 maxpacket: 16
[  568.932608][ T5830] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71
[  568.945439][ T5830] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71
[  568.946037][ T5917] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[  568.956749][ T5830] usbtest 5-1:1.1: probe with driver usbtest failed with error -71
[  568.973921][ T5917] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  568.981147][ T5830] usb 5-1: USB disconnect, device number 35
[  568.987613][ T5917] usb 3-1: config 0 has no interface number 0
[  569.005009][ T5917] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  569.015360][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.031800][ T5917] usb 3-1: Product: syz
[  569.036051][ T5917] usb 3-1: Manufacturer: syz
[  569.043199][ T5917] usb 3-1: SerialNumber: syz
[  569.051971][ T5917] usb 3-1: config 0 descriptor??
[  569.066866][ T5917] usb 3-1: Found UVC 0.00 device syz (046d:08f3)
[  569.074788][ T5917] usb 3-1: No valid video chain found.
[  569.101716][T11176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1398'.
[  569.103157][T11173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  569.120061][T11173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  569.142340][ T5889] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  569.170981][ T5889] usb 4-1: USB disconnect, device number 46
[  569.235925][ T5829] udevd[5829]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.138/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  569.368786][ T5917] usb 3-1: USB disconnect, device number 43
[  569.702949][   T30] audit: type=1326 audit(1751297279.269:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11177 comm="syz.5.1399" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f246af8e929 code=0x0
[  570.658754][T11194] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1403'.
[  573.407823][T11232] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  573.744367][T11218] XFS (nullb0): Invalid superblock magic number
[  574.017778][ T5917] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  574.072323][T11241] FAULT_INJECTION: forcing a failure.
[  574.072323][T11241] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  574.101624][T11241] CPU: 0 UID: 0 PID: 11241 Comm: syz.4.1415 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  574.101653][T11241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  574.101666][T11241] Call Trace:
[  574.101676][T11241]  <TASK>
[  574.101688][T11241]  dump_stack_lvl+0x189/0x250
[  574.101725][T11241]  ? __pfx____ratelimit+0x10/0x10
[  574.101753][T11241]  ? __pfx_dump_stack_lvl+0x10/0x10
[  574.101783][T11241]  ? __pfx__printk+0x10/0x10
[  574.101817][T11241]  should_fail_ex+0x414/0x560
[  574.101846][T11241]  _copy_to_user+0x31/0xb0
[  574.101879][T11241]  simple_read_from_buffer+0xe1/0x170
[  574.101909][T11241]  proc_fail_nth_read+0x1df/0x250
[  574.101942][T11241]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  574.101973][T11241]  ? rw_verify_area+0x258/0x650
[  574.101996][T11241]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  574.102024][T11241]  vfs_read+0x1fd/0x980
[  574.102054][T11241]  ? __pfx_vfs_read+0x10/0x10
[  574.102080][T11241]  ? generic_fadvise+0x136/0x710
[  574.102101][T11241]  ? do_sys_openat2+0x154/0x1c0
[  574.102138][T11241]  ? kmem_cache_free+0x18f/0x400
[  574.102168][T11241]  ? __pfx_generic_fadvise+0x10/0x10
[  574.102200][T11241]  ksys_read+0x145/0x250
[  574.102226][T11241]  ? __pfx_ksys_read+0x10/0x10
[  574.102257][T11241]  ? do_syscall_64+0xbe/0x3b0
[  574.102291][T11241]  do_syscall_64+0xfa/0x3b0
[  574.102323][T11241]  ? lockdep_hardirqs_on+0x9c/0x150
[  574.102350][T11241]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.102370][T11241]  ? clear_bhb_loop+0x60/0xb0
[  574.102395][T11241]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.102415][T11241] RIP: 0033:0x7f7b2798d33c
[  574.102434][T11241] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  574.102453][T11241] RSP: 002b:00007f7b257f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  574.102475][T11241] RAX: ffffffffffffffda RBX: 00007f7b27bb5fa0 RCX: 00007f7b2798d33c
[  574.102490][T11241] RDX: 000000000000000f RSI: 00007f7b257f60a0 RDI: 0000000000000004
[  574.102503][T11241] RBP: 00007f7b257f6090 R08: 0000000000000000 R09: 0000000000000000
[  574.102516][T11241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  574.102528][T11241] R13: 0000000000000000 R14: 00007f7b27bb5fa0 R15: 00007ffd858f1488
[  574.102562][T11241]  </TASK>
[  574.461131][ T5917] usb 4-1: Using ep0 maxpacket: 32
[  574.486015][ T5917] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  574.496702][ T5917] usb 4-1: config 0 has no interfaces?
[  574.502310][ T5917] usb 4-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[  574.508827][T11243] 8021q: adding VLAN 0 to HW filter on device bond0
[  574.511419][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  574.529200][ T5917] usb 4-1: config 0 descriptor??
[  574.613524][T11243] bond0: (slave rose0): Enslaving as an active interface with an up link
[  574.840673][ T5917] usb 4-1: string descriptor 0 read error: -71
[  574.982160][   T10] usb 6-1: new full-speed USB device number 26 using dummy_hcd
[  574.991822][ T5917] usb 4-1: USB disconnect, device number 47
[  575.137711][   T10] usb 6-1: device descriptor read/64, error -71
[  575.145553][T11259] ALSA: seq fatal error: cannot create timer (-22)
[  575.905383][   T10] usb 6-1: new full-speed USB device number 27 using dummy_hcd
[  576.213475][T11275] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  576.271811][   T10] usb 6-1: device descriptor read/64, error -71
[  576.475341][   T10] usb usb6-port1: attempt power cycle
[  577.067624][   T10] usb 6-1: new full-speed USB device number 28 using dummy_hcd
[  577.098649][   T10] usb 6-1: device descriptor read/8, error -71
[  577.191875][T11288] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1428'.
[  577.896905][T11288] bond0: entered promiscuous mode
[  577.905678][T11288] bond_slave_0: entered promiscuous mode
[  577.911801][T11288] bond_slave_1: entered promiscuous mode
[  577.917750][T11288] bond0: entered allmulticast mode
[  577.923374][T11288] bond_slave_0: entered allmulticast mode
[  577.929318][T11288] bond_slave_1: entered allmulticast mode
[  577.978952][ T1215] usb 4-1: new full-speed USB device number 48 using dummy_hcd
[  578.009838][ T5830] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  578.187656][ T5830] usb 5-1: Using ep0 maxpacket: 16
[  578.239988][ T5830] usb 5-1: config 53 has an invalid interface number: 5 but max is 0
[  578.271293][ T5830] usb 5-1: config 53 contains an unexpected descriptor of type 0x1, skipping
[  578.301566][ T1215] usb 4-1: config 0 has an invalid interface number: 201 but max is 0
[  578.310738][ T1215] usb 4-1: config 0 has no interface number 0
[  578.316882][ T1215] usb 4-1: config 0 interface 201 has no altsetting 0
[  578.332447][ T5830] usb 5-1: config 53 has an invalid descriptor of length 37, skipping remainder of the config
[  578.337648][ T1215] usb 4-1: New USB device found, idVendor=12d1, idProduct=b9ee, bcdDevice=11.78
[  578.384784][T11295] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  578.395609][ T5830] usb 5-1: config 53 has no interface number 0
[  578.399876][ T1215] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.489264][ T5830] usb 5-1: config 53 interface 5 altsetting 119 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  578.605629][ T5830] usb 5-1: config 53 interface 5 altsetting 119 has a duplicate endpoint with address 0xD, skipping
[  578.632195][ T1215] usb 4-1: config 0 descriptor??
[  578.650867][ T1215] option 4-1:0.201: GSM modem (1-port) converter detected
[  578.697624][ T5830] usb 5-1: config 53 interface 5 altsetting 119 endpoint 0x1 has invalid maxpacket 1015, setting to 64
[  578.744480][ T5830] usb 5-1: config 53 interface 5 altsetting 119 has 6 endpoint descriptors, different from the interface descriptor's value: 13
[  578.837467][ T5830] usb 5-1: config 53 interface 5 has no altsetting 0
[  578.859784][ T5830] usb 5-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=73.e0
[  578.870330][ T9515] usb 4-1: USB disconnect, device number 48
[  578.897554][ T5830] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.908959][ T9515] option 4-1:0.201: device disconnected
[  578.944601][ T5830] usb 5-1: Product: syz
[  578.951408][ T5830] usb 5-1: Manufacturer: syz
[  578.956081][ T5830] usb 5-1: SerialNumber: syz
[  579.072088][T11305] binder: 11303:11305 ioctl c0306201 2000000003c0 returned -14
[  580.044783][T11318] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  580.372507][ T5830] gspca_main: sn9c2028-2.14.0 probing 0c45:8003
[  580.500739][ T5830] gspca_sn9c2028: read1 error -71
[  580.529405][ T5830] gspca_sn9c2028: read1 error -71
[  580.547639][ T5830] gspca_sn9c2028: read1 error -71
[  580.653393][ T5830] sn9c2028 5-1:53.5: probe with driver sn9c2028 failed with error -71
[  580.787602][T11326] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  581.077994][ T5830] usb 5-1: USB disconnect, device number 36
[  581.315345][T11331] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  581.700844][T11332] program syz.3.1440 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  581.907417][ T1215] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  582.077870][ T1215] usb 5-1: Using ep0 maxpacket: 32
[  582.134419][ T1215] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  582.173346][ T1215] usb 5-1: config 0 has no interfaces?
[  582.196157][ T1215] usb 5-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[  582.217886][ T1215] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.251207][ T1215] usb 5-1: config 0 descriptor??
[  582.528276][ T1215] usb 5-1: string descriptor 0 read error: -71
[  582.555233][ T1215] usb 5-1: USB disconnect, device number 37
[  582.617484][ T5830] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  582.663384][T11359] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  583.007542][ T5830] usb 4-1: Using ep0 maxpacket: 32
[  583.015021][ T5830] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  583.046748][ T5830] usb 4-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  583.070605][ T5830] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.086585][ T5830] usb 4-1: Product: syz
[  583.094435][ T5830] usb 4-1: Manufacturer: syz
[  583.207257][ T5830] usb 4-1: SerialNumber: syz
[  583.216234][ T5830] usb 4-1: config 0 descriptor??
[  583.220481][T11347] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  583.224381][ T5830] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  583.867730][ T1215] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  583.917730][ T5917] usb 4-1: USB disconnect, device number 49
[  584.067199][ T1215] usb 6-1: Using ep0 maxpacket: 16
[  584.088630][ T1215] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  584.114091][ T1215] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 34, changing to 9
[  584.385394][ T1215] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  584.416328][T11375] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  584.708470][ T1215] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  584.735571][ T1215] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  584.773224][ T1215] usb 6-1: Manufacturer: syz
[  584.792491][ T1215] usb 6-1: config 0 descriptor??
[  585.097291][T11384] xt_bpf: check failed: parse error
[  585.743409][ T5830] usb 6-1: USB disconnect, device number 30
[  586.505137][   T30] audit: type=1326 audit(1751297296.070:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11360 comm="syz.2.1448" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faa2b58e929 code=0x0
[  586.620817][T11403] ipvlan2: entered allmulticast mode
[  586.628143][T11403] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  586.657378][ T9515] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  586.751399][T11408] syz.5.1458: attempt to access beyond end of device
[  586.751399][T11408] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0
[  586.765540][T11408] syz.5.1458: attempt to access beyond end of device
[  586.765540][T11408] nbd5: rw=0, sector=120, nr_sectors = 8 limit=0
[  586.795209][T11408] Mount JFS Failure: -5
[  586.827033][ T9515] usb 4-1: Using ep0 maxpacket: 32
[  586.931542][ T9515] usb 4-1: unable to get BOS descriptor or descriptor too short
[  586.983901][ T9515] usb 4-1: config 128 has an invalid interface number: 127 but max is 3
[  587.011782][ T9515] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  587.035981][ T9515] usb 4-1: config 128 has 1 interface, different from the descriptor's value: 4
[  587.087473][ T9515] usb 4-1: config 128 has no interface number 0
[  587.122792][ T9515] usb 4-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  587.173409][ T9515] usb 4-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[  587.219840][ T9515] usb 4-1: config 128 interface 127 has no altsetting 0
[  587.245302][ T9515] usb 4-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  587.275230][ T9515] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.306681][ T9515] usb 4-1: Product: syz
[  587.326253][ T9515] usb 4-1: Manufacturer: syz
[  587.379445][ T9515] usb 4-1: SerialNumber: syz
[  587.646101][T11423] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  588.024896][T11427] random: crng reseeded on system resumption
[  588.107039][ T5917] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  588.400247][T11434] overlayfs: overlapping lowerdir path
[  588.965347][T11436] xt_addrtype: ipv6 BLACKHOLE matching not supported
[  588.996947][ T5917] usb 5-1: Using ep0 maxpacket: 32
[  589.127426][ T5917] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  589.172506][ T5917] usb 5-1: config 0 has no interfaces?
[  589.204846][ T5917] usb 5-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[  589.261123][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.529879][ T9515] usb 4-1: USB disconnect, device number 50
[  589.567400][ T5917] usb 5-1: config 0 descriptor??
[  589.775781][T11444] cgroup2: Unknown parameter 'trans'
[  589.885151][ T5917] usb 5-1: string descriptor 0 read error: -71
[  589.924627][ T5917] usb 5-1: USB disconnect, device number 38
[  589.942822][ T5820] udevd[5820]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  590.081885][T11441] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1466'.
[  590.299018][T11457] loop8: detected capacity change from 8 to 6
[  590.325615][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  590.334936][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  590.352049][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  590.361349][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  590.370434][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  590.379721][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  590.388538][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  590.397791][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  590.406996][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  590.416223][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  590.424172][T11457] ldm_validate_partition_table(): Disk read failed.
[  590.440549][    C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  590.449772][    C1] Buffer I/O error on dev loop8, logical block 0, async page read
[  590.462539][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  590.471788][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  590.486781][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  590.496013][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  590.505147][    C1] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  590.514370][    C1] Buffer I/O error on dev loop8, logical block 0, async page read
[  590.522309][T11457] Dev loop8: unable to read RDB block 0
[  590.534199][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  590.543547][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  590.560558][T11457]  loop8: unable to read partition table
[  590.562688][   T30] audit: type=1326 audit(1751297300.100:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11461 comm="syz.2.1473" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faa2b58e929 code=0x0
[  590.566790][T11457] loop8: partition table beyond EOD, truncated
[  590.626858][T11457] loop_reread_partitions: partition scan of loop8 (©›í^êÃÓ{Z~ÙâP’Ž[�‹]ÞM,+„-Ô`Ê1(6ÞÏ$ÐÑ~
[  590.626858][T11457] ö¤øæÛ…«òýå6þÍÁ) failed (rc=-5)
[  592.320168][T11496] netlink: 830 bytes leftover after parsing attributes in process `syz.0.1482'.
[  592.672023][T11494] ntfs3(nullb0): Primary boot signature is not NTFS.
[  592.681372][T11494] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  593.058217][T11497] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  593.478884][T11499] netlink: 830 bytes leftover after parsing attributes in process `syz.4.1483'.
[  594.393061][T11502] netlink: 'syz.5.1486': attribute type 1 has an invalid length.
[  594.696735][   T10] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  594.896673][   T10] usb 4-1: Using ep0 maxpacket: 32
[  594.909526][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  594.926680][    T9] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  594.928044][   T30] audit: type=1326 audit(1751297304.491:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11512 comm="syz.5.1489" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f246af8e929 code=0x0
[  594.936969][   T10] usb 4-1: config 0 has no interfaces?
[  594.996721][   T10] usb 4-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[  595.005873][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.018258][   T10] usb 4-1: config 0 descriptor??
[  595.126669][    T9] usb 5-1: Using ep0 maxpacket: 32
[  595.134273][    T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  595.150273][    T9] usb 5-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  595.159546][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.168201][    T9] usb 5-1: Product: syz
[  595.172532][    T9] usb 5-1: Manufacturer: syz
[  595.180505][    T9] usb 5-1: SerialNumber: syz
[  595.191043][    T9] usb 5-1: config 0 descriptor??
[  595.206931][T11508] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  595.227129][    T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  595.263051][   T10] usb 4-1: string descriptor 0 read error: -71
[  595.284426][   T10] usb 4-1: USB disconnect, device number 51
[  595.382256][T11515] dummy0: entered promiscuous mode
[  595.388481][T11515] macsec1: entered promiscuous mode
[  595.394045][T11515] macsec1: entered allmulticast mode
[  595.432498][T11515] dummy0: entered allmulticast mode
[  595.459595][ T5889] usb 5-1: USB disconnect, device number 39
[  595.703835][T11523] FAULT_INJECTION: forcing a failure.
[  595.703835][T11523] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  595.718899][T11523] CPU: 0 UID: 0 PID: 11523 Comm: syz.2.1493 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  595.718930][T11523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  595.718943][T11523] Call Trace:
[  595.718952][T11523]  <TASK>
[  595.718970][T11523]  dump_stack_lvl+0x189/0x250
[  595.719006][T11523]  ? __pfx____ratelimit+0x10/0x10
[  595.719033][T11523]  ? __pfx_dump_stack_lvl+0x10/0x10
[  595.719063][T11523]  ? __pfx__printk+0x10/0x10
[  595.719084][T11523]  ? __might_fault+0xb0/0x130
[  595.719121][T11523]  should_fail_ex+0x414/0x560
[  595.719150][T11523]  _copy_from_user+0x2d/0xb0
[  595.719182][T11523]  ___sys_sendmsg+0x158/0x2a0
[  595.719209][T11523]  ? __pfx____sys_sendmsg+0x10/0x10
[  595.719271][T11523]  ? __fget_files+0x2a/0x420
[  595.719296][T11523]  ? __fget_files+0x3a0/0x420
[  595.719331][T11523]  __x64_sys_sendmsg+0x19b/0x260
[  595.719357][T11523]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  595.719389][T11523]  ? __pfx_ksys_write+0x10/0x10
[  595.719416][T11523]  ? do_syscall_64+0xbe/0x3b0
[  595.719448][T11523]  do_syscall_64+0xfa/0x3b0
[  595.719475][T11523]  ? lockdep_hardirqs_on+0x9c/0x150
[  595.719502][T11523]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.719520][T11523]  ? clear_bhb_loop+0x60/0xb0
[  595.719544][T11523]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.719562][T11523] RIP: 0033:0x7faa2b58e929
[  595.719581][T11523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  595.719598][T11523] RSP: 002b:00007faa2c329038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  595.719620][T11523] RAX: ffffffffffffffda RBX: 00007faa2b7b5fa0 RCX: 00007faa2b58e929
[  595.719635][T11523] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006
[  595.719646][T11523] RBP: 00007faa2c329090 R08: 0000000000000000 R09: 0000000000000000
[  595.719658][T11523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  595.719669][T11523] R13: 0000000000000000 R14: 00007faa2b7b5fa0 R15: 00007ffc1d2e64b8
[  595.719698][T11523]  </TASK>
[  596.275005][T11528] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for 0x00
[  598.241431][T11535] netlink: 830 bytes leftover after parsing attributes in process `syz.4.1494'.
[  599.053558][T11541] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1498'.
[  599.055330][    C0] blk_print_req_error: 8 callbacks suppressed
[  599.055350][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  599.055380][    C0] buffer_io_error: 8 callbacks suppressed
[  599.055393][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  599.055505][    C0] I/O error, dev loop8, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  599.055532][    C0] Buffer I/O error on dev loop8, logical block 1, async page read
[  599.055627][    C0] I/O error, dev loop8, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  599.055654][    C0] Buffer I/O error on dev loop8, logical block 2, async page read
[  599.063750][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  599.063788][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  599.063960][    C0] I/O error, dev loop8, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  599.063987][    C0] Buffer I/O error on dev loop8, logical block 1, async page read
[  599.064044][    C0] I/O error, dev loop8, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  599.064070][    C0] Buffer I/O error on dev loop8, logical block 2, async page read
[  599.064752][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  599.064782][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  599.064894][    C0] I/O error, dev loop8, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  599.064919][    C0] Buffer I/O error on dev loop8, logical block 1, async page read
[  599.065017][    C0] I/O error, dev loop8, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  599.065043][    C0] Buffer I/O error on dev loop8, logical block 2, async page read
[  599.065610][    C0] I/O error, dev loop8, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  599.065640][    C0] Buffer I/O error on dev loop8, logical block 0, async page read
[  599.066385][ T5191] ldm_validate_partition_table(): Disk read failed.
[  599.078603][ T5191] Dev loop8: unable to read RDB block 0
[  599.400802][ T5191]  loop8: unable to read partition table
[  599.424737][ T5191] loop8: partition table beyond EOD, truncated
[  599.915410][T11538] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1495'.
[  599.924800][T11538] bond_slave_0: entered promiscuous mode
[  599.930536][T11538] bond_slave_1: entered promiscuous mode
[  599.937549][T11538] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode
[  600.866301][ T9515] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  600.926640][T11567] netlink: 'syz.5.1505': attribute type 4 has an invalid length.
[  601.296610][   T10] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  601.440424][ T9515] usb 3-1: Using ep0 maxpacket: 32
[  601.502703][   T10] usb 6-1: Using ep0 maxpacket: 32
[  601.561853][   T10] usb 6-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  601.635100][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.865130][ T9515] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  601.877578][ T9515] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  601.886357][   T10] usb 6-1: config 0 descriptor??
[  601.886926][ T9515] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.905263][   T10] gspca_main: sunplus-2.14.0 probing 041e:400b
[  601.948159][ T9515] usb 3-1: Product: syz
[  601.966468][ T9515] usb 3-1: Manufacturer: syz
[  601.971151][ T9515] usb 3-1: SerialNumber: syz
[  601.991225][ T9515] usb 3-1: config 0 descriptor??
[  602.005000][T11558] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  602.026857][ T9515] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  603.343606][   T10] gspca_sunplus: reg_w_riv err -71
[  603.366224][   T10] sunplus 6-1:0.0: probe with driver sunplus failed with error -71
[  603.420019][   T10] usb 6-1: USB disconnect, device number 31
[  603.479302][T11589] random: crng reseeded on system resumption
[  604.174436][T11590] syz.0.1511 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  604.729346][    T9] usb 3-1: USB disconnect, device number 44
[  605.136176][   T24] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  605.307417][    T9] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  605.567918][   T24] usb 5-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.7f
[  605.577537][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.590255][   T24] usb 5-1: config 0 descriptor??
[  605.696141][    T9] usb 3-1: Using ep0 maxpacket: 8
[  605.703313][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 17
[  605.718478][    T9] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=c8.07
[  605.728925][    T9] usb 3-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60
[  605.740795][    T9] usb 3-1: Product: syz
[  605.745631][    T9] usb 3-1: Manufacturer: syz
[  605.750462][    T9] usb 3-1: SerialNumber: syz
[  605.996892][    T9] usb 3-1: config 0 descriptor??
[  606.281117][T11614] usb usb8: usbfs: process 11614 (syz.4.1514) did not claim interface 0 before use
[  606.367833][   T24] usb 5-1: string descriptor 0 read error: -71
[  606.443632][   T24] ldusb 5-1:0.0: Interrupt in endpoint not found
[  606.512995][    T9] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  606.519141][   T24] usb 5-1: USB disconnect, device number 40
[  607.579573][T11595] SET target dimension over the limit!
[  608.097357][T11628] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  608.215861][    T9] gspca_sunplus: reg_w_riv err -110
[  608.225984][    T9] sunplus 3-1:0.0: probe with driver sunplus failed with error -110
[  609.177187][ T5889] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  609.386362][ T5889] usb 6-1: Using ep0 maxpacket: 32
[  609.409797][ T5889] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  609.462483][ T5889] usb 6-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  609.512772][ T5889] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.529556][ T5889] usb 6-1: Product: syz
[  609.533817][ T5889] usb 6-1: Manufacturer: syz
[  609.558555][ T5889] usb 6-1: SerialNumber: syz
[  609.579449][ T5889] usb 6-1: config 0 descriptor??
[  609.589236][T11633] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  609.618694][ T5889] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  609.994594][ T5889] usb 6-1: USB disconnect, device number 32
[  611.253329][T11660] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  611.346167][T11660] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  611.427503][   T10] usb 3-1: USB disconnect, device number 45
[  611.626716][    T9] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  611.689584][T11667] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1538'.
[  611.920822][T11659] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  612.065595][    T9] usb 4-1: Using ep0 maxpacket: 8
[  612.072835][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  612.086594][    T9] usb 4-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice=d2.54
[  612.104590][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.133756][    T9] usb 4-1: Product: syz
[  612.147934][    T9] usb 4-1: Manufacturer: syz
[  612.217532][    T9] usb 4-1: SerialNumber: syz
[  612.249232][    T9] usb 4-1: config 0 descriptor??
[  612.273788][    T9] usb 4-1: invalid MIDI EP
[  612.293404][    T9] usb 4-1: snd-bcd2000: error during probing
[  612.311942][    T9] snd-bcd2000 4-1:0.0: probe with driver snd-bcd2000 failed with error -22
[  612.334196][T11674] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1539'.
[  612.469373][T11663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  612.495126][T11663] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  612.513884][    T9] usb 4-1: USB disconnect, device number 52
[  614.246897][T11682] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  615.695548][ T5889] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  615.729653][T11700] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  615.772249][T11705] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1550'.
[  615.866534][ T5889] usb 6-1: Using ep0 maxpacket: 32
[  615.885650][ T5889] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  615.933349][ T5889] usb 6-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  615.972526][ T5889] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.955814][ T5889] usb 6-1: Product: syz
[  616.960075][ T5889] usb 6-1: Manufacturer: syz
[  616.964705][ T5889] usb 6-1: SerialNumber: syz
[  616.997003][ T5889] usb 6-1: config 0 descriptor??
[  617.111744][T11696] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  617.149220][ T5889] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  617.207952][   T10] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  617.308572][T11721] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1555'.
[  617.375311][   T10] usb 4-1: device descriptor read/64, error -71
[  617.460780][T11729] netlink: 'syz.2.1556': attribute type 1 has an invalid length.
[  617.469139][T11729] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1556'.
[  617.523442][    T9] usb 6-1: USB disconnect, device number 33
[  617.542605][T11726] netlink: 'syz.4.1555': attribute type 12 has an invalid length.
[  617.575710][T11726] netlink: 'syz.4.1555': attribute type 29 has an invalid length.
[  617.618413][   T10] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  617.632861][T11726] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1555'.
[  617.685857][T11726] netlink: 59 bytes leftover after parsing attributes in process `syz.4.1555'.
[  617.788159][   T10] usb 4-1: device descriptor read/64, error -71
[  617.795113][T11737] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.1557'.
[  617.806201][ T5889] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  617.826800][T11734] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.1557'.
[  617.928187][   T10] usb usb4-port1: attempt power cycle
[  617.955368][ T5889] usb 3-1: device descriptor read/64, error -71
[  618.215429][ T5889] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  618.264930][T11746] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  618.298409][   T10] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  618.347397][   T10] usb 4-1: device descriptor read/8, error -71
[  618.435390][ T5889] usb 3-1: device descriptor read/64, error -71
[  618.578152][ T5889] usb usb3-port1: attempt power cycle
[  618.605713][   T10] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  618.627699][   T10] usb 4-1: device descriptor read/8, error -71
[  618.869578][T11760] random: crng reseeded on system resumption
[  619.268330][   T10] usb usb4-port1: unable to enumerate USB device
[  619.615600][ T5889] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  619.638077][ T5889] usb 3-1: device descriptor read/8, error -71
[  619.690039][T11771] hsr0: entered promiscuous mode
[  619.699031][T11771] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1569'.
[  619.727201][T11771] hsr_slave_0: left promiscuous mode
[  619.765229][T11771] hsr_slave_1: left promiscuous mode
[  619.886167][ T5889] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  619.986103][ T5889] usb 3-1: device descriptor read/8, error -71
[  620.111063][ T5889] usb usb3-port1: unable to enumerate USB device
[  620.134379][T11771] hsr0 (unregistering): left promiscuous mode
[  620.865831][T11794] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  622.915019][ T5889] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  623.406553][T11802] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  624.049357][T11815] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1582'.
[  624.074189][ T5889] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  624.075952][T11815] netlink: 'syz.2.1582': attribute type 30 has an invalid length.
[  624.085227][ T5889] usb 5-1: config 2 interface 0 altsetting 178 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  624.106647][T11816] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1581'.
[  624.132549][T11815] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  624.142209][T11815] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  624.151166][T11815] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  624.159948][T11815] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  624.170728][ T5889] usb 5-1: config 2 interface 0 has no altsetting 0
[  624.196498][ T5889] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[  624.205928][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  624.213935][ T5889] usb 5-1: Product: syz
[  624.239224][ T5889] usb 5-1: Manufacturer: syz
[  624.252099][ T5889] usb 5-1: SerialNumber: syz
[  624.357600][T11815] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1582'.
[  624.460738][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  624.514478][ T5889] usb 5-1: can't set config #2, error -71
[  624.515009][T11815] netlink: 'syz.2.1582': attribute type 30 has an invalid length.
[  624.534645][ T5889] usb 5-1: USB disconnect, device number 41
[  624.765750][T11826] xt_bpf: check failed: parse error
[  624.902074][T11828] xt_bpf: check failed: parse error
[  626.549381][T11842] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1587'.
[  626.559311][T11842] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1587'.
[  626.574996][T11842] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1587'.
[  626.585493][    T9] usb 5-1: new full-speed USB device number 42 using dummy_hcd
[  626.896663][    T9] usb 5-1: config 1 has an invalid interface number: 128 but max is 1
[  626.905168][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  626.958900][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  626.968379][    T9] usb 5-1: config 1 has no interface number 0
[  626.975038][    T9] usb 5-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  626.994083][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  627.003630][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.014536][    T9] usb 5-1: Product: syz
[  627.019158][    T9] usb 5-1: Manufacturer: syz
[  627.023940][    T9] usb 5-1: SerialNumber: syz
[  627.043443][    T9] cdc_wdm 5-1:1.128: skipping garbage
[  627.051869][    T9] cdc_wdm 5-1:1.128: probe with driver cdc_wdm failed with error -22
[  627.279612][T11840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  627.927837][T11840] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  628.368290][T11864] overlayfs: overlapping lowerdir path
[  629.260532][T11863] netlink: 76 bytes leftover after parsing attributes in process `syz.5.1594'.
[  630.047897][T11879] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1598'.
[  631.176272][    T9] usb 5-1: USB disconnect, device number 42
[  631.526819][ T5918] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  631.644855][    T9] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  631.828403][T11912] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1610'.
[  631.845431][ T5918] usb 3-1: Using ep0 maxpacket: 16
[  631.858571][ T5918] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  632.657381][ T5918] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  632.677026][    T9] usb 5-1: device descriptor read/64, error -71
[  632.696647][ T5918] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  632.726852][ T5918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.760073][ T5918] usb 3-1: Product: syz
[  632.775743][ T5918] usb 3-1: Manufacturer: syz
[  632.789420][ T5918] usb 3-1: SerialNumber: syz
[  632.809488][T11922] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1611'.
[  632.845668][T11922] team0: No ports can be present during mode change
[  632.966582][    T9] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  632.992110][T11926] netlink: 'syz.5.1613': attribute type 6 has an invalid length.
[  633.107570][T11929] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1612'.
[  633.781813][ T5918] usb 3-1: skipping empty audio interface (v1)
[  633.844470][    T9] usb 5-1: device descriptor read/64, error -71
[  633.966065][   T30] audit: type=1326 audit(1751297343.493:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11924 comm="syz.5.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f246af8e929 code=0x7ffc0000
[  634.002766][ T5918] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  634.019163][   T30] audit: type=1326 audit(1751297343.493:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11924 comm="syz.5.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f246af8e929 code=0x7ffc0000
[  634.067305][ T5918] usb 3-1: USB disconnect, device number 50
[  634.071360][T11934] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1614'.
[  634.095952][    T9] usb usb5-port1: attempt power cycle
[  634.143615][ T5820] udevd[5820]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  635.240462][T11946] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1618'.
[  635.289576][T11946] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  636.444066][T11963] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1623'.
[  636.912479][T11972] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1625'.
[  638.766721][T11982] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  639.436141][T11992] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1635'.
[  639.707499][T11997] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  639.722394][T11997] random: crng reseeded on system resumption
[  639.839488][T11999] xt_bpf: check failed: parse error
[  641.565019][T12018] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1640'.
[  644.963059][T12029] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  646.228248][T12044] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1648'.
[  646.834595][T12057] xt_bpf: check failed: parse error
[  649.253560][   T24] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  649.385269][   T24] usb 6-1: device descriptor read/64, error -71
[  649.464330][T12074] ntfs3(nullb0): Primary boot signature is not NTFS.
[  649.543714][T12074] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  649.733644][   T24] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  649.778538][T12076] Device name cannot be null; rc = [-22]
[  649.873532][   T24] usb 6-1: device descriptor read/64, error -71
[  649.984175][   T24] usb usb6-port1: attempt power cycle
[  650.156199][T12082] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1662'.
[  650.343602][   T24] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  650.375955][   T24] usb 6-1: device descriptor read/8, error -71
[  650.832956][T12092] xt_bpf: check failed: parse error
[  651.433523][   T24] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  651.544671][   T24] usb 6-1: device descriptor read/8, error -71
[  651.654359][   T24] usb usb6-port1: unable to enumerate USB device
[  653.207277][T12113] FAULT_INJECTION: forcing a failure.
[  653.207277][T12113] name failslab, interval 1, probability 0, space 0, times 0
[  653.220433][T12113] CPU: 1 UID: 0 PID: 12113 Comm: syz.3.1671 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  653.220462][T12113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  653.220477][T12113] Call Trace:
[  653.220485][T12113]  <TASK>
[  653.220495][T12113]  dump_stack_lvl+0x189/0x250
[  653.220532][T12113]  ? __pfx____ratelimit+0x10/0x10
[  653.220562][T12113]  ? __pfx_dump_stack_lvl+0x10/0x10
[  653.220592][T12113]  ? __pfx__printk+0x10/0x10
[  653.220619][T12113]  ? __pfx___might_resched+0x10/0x10
[  653.220649][T12113]  ? fs_reclaim_acquire+0x7d/0x100
[  653.220683][T12113]  should_fail_ex+0x414/0x560
[  653.220714][T12113]  should_failslab+0xa8/0x100
[  653.220742][T12113]  __kmalloc_noprof+0xcb/0x4f0
[  653.220764][T12113]  ? kfree+0x4d/0x440
[  653.220783][T12113]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  653.220819][T12113]  tomoyo_realpath_from_path+0xe3/0x5d0
[  653.220850][T12113]  ? tomoyo_domain+0xda/0x130
[  653.220887][T12113]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  653.220911][T12113]  tomoyo_path_number_perm+0x1e8/0x5a0
[  653.220939][T12113]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  653.220975][T12113]  ? __pfx___schedule+0x10/0x10
[  653.221013][T12113]  ? __lock_acquire+0xab9/0xd20
[  653.221063][T12113]  ? __fget_files+0x2a/0x420
[  653.221094][T12113]  ? __fget_files+0x2a/0x420
[  653.221118][T12113]  ? __fget_files+0x3a0/0x420
[  653.221144][T12113]  ? __fget_files+0x2a/0x420
[  653.221176][T12113]  security_file_ioctl+0xcb/0x2d0
[  653.221206][T12113]  __se_sys_ioctl+0x47/0x170
[  653.221231][T12113]  do_syscall_64+0xfa/0x3b0
[  653.221261][T12113]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.221281][T12113]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  653.221301][T12113]  ? clear_bhb_loop+0x60/0xb0
[  653.221325][T12113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.221345][T12113] RIP: 0033:0x7effcf98e929
[  653.221364][T12113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  653.221382][T12113] RSP: 002b:00007effd088a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  653.221404][T12113] RAX: ffffffffffffffda RBX: 00007effcfbb6160 RCX: 00007effcf98e929
[  653.221420][T12113] RDX: 00002000000001c0 RSI: 00000000c02c5341 RDI: 0000000000000007
[  653.221434][T12113] RBP: 00007effd088a090 R08: 0000000000000000 R09: 0000000000000000
[  653.221447][T12113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  653.221459][T12113] R13: 0000000000000000 R14: 00007effcfbb6160 R15: 00007ffe6e6b0508
[  653.221493][T12113]  </TASK>
[  653.471886][T12113] ERROR: Out of memory at tomoyo_realpath_from_path.
[  653.600714][T12112] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1673'.
[  655.013312][   T10] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  655.512637][   T10] usb 4-1: Using ep0 maxpacket: 8
[  655.550644][   T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  655.817559][   T10] usb 4-1: config 1 has no interface number 0
[  655.975381][   T10] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  656.155504][   T10] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  656.278937][   T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  656.295879][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.309216][T12120] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  656.320069][   T10] usb 4-1: Product: syz
[  656.333446][   T10] usb 4-1: Manufacturer: syz
[  656.342766][   T10] usb 4-1: SerialNumber: syz
[  656.568214][   T10] usb 4-1: USB disconnect, device number 57
[  656.613425][ T5918] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  657.453107][ T5918] usb 5-1: device descriptor read/64, error -71
[  657.733491][ T1215] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  657.974322][ T1215] usb 3-1: device descriptor read/64, error -71
[  657.980802][ T5918] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  658.123069][ T5918] usb 5-1: device descriptor read/64, error -71
[  658.544431][ T1215] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  658.663295][ T5918] usb usb5-port1: attempt power cycle
[  658.752996][ T1215] usb 3-1: device descriptor read/64, error -71
[  658.885441][ T1215] usb usb3-port1: attempt power cycle
[  659.023808][T12156] netlink: 'syz.0.1685': attribute type 1 has an invalid length.
[  659.050044][T12156] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1685'.
[  659.072634][T12156] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1685'.
[  659.234453][ T1215] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  659.882938][ T1215] usb 3-1: device descriptor read/8, error -71
[  660.356876][ T1215] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  660.406242][T12168] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  660.426146][   T30] audit: type=1326 audit(1751297369.994:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12167 comm="syz.4.1688" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7b2798e929 code=0x0
[  660.652883][ T1215] usb 3-1: device not accepting address 54, error -71
[  661.444967][ T1215] usb usb3-port1: unable to enumerate USB device
[  664.390464][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.418751][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.457759][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.494404][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.518100][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.542705][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.570689][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.602726][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.620542][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.632727][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.650527][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.668400][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.691583][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.710799][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.722868][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.730429][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.738581][ T5918] hid-generic C990:0003:007F.000B: unknown main item tag 0x0
[  664.762083][ T5918] hid-generic C990:0003:007F.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  664.893527][   T30] audit: type=1326 audit(1751297374.474:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12209 comm="syz.0.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5f978e929 code=0x7ffc0000
[  664.922775][   T24] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  665.890423][   T30] audit: type=1326 audit(1751297374.494:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12209 comm="syz.0.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5f978e929 code=0x7ffc0000
[  665.912020][    C1] vkms_vblank_simulate: vblank timer overrun
[  665.979890][   T30] audit: type=1326 audit(1751297374.494:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12209 comm="syz.0.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fc5f978e929 code=0x7ffc0000
[  666.009281][   T24] usb 3-1: device descriptor read/64, error -71
[  666.045658][T12208] fido_id[12208]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  666.053220][T12211] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  666.073256][   T30] audit: type=1326 audit(1751297374.494:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12209 comm="syz.0.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5f978e929 code=0x7ffc0000
[  666.094914][    C1] vkms_vblank_simulate: vblank timer overrun
[  666.108600][   T30] audit: type=1326 audit(1751297374.494:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12209 comm="syz.0.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc5f978e929 code=0x7ffc0000
[  666.131120][   T30] audit: type=1326 audit(1751297374.494:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12209 comm="syz.0.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5f978e929 code=0x7ffc0000
[  666.154978][   T30] audit: type=1326 audit(1751297374.494:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12209 comm="syz.0.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5f978e929 code=0x7ffc0000
[  666.176612][    C1] vkms_vblank_simulate: vblank timer overrun
[  666.188032][   T30] audit: type=1326 audit(1751297374.494:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12209 comm="syz.0.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc5f978e929 code=0x7ffc0000
[  666.209584][    C1] vkms_vblank_simulate: vblank timer overrun
[  666.284856][   T24] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  666.314361][   T30] audit: type=1326 audit(1751297374.494:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12209 comm="syz.0.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5f978e929 code=0x7ffc0000
[  666.343996][   T30] audit: type=1326 audit(1751297374.514:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12209 comm="syz.0.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc5f978e929 code=0x7ffc0000
[  666.371446][   T30] audit: type=1326 audit(1751297374.514:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12209 comm="syz.0.1702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fc5f978e929 code=0x7ffc0000
[  666.393115][    C1] vkms_vblank_simulate: vblank timer overrun
[  666.463826][   T24] usb 3-1: device descriptor read/64, error -71
[  666.590219][   T24] usb usb3-port1: attempt power cycle
[  667.283315][   T24] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  667.884940][   T24] usb 3-1: device descriptor read/8, error -71
[  670.228379][ T1215] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  670.456544][ T1215] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  670.478202][ T1215] usb 4-1: config 0 has no interface number 0
[  670.495633][ T1215] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  670.634647][ T1215] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  670.974350][ T1215] usb 4-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  671.091399][ T1215] usb 4-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  671.102110][ T1215] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  671.120452][ T1215] usb 4-1: config 0 descriptor??
[  671.793071][T12271] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1720'.
[  672.559321][ T5917] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  672.569584][T12251] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1713'.
[  672.581478][ T1215] uclogic 0003:28BD:0042.000C: failed retrieving string descriptor #100: -71
[  672.696359][ T1215] uclogic 0003:28BD:0042.000C: failed retrieving pen parameters: -71
[  672.705383][ T1215] uclogic 0003:28BD:0042.000C: pen probing failed: -71
[  672.712369][ T1215] uclogic 0003:28BD:0042.000C: failed probing parameters: -71
[  672.719939][ T1215] uclogic 0003:28BD:0042.000C: probe with driver uclogic failed with error -71
[  672.740233][ T1215] usb 4-1: USB disconnect, device number 58
[  672.973619][T12275] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  673.014107][ T5917] usb 6-1: device descriptor read/64, error -71
[  673.352374][ T5917] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  673.494533][ T5917] usb 6-1: device descriptor read/64, error -71
[  673.612926][ T5917] usb usb6-port1: attempt power cycle
[  674.045542][ T5917] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  674.290412][ T5917] usb 6-1: device descriptor read/8, error -71
[  675.637577][   T30] kauditd_printk_skb: 40 callbacks suppressed
[  675.637598][   T30] audit: type=1326 audit(1751297385.205:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.4.1733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b2798e929 code=0x7ffc0000
[  676.501439][   T30] audit: type=1326 audit(1751297385.205:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.4.1733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b2798e929 code=0x7ffc0000
[  676.525081][   T30] audit: type=1326 audit(1751297385.205:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.4.1733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7b2798e929 code=0x7ffc0000
[  676.551543][T12308] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  676.599382][   T30] audit: type=1326 audit(1751297385.205:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.4.1733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b2798e929 code=0x7ffc0000
[  676.638377][   T30] audit: type=1326 audit(1751297385.205:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.4.1733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b2798e929 code=0x7ffc0000
[  676.697674][   T30] audit: type=1326 audit(1751297385.205:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.4.1733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7b2798e929 code=0x7ffc0000
[  676.708787][T12300] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1730'.
[  676.730103][T12300] smc: net device bond0 applied user defined pnetid S
[  676.750586][   T30] audit: type=1326 audit(1751297385.225:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.4.1733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b2798e929 code=0x7ffc0000
[  676.904307][T12318] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  677.291269][   T30] audit: type=1326 audit(1751297385.225:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.4.1733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b2798e929 code=0x7ffc0000
[  677.292271][ T1215] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  677.351583][   T30] audit: type=1326 audit(1751297385.425:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.4.1733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7b2798e929 code=0x7ffc0000
[  677.392876][   T30] audit: type=1326 audit(1751297386.165:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.4.1733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b2798e929 code=0x7ffc0000
[  677.690033][T12324] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  677.713474][ T1215] usb 4-1: Using ep0 maxpacket: 32
[  677.721233][ T1215] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  677.732169][ T1215] usb 4-1: config 0 has no interfaces?
[  677.737831][ T1215] usb 4-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[  677.750286][ T1215] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.773750][ T1215] usb 4-1: config 0 descriptor??
[  678.372860][ T1215] usb 4-1: string descriptor 0 read error: -71
[  678.406860][ T1215] usb 4-1: USB disconnect, device number 59
[  680.986506][T12346] syz_tun: entered allmulticast mode
[  681.299554][T12346] syz_tun: left allmulticast mode
[  681.849749][T12355] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1746'.
[  681.961806][T12350] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1745'.
[  684.588300][T12372] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  685.832053][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  686.021554][ T6025] Bluetooth: hci5: Frame reassembly failed (-84)
[  687.804467][T12410] netlink: 'syz.5.1762': attribute type 10 has an invalid length.
[  687.836196][T12410] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  687.846561][T12410] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  687.856361][T12410] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  687.866209][T12410] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  687.885726][T12410] team0: Port device geneve1 added
[  688.067178][T10872] Bluetooth: hci5: command 0x1003 tx timeout
[  688.079490][ T5834] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  688.785982][T12414] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  689.065215][T12421] netlink: 'syz.5.1765': attribute type 1 has an invalid length.
[  689.222214][T12421] netlink: 216 bytes leftover after parsing attributes in process `syz.5.1765'.
[  689.331223][T12422] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  689.839524][T12430] ntfs3(nullb0): Primary boot signature is not NTFS.
[  689.847213][T12430] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  691.452694][ T5830] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  692.239472][ T5830] usb 6-1: device descriptor read/all, error -71
[  692.448983][T12445] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1772'.
[  693.989458][T12461] netlink: 'syz.3.1776': attribute type 7 has an invalid length.
[  694.048661][T12461] : entered promiscuous mode
[  695.128117][T12467] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  698.103025][ T9515] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  698.600792][ T9515] usb 4-1: Using ep0 maxpacket: 16
[  698.653479][ T9515] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  698.695715][T12492] ntfs3(nullb0): Primary boot signature is not NTFS.
[  698.703356][T12492] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  699.169226][ T9515] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  699.206198][ T9515] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.248502][ T9515] usb 4-1: config 0 descriptor??
[  699.454997][ T9515] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input21
[  699.708095][T12496] input: syz0 as /devices/virtual/input/input22
[  700.840852][ T5176] bcm5974 4-1:0.0: could not read from device
[  701.044804][ T5176] bcm5974 4-1:0.0: could not read from device
[  701.118675][T12499] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  701.125257][T12499] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  701.943315][T12499] vhci_hcd vhci_hcd.0: Device attached
[  703.371063][ T9515] usb 4-1: USB disconnect, device number 60
[  703.371161][ T1215] usb 33-1: new high-speed USB device number 2 using vhci_hcd
[  703.886332][T12499] syzkaller0: entered promiscuous mode
[  703.913368][T12499] syzkaller0: entered allmulticast mode
[  704.262739][T10872] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  704.302452][T10872] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  704.316376][T10872] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  704.327342][T10872] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  704.337347][T10872] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  704.942808][T12527] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1798'.
[  706.451961][ T5834] Bluetooth: hci5: command tx timeout
[  707.168350][T12535] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  708.540736][ T5834] Bluetooth: hci5: command tx timeout
[  708.702210][T12546] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  708.718558][T12546] random: crng reseeded on system resumption
[  710.614131][ T5834] Bluetooth: hci5: command tx timeout
[  711.179510][T12556] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1805'.
[  711.609039][T12558] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  712.834510][ T5834] Bluetooth: hci5: command tx timeout
[  714.279172][T12567] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1808'.
[  714.591200][ T9515] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  714.749302][ T9515] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  714.820699][ T9515] usb 3-1: New USB device found, idVendor=0408, idProduct=3001, bcdDevice= 0.00
[  714.829935][ T9515] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  714.881725][ T9515] usb 3-1: config 0 descriptor??
[  715.251649][T10872] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  715.263302][T10872] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  715.273937][T10872] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  715.305930][T10872] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  715.306775][ T9515] hid (null): invalid report_size -1021686408
[  715.320512][T10872] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  715.333690][ T9515] hid-generic 0003:0408:3001.000D: invalid report_size -1021686408
[  715.368860][ T9515] hid-generic 0003:0408:3001.000D: item 0 4 1 7 parsing failed
[  715.394510][ T9515] hid-generic 0003:0408:3001.000D: probe with driver hid-generic failed with error -22
[  715.564788][T12568] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  715.588051][T12568] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  716.091063][T12527] macvtap1: entered promiscuous mode
[  716.096484][T12527] syz_tun: entered promiscuous mode
[  716.104280][T12527] macvtap1: entered allmulticast mode
[  716.109758][T12527] syz_tun: entered allmulticast mode
[  716.130253][ T5917] usb 3-1: USB disconnect, device number 59
[  716.156105][T12504] vhci_hcd: connection reset by peer
[  716.192040][ T3527] vhci_hcd: stop threads
[  716.196372][ T3527] vhci_hcd: release socket
[  716.250066][ T3527] vhci_hcd: disconnect device
[  716.301259][ T1215] vhci_hcd: vhci_device speed not set
[  716.326904][ T5995] bond0: (slave wlan1): link status definitely down, disabling slave
[  716.417664][T12574] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  716.726390][T12579] ntfs3(nullb0): Primary boot signature is not NTFS.
[  716.734143][T12579] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  717.420667][T10872] Bluetooth: hci1: command tx timeout
[  718.130035][T12583] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  719.490773][T10872] Bluetooth: hci1: command tx timeout
[  719.569737][T12600] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1815'.
[  719.785985][T12570] chnl_net:caif_netlink_parms(): no params data found
[  720.039736][T12520] chnl_net:caif_netlink_parms(): no params data found
[  721.583038][T10872] Bluetooth: hci1: command tx timeout
[  721.638362][T12570] bridge0: port 1(bridge_slave_0) entered blocking state
[  721.645834][T12570] bridge0: port 1(bridge_slave_0) entered disabled state
[  721.653787][T12570] bridge_slave_0: entered allmulticast mode
[  721.661822][T12570] bridge_slave_0: entered promiscuous mode
[  721.671505][T12570] bridge0: port 2(bridge_slave_1) entered blocking state
[  721.678696][T12570] bridge0: port 2(bridge_slave_1) entered disabled state
[  721.686112][T12570] bridge_slave_1: entered allmulticast mode
[  721.694116][T12570] bridge_slave_1: entered promiscuous mode
[  721.740405][T12570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  721.793410][T12570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  722.372122][T12570] team0: Port device team_slave_0 added
[  723.359198][T12570] team0: Port device team_slave_1 added
[  723.655633][T12570] batman_adv: batadv0: Adding interface: batadv_slave_0
[  723.668835][T12570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  723.698356][T10872] Bluetooth: hci1: command tx timeout
[  723.820379][T12570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  724.728546][T12520] bridge0: port 1(bridge_slave_0) entered blocking state
[  724.749274][T12520] bridge0: port 1(bridge_slave_0) entered disabled state
[  724.757302][T12520] bridge_slave_0: entered allmulticast mode
[  724.776441][T12520] bridge_slave_0: entered promiscuous mode
[  724.794430][T12570] batman_adv: batadv0: Adding interface: batadv_slave_1
[  724.826885][T12570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  724.853000][    C0] vkms_vblank_simulate: vblank timer overrun
[  724.862664][T12570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  724.953280][T12520] bridge0: port 2(bridge_slave_1) entered blocking state
[  724.960477][T12520] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.986465][T12520] bridge_slave_1: entered allmulticast mode
[  725.877277][T12520] bridge_slave_1: entered promiscuous mode
[  726.033583][ T3527] bridge_slave_1: left allmulticast mode
[  726.044764][ T3527] bridge_slave_1: left promiscuous mode
[  726.063894][ T3527] bridge0: port 2(bridge_slave_1) entered disabled state
[  726.095206][ T3527] bridge_slave_0: left allmulticast mode
[  726.110784][ T3527] bridge_slave_0: left promiscuous mode
[  726.119368][ T3527] bridge0: port 1(bridge_slave_0) entered disabled state
[  726.123975][   T10] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  726.566577][   T10] usb 3-1: Using ep0 maxpacket: 32
[  726.662401][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  726.662423][   T30] audit: type=1326 audit(1751297692.158:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12643 comm="syz.3.1823" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7effcf98e929 code=0x0
[  726.691125][   T10] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  726.719823][   T10] usb 3-1: config 0 has no interface number 0
[  726.726473][   T10] usb 3-1: config 0 interface 184 has no altsetting 0
[  726.750243][   T10] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  726.771979][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  726.780296][   T10] usb 3-1: Product: syz
[  726.804911][   T10] usb 3-1: Manufacturer: syz
[  726.809605][   T10] usb 3-1: SerialNumber: syz
[  726.841494][   T10] usb 3-1: config 0 descriptor??
[  726.852741][   T10] smsc75xx v1.0.0
[  726.873384][   T10] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  726.884684][   T10] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -22
[  727.227627][ T5830] usb 3-1: USB disconnect, device number 60
[  727.836333][ T3527] bond0 (unregistering): (slave ..
@ÿ): Releasing backup interface
[  727.861933][ T3527] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  727.875662][ T3527] bond0 (unregistering): Released all slaves
[  728.261873][ T3527] bond1 (unregistering): Released all slaves
[  728.345938][T12672] ntfs3(nullb0): Primary boot signature is not NTFS.
[  728.353710][T12672] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  729.033497][T12570] hsr_slave_0: entered promiscuous mode
[  729.040100][T12570] hsr_slave_1: entered promiscuous mode
[  729.091888][T12570] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  729.098997][T12671] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  729.101744][T12570] Cannot create hsr debugfs directory
[  729.153154][T12520] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  729.513045][T12520] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  729.756643][ T3527] tipc: Disabling bearer <udp:syz2>
[  729.804958][ T3527] tipc: Left network mode
[  730.489248][T12520] team0: Port device team_slave_0 added
[  730.587252][T12520] team0: Port device team_slave_1 added
[  730.820049][T12686] overlay: Unknown parameter '/dev/cpu/#/msr'
[  731.360977][T12520] batman_adv: batadv0: Adding interface: batadv_slave_0
[  731.371873][T12520] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  731.397986][    C0] vkms_vblank_simulate: vblank timer overrun
[  731.420651][ T5917] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  731.445937][T12520] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  731.489693][T12520] batman_adv: batadv0: Adding interface: batadv_slave_1
[  731.507073][T12520] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  731.533144][    C0] vkms_vblank_simulate: vblank timer overrun
[  731.577857][T12520] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  731.600688][ T5917] usb 3-1: device descriptor read/64, error -71
[  731.661523][ T3527] batman_adv: batadv0: Removing interface: wlan0
[  731.851392][ T5917] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  731.956237][T12520] hsr_slave_0: entered promiscuous mode
[  731.975560][T12520] hsr_slave_1: entered promiscuous mode
[  731.995932][T12520] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  732.028390][T12520] Cannot create hsr debugfs directory
[  732.033977][ T5917] usb 3-1: device descriptor read/64, error -71
[  732.092745][ T3527] hsr_slave_0: left promiscuous mode
[  732.098966][ T3527] batman_adv: batadv0: Removing interface: batadv_slave_0
[  732.133727][ T3527] batman_adv: batadv0: Removing interface: batadv_slave_1
[  732.255000][ T5917] usb usb3-port1: attempt power cycle
[  732.932342][ T5917] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  732.983987][ T5917] usb 3-1: device descriptor read/8, error -71
[  733.225844][ T5917] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  733.265952][ T5917] usb 3-1: device descriptor read/8, error -71
[  733.280106][ T3527] team0 (unregistering): Port device team_slave_1 removed
[  733.336523][ T3527] team0 (unregistering): Port device team_slave_0 removed
[  733.386620][ T5917] usb usb3-port1: unable to enumerate USB device
[  734.105780][T12715] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1840'.
[  734.471007][T12721] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  735.069344][T12570] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  735.109094][T12570] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  735.772424][T12570] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  736.285477][T12570] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  736.326010][ T3527] IPVS: stop unused estimator thread 0...
[  736.411685][T12737] netlink: 'syz.5.1844': attribute type 1 has an invalid length.
[  736.426033][T12737] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1844'.
[  736.435600][T12737] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1844'.
[  737.031226][T12753] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  738.658456][T12520] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  738.933119][T12520] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  739.057711][T12520] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  739.139723][T12520] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  739.374170][T12570] 8021q: adding VLAN 0 to HW filter on device bond0
[  739.473421][T12570] 8021q: adding VLAN 0 to HW filter on device team0
[  739.517483][ T5995] bridge0: port 1(bridge_slave_0) entered blocking state
[  739.524769][ T5995] bridge0: port 1(bridge_slave_0) entered forwarding state
[  739.586637][ T5995] bridge0: port 2(bridge_slave_1) entered blocking state
[  739.593983][ T5995] bridge0: port 2(bridge_slave_1) entered forwarding state
[  740.724414][T12520] 8021q: adding VLAN 0 to HW filter on device bond0
[  741.018359][T12520] 8021q: adding VLAN 0 to HW filter on device team0
[  741.336039][ T5993] bridge0: port 1(bridge_slave_0) entered blocking state
[  741.343292][ T5993] bridge0: port 1(bridge_slave_0) entered forwarding state
[  742.073444][ T5993] bridge0: port 2(bridge_slave_1) entered blocking state
[  742.080723][ T5993] bridge0: port 2(bridge_slave_1) entered forwarding state
[  742.191237][T12801] netlink: 'syz.3.1854': attribute type 1 has an invalid length.
[  742.231718][T12801] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1854'.
[  742.274043][T12801] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1854'.
[  743.958207][T12570] 8021q: adding VLAN 0 to HW filter on device batadv0
[  745.013736][T12835] ntfs3(nullb0): Primary boot signature is not NTFS.
[  745.021472][T12835] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  745.638747][T12837] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1862'.
[  746.113882][T12520] 8021q: adding VLAN 0 to HW filter on device batadv0
[  747.281685][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  748.158289][T12570] veth0_vlan: entered promiscuous mode
[  748.228515][T12570] veth1_vlan: entered promiscuous mode
[  748.338755][T12570] veth0_macvtap: entered promiscuous mode
[  748.367130][T12570] veth1_macvtap: entered promiscuous mode
[  748.433452][T12570] batman_adv: batadv0: Interface activated: batadv_slave_0
[  748.475595][T12570] batman_adv: batadv0: Interface activated: batadv_slave_1
[  748.532148][T12570] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  748.570676][T12570] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  748.579469][T12570] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  748.627202][T12570] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  749.378067][T12891] ntfs3(nullb0): Primary boot signature is not NTFS.
[  749.385155][T12891] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  749.581541][T12520] veth0_vlan: entered promiscuous mode
[  749.832359][T12520] veth1_vlan: entered promiscuous mode
[  750.771002][T12520] veth0_macvtap: entered promiscuous mode
[  751.388521][T12520] veth1_macvtap: entered promiscuous mode
[  751.949986][ T6061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  751.984848][T12520] batman_adv: batadv0: Interface activated: batadv_slave_0
[  752.000087][T12520] batman_adv: batadv0: Interface activated: batadv_slave_1
[  752.011549][ T6061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  752.034103][T12520] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  752.050677][T12520] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  752.059613][T12520] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  752.070045][T12520] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  752.085251][T12906] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  752.240633][ T5995] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  752.255573][ T5995] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  752.482030][T12920] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  752.490937][T12920] random: crng reseeded on system resumption
[  752.772259][T12921] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  753.093401][ T3527] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  753.115485][ T3527] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  753.324143][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  753.386283][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  754.813603][T12941] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  754.893111][T12949] /dev/nullb0: Can't open blockdev
[  756.668525][T12974] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  756.678901][T12974] random: crng reseeded on system resumption
[  757.345367][T12973] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  758.740473][T12984] tty tty4: ldisc open failed (-12), clearing slot 3
[  761.808910][T13038] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  761.818172][T13038] random: crng reseeded on system resumption
[  765.512308][T13059] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  767.392198][T13082] FAULT_INJECTION: forcing a failure.
[  767.392198][T13082] name failslab, interval 1, probability 0, space 0, times 0
[  767.411076][T13082] CPU: 0 UID: 0 PID: 13082 Comm: syz.5.1911 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  767.411099][T13082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  767.411109][T13082] Call Trace:
[  767.411115][T13082]  <TASK>
[  767.411122][T13082]  dump_stack_lvl+0x189/0x250
[  767.411150][T13082]  ? __pfx____ratelimit+0x10/0x10
[  767.411171][T13082]  ? __pfx_dump_stack_lvl+0x10/0x10
[  767.411193][T13082]  ? __pfx__printk+0x10/0x10
[  767.411213][T13082]  ? __pfx___might_resched+0x10/0x10
[  767.411238][T13082]  should_fail_ex+0x414/0x560
[  767.411261][T13082]  should_failslab+0xa8/0x100
[  767.411284][T13082]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  767.411302][T13082]  ? __alloc_skb+0x112/0x2d0
[  767.411321][T13082]  __alloc_skb+0x112/0x2d0
[  767.411338][T13082]  netlink_dump+0x22b/0xe20
[  767.411358][T13082]  ? rcu_is_watching+0x15/0xb0
[  767.411380][T13082]  ? trace_kmalloc+0x1f/0xd0
[  767.411396][T13082]  ? __pfx_netlink_dump+0x10/0x10
[  767.411421][T13082]  ? __inet_diag_dump_start+0x8a1/0xa10
[  767.411449][T13082]  ? netlink_lookup+0x30/0x200
[  767.411475][T13082]  __netlink_dump_start+0x5cb/0x7e0
[  767.411502][T13082]  inet_diag_rcv_msg_compat+0x1ea/0x3b0
[  767.411528][T13082]  ? __pfx_inet_diag_rcv_msg_compat+0x10/0x10
[  767.411557][T13082]  ? __pfx_inet_diag_dump_start_compat+0x10/0x10
[  767.411578][T13082]  ? __pfx_inet_diag_dump_compat+0x10/0x10
[  767.411599][T13082]  ? __pfx_inet_diag_dump_done+0x10/0x10
[  767.411626][T13082]  ? sock_diag_rcv_msg+0x188/0x600
[  767.411652][T13082]  sock_diag_rcv_msg+0x4cc/0x600
[  767.411677][T13082]  netlink_rcv_skb+0x205/0x470
[  767.411694][T13082]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  767.411717][T13082]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  767.411743][T13082]  ? netlink_deliver_tap+0x2e/0x1b0
[  767.411758][T13082]  ? netlink_deliver_tap+0x2e/0x1b0
[  767.411786][T13082]  netlink_unicast+0x758/0x8d0
[  767.411830][T13082]  netlink_sendmsg+0x805/0xb30
[  767.411863][T13082]  ? __pfx_netlink_sendmsg+0x10/0x10
[  767.411886][T13082]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  767.411903][T13082]  ? __pfx_netlink_sendmsg+0x10/0x10
[  767.411920][T13082]  __sock_sendmsg+0x219/0x270
[  767.411944][T13082]  ____sys_sendmsg+0x505/0x830
[  767.411966][T13082]  ? __pfx_____sys_sendmsg+0x10/0x10
[  767.411990][T13082]  ? import_iovec+0x74/0xa0
[  767.412015][T13082]  ___sys_sendmsg+0x21f/0x2a0
[  767.412040][T13082]  ? __pfx____sys_sendmsg+0x10/0x10
[  767.412086][T13082]  ? __fget_files+0x2a/0x420
[  767.412105][T13082]  ? __fget_files+0x3a0/0x420
[  767.412132][T13082]  __x64_sys_sendmsg+0x19b/0x260
[  767.412151][T13082]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  767.412175][T13082]  ? __pfx_ksys_write+0x10/0x10
[  767.412190][T13082]  ? rcu_is_watching+0x15/0xb0
[  767.412215][T13082]  ? do_syscall_64+0xbe/0x3b0
[  767.412239][T13082]  do_syscall_64+0xfa/0x3b0
[  767.412259][T13082]  ? lockdep_hardirqs_on+0x9c/0x150
[  767.412281][T13082]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.412296][T13082]  ? clear_bhb_loop+0x60/0xb0
[  767.412314][T13082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.412328][T13082] RIP: 0033:0x7f246af8e929
[  767.412343][T13082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  767.412355][T13082] RSP: 002b:00007f246bd1f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  767.412371][T13082] RAX: ffffffffffffffda RBX: 00007f246b1b5fa0 RCX: 00007f246af8e929
[  767.412382][T13082] RDX: 0000000020000010 RSI: 0000200000000040 RDI: 0000000000000003
[  767.412392][T13082] RBP: 00007f246bd1f090 R08: 0000000000000000 R09: 0000000000000000
[  767.412401][T13082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  767.412410][T13082] R13: 0000000000000000 R14: 00007f246b1b5fa0 R15: 00007ffee1dc7168
[  767.412434][T13082]  </TASK>
[  767.786154][    C0] vkms_vblank_simulate: vblank timer overrun
[  767.998850][T13081] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  768.152822][T13095] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  768.162121][T13095] random: crng reseeded on system resumption
[  768.221434][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  768.234967][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  768.261973][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  768.274741][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  768.285055][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  768.603172][T13100] cgroup: release_agent respecified
[  769.137375][ T3469] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  769.936292][ T3469] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  770.187638][ T3469] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  770.370723][ T5834] Bluetooth: hci0: command tx timeout
[  770.481601][ T3469] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.151844][T13130] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  772.330306][T13086] chnl_net:caif_netlink_parms(): no params data found
[  772.451908][ T5834] Bluetooth: hci0: command tx timeout
[  772.806014][ T3469] dummy0: left allmulticast mode
[  772.840435][ T3469] bridge0: port 3(dummy0) entered disabled state
[  772.867760][T13148] fuse: Unknown parameter '0x0000000000000003'
[  772.902320][ T3469] bridge_slave_1: left allmulticast mode
[  772.908050][ T3469] bridge_slave_1: left promiscuous mode
[  772.942383][ T3469] bridge0: port 2(bridge_slave_1) entered disabled state
[  773.135897][ T3469] bridge_slave_0: left allmulticast mode
[  773.148933][ T3469] bridge_slave_0: left promiscuous mode
[  773.159993][ T3469] bridge0: port 1(bridge_slave_0) entered disabled state
[  773.199778][ T3469] bond_slave_0: left promiscuous mode
[  773.207540][ T3469] bond_slave_1: left promiscuous mode
[  773.219859][T13156] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  773.229029][T13156] random: crng reseeded on system resumption
[  774.500584][T13166] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  774.531568][ T5834] Bluetooth: hci0: command tx timeout
[  776.399696][ T3469] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  776.422931][ T3469] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  776.448903][ T3469] bond0 (unregistering): Released all slaves
[  776.498733][ T3469] bond1 (unregistering): Released all slaves
[  776.610665][ T5834] Bluetooth: hci0: command tx timeout
[  777.065568][T13200] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  777.328433][ T3469] : left promiscuous mode
[  777.617086][T13209] random: crng reseeded on system resumption
[  777.618453][T13208] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  778.063529][T13086] bridge0: port 1(bridge_slave_0) entered blocking state
[  778.087220][T13086] bridge0: port 1(bridge_slave_0) entered disabled state
[  778.116139][T13086] bridge_slave_0: entered allmulticast mode
[  778.140314][T13086] bridge_slave_0: entered promiscuous mode
[  778.195109][T13205] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  778.553896][T13222] netlink: 'syz.7.1940': attribute type 4 has an invalid length.
[  779.289317][T13086] bridge0: port 2(bridge_slave_1) entered blocking state
[  779.317465][T13086] bridge0: port 2(bridge_slave_1) entered disabled state
[  779.344297][T13086] bridge_slave_1: entered allmulticast mode
[  779.373613][T13086] bridge_slave_1: entered promiscuous mode
[  779.685283][T13086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  779.770944][ T3469] batman_adv: batadv0: Interface deactivated: wlan0
[  779.998895][ T3469] batman_adv: batadv0: Removing interface: wlan0
[  780.104814][T13086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  780.885619][T13086] team0: Port device team_slave_0 added
[  780.905290][T13086] team0: Port device team_slave_1 added
[  781.106150][ T3469] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  781.117185][ T3469] batman_adv: batadv0: Removing interface: batadv_slave_0
[  781.295218][T13239] netlink: 'syz.6.1944': attribute type 1 has an invalid length.
[  781.303325][T13239] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1944'.
[  781.805989][ T3469] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  781.821058][ T3469] batman_adv: batadv0: Removing interface: batadv_slave_1
[  781.941386][ T3469] veth1_macvtap: left promiscuous mode
[  781.951235][ T3469] veth0_macvtap: left promiscuous mode
[  781.956994][ T3469] veth1_vlan: left promiscuous mode
[  781.990743][ T3469] veth0_vlan: left promiscuous mode
[  782.544126][T13257] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  782.553484][T13257] random: crng reseeded on system resumption
[  783.456110][ T3469] team0 (unregistering): Port device team_slave_1 removed
[  783.554434][ T3469] team0 (unregistering): Port device team_slave_0 removed
[  784.056007][T13238] lo speed is unknown, defaulting to 1000
[  784.056312][T13086] batman_adv: batadv0: Adding interface: batadv_slave_0
[  784.073637][T13086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  784.108182][T13086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  784.221419][T13248] syzkaller1: entered promiscuous mode
[  784.237800][T13248] syzkaller1: entered allmulticast mode
[  784.251834][T13086] batman_adv: batadv0: Adding interface: batadv_slave_1
[  784.259004][T13086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  784.293123][T13086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  784.474279][T13086] hsr_slave_0: entered promiscuous mode
[  784.484376][T13086] hsr_slave_1: entered promiscuous mode
[  784.538715][T13238] lo speed is unknown, defaulting to 1000
[  784.547392][T13238] lo speed is unknown, defaulting to 1000
[  785.469502][T13274] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  785.609589][T13238] infiniband syz0: set active
[  785.614777][T13238] infiniband syz0: added lo
[  785.623625][T13238] syz0: rxe_create_cq: returned err = -12
[  785.630107][T13238] infiniband syz0: Couldn't create ib_mad CQ
[  785.636542][T13238] infiniband syz0: Couldn't open port 1
[  785.686282][T13238] RDS/IB: syz0: added
[  785.691195][T13238] smc: adding ib device syz0 with port count 1
[  785.697891][T13238] smc:    ib device syz0 port 1 has pnetid 
[  785.796823][   T43] lo speed is unknown, defaulting to 1000
[  785.848511][   T24] lo speed is unknown, defaulting to 1000
[  785.885277][T13238] lo speed is unknown, defaulting to 1000
[  785.985241][T13283] FAULT_INJECTION: forcing a failure.
[  785.985241][T13283] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  786.000781][T13283] CPU: 0 UID: 0 PID: 13283 Comm: syz.2.1957 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  786.000811][T13283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  786.000824][T13283] Call Trace:
[  786.000833][T13283]  <TASK>
[  786.000842][T13283]  dump_stack_lvl+0x189/0x250
[  786.000879][T13283]  ? __pfx____ratelimit+0x10/0x10
[  786.000908][T13283]  ? __pfx_dump_stack_lvl+0x10/0x10
[  786.000938][T13283]  ? __pfx__printk+0x10/0x10
[  786.000959][T13283]  ? __might_fault+0xb0/0x130
[  786.000997][T13283]  should_fail_ex+0x414/0x560
[  786.001027][T13283]  _copy_from_user+0x2d/0xb0
[  786.001060][T13283]  __sys_bpf+0x1ed/0x860
[  786.001088][T13283]  ? __pfx___sys_bpf+0x10/0x10
[  786.001129][T13283]  ? ksys_write+0x22a/0x250
[  786.001156][T13283]  ? __pfx_ksys_write+0x10/0x10
[  786.001176][T13283]  ? rcu_is_watching+0x15/0xb0
[  786.001215][T13283]  __x64_sys_bpf+0x7c/0x90
[  786.001239][T13283]  do_syscall_64+0xfa/0x3b0
[  786.001268][T13283]  ? lockdep_hardirqs_on+0x9c/0x150
[  786.001296][T13283]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.001316][T13283]  ? clear_bhb_loop+0x60/0xb0
[  786.001341][T13283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.001361][T13283] RIP: 0033:0x7faa2b58e929
[  786.001379][T13283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  786.001399][T13283] RSP: 002b:00007faa2c329038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  786.001421][T13283] RAX: ffffffffffffffda RBX: 00007faa2b7b5fa0 RCX: 00007faa2b58e929
[  786.001436][T13283] RDX: 0000000000000020 RSI: 0000200000000140 RDI: 0000000000000004
[  786.001449][T13283] RBP: 00007faa2c329090 R08: 0000000000000000 R09: 0000000000000000
[  786.001462][T13283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  786.001474][T13283] R13: 0000000000000000 R14: 00007faa2b7b5fa0 R15: 00007ffc1d2e64b8
[  786.001507][T13283]  </TASK>
[  786.287693][T13238] lo speed is unknown, defaulting to 1000
[  786.490483][T13238] lo speed is unknown, defaulting to 1000
[  786.646217][T13238] lo speed is unknown, defaulting to 1000
[  786.800459][T13238] lo speed is unknown, defaulting to 1000
[  786.953600][T13238] lo speed is unknown, defaulting to 1000
[  787.241829][ T3469] IPVS: stop unused estimator thread 0...
[  787.585611][T13300] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  787.596417][T13300] random: crng reseeded on system resumption
[  788.093705][T13086] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  788.110688][   T30] audit: type=1326 audit(1751297753.648:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13305 comm="syz.2.1962" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faa2b58e929 code=0x0
[  788.163712][T13086] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  788.189956][T13086] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  788.237884][T13086] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  789.120067][T13324] netlink: 300 bytes leftover after parsing attributes in process `syz.6.1964'.
[  789.256258][T13086] 8021q: adding VLAN 0 to HW filter on device bond0
[  789.659375][T13086] 8021q: adding VLAN 0 to HW filter on device team0
[  789.715224][ T5917] usb 6-1: new low-speed USB device number 44 using dummy_hcd
[  790.068842][T13334] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  790.077440][ T6025] bridge0: port 1(bridge_slave_0) entered blocking state
[  790.084637][ T6025] bridge0: port 1(bridge_slave_0) entered forwarding state
[  790.125214][ T6025] bridge0: port 2(bridge_slave_1) entered blocking state
[  790.132430][ T6025] bridge0: port 2(bridge_slave_1) entered forwarding state
[  790.231490][ T5917] usb 6-1: Invalid ep0 maxpacket: 64
[  790.397805][ T5917] usb 6-1: new low-speed USB device number 45 using dummy_hcd
[  790.692552][T13086] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  790.703154][T13086] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  791.510936][ T5917] usb 6-1: Invalid ep0 maxpacket: 64
[  793.530385][ T5917] usb usb6-port1: attempt power cycle
[  794.605921][T13357] FAULT_INJECTION: forcing a failure.
[  794.605921][T13357] name failslab, interval 1, probability 0, space 0, times 0
[  794.813452][T13357] CPU: 1 UID: 0 PID: 13357 Comm: syz.7.1972 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  794.813481][T13357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  794.813494][T13357] Call Trace:
[  794.813502][T13357]  <TASK>
[  794.813511][T13357]  dump_stack_lvl+0x189/0x250
[  794.813548][T13357]  ? __pfx____ratelimit+0x10/0x10
[  794.813577][T13357]  ? __pfx_dump_stack_lvl+0x10/0x10
[  794.813605][T13357]  ? __pfx__printk+0x10/0x10
[  794.813632][T13357]  ? __pfx___might_resched+0x10/0x10
[  794.813672][T13357]  ? fs_reclaim_acquire+0x7d/0x100
[  794.813705][T13357]  should_fail_ex+0x414/0x560
[  794.813735][T13357]  should_failslab+0xa8/0x100
[  794.813763][T13357]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  794.813787][T13357]  ? __d_alloc+0x31/0x6f0
[  794.813822][T13357]  __d_alloc+0x31/0x6f0
[  794.813857][T13357]  d_alloc_pseudo+0x1f/0xb0
[  794.813889][T13357]  alloc_file_pseudo+0xcc/0x210
[  794.813921][T13357]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  794.813951][T13357]  ? shmem_get_inode+0xbc5/0xe90
[  794.814012][T13357]  __shmem_file_setup+0x284/0x300
[  794.814038][T13357]  big_key_preparse+0x280/0x4c0
[  794.814066][T13357]  ? __pfx_big_key_preparse+0x10/0x10
[  794.814099][T13357]  __key_create_or_update+0x36d/0xa30
[  794.814143][T13357]  ? __pfx___key_create_or_update+0x10/0x10
[  794.814181][T13357]  ? irqentry_exit+0x74/0x90
[  794.814222][T13357]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[  794.814263][T13357]  key_create_or_update+0x42/0x60
[  794.814299][T13357]  __se_sys_add_key+0x329/0x400
[  794.814328][T13357]  ? __pfx___se_sys_add_key+0x10/0x10
[  794.814355][T13357]  ? arch_syscall_is_vdso_sigreturn+0x120/0x1a0
[  794.814383][T13357]  ? syscall_user_dispatch+0x4f/0x90
[  794.814411][T13357]  ? __x64_sys_add_key+0x20/0xc0
[  794.814436][T13357]  do_syscall_64+0xfa/0x3b0
[  794.814464][T13357]  ? lockdep_hardirqs_on+0x9c/0x150
[  794.814492][T13357]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.814512][T13357]  ? clear_bhb_loop+0x60/0xb0
[  794.814536][T13357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  794.814555][T13357] RIP: 0033:0x7f2bb898e929
[  794.814574][T13357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  794.814590][T13357] RSP: 002b:00007f2bb9716038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  794.814612][T13357] RAX: ffffffffffffffda RBX: 00007f2bb8bb5fa0 RCX: 00007f2bb898e929
[  794.814627][T13357] RDX: 00002000000002c0 RSI: 0000200000000280 RDI: 0000200000000000
[  794.814642][T13357] RBP: 00007f2bb9716090 R08: fffffffffffffffe R09: 0000000000000000
[  794.814656][T13357] R10: 000000000000fe3a R11: 0000000000000246 R12: 0000000000000002
[  794.814669][T13357] R13: 0000000000000000 R14: 00007f2bb8bb5fa0 R15: 00007ffd7e770108
[  794.814700][T13357]  </TASK>
[  795.278805][T13353] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  795.478329][T13363] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  795.487544][T13363] random: crng reseeded on system resumption
[  796.040087][T13373] mmap: syz.2.1976 (13373): VmData 37597184 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  796.090140][T13086] 8021q: adding VLAN 0 to HW filter on device batadv0
[  796.606684][T13390] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  797.971914][T13397] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1980'.
[  799.848314][T13416] ntfs3(nullb0): Primary boot signature is not NTFS.
[  799.856075][T13416] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  799.885457][ T5917] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  800.244899][ T5917] usb 7-1: Using ep0 maxpacket: 32
[  800.383202][ T5917] usb 7-1: config index 0 descriptor too short (expected 35577, got 27)
[  800.420792][T13415] bond_slave_1: entered promiscuous mode
[  800.440698][ T5917] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  800.450146][ T5917] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92
[  800.718024][ T5917] usb 7-1: config 1 has no interface number 0
[  800.724856][ T5917] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  800.735944][ T5917] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  800.749924][ T5917] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  800.760942][T13408] bond_slave_1: left promiscuous mode
[  800.800586][ T5917] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  800.876046][ T5917] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found
[  800.959977][T13427] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  801.069823][ T5917] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now attached
[  801.191345][T13436] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  801.200407][T13436] random: crng reseeded on system resumption
[  801.263690][T13086] veth0_vlan: entered promiscuous mode
[  801.288475][T13086] veth1_vlan: entered promiscuous mode
[  801.511248][ T5918] usb 7-1: USB disconnect, device number 2
[  801.518811][ T5918] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected
[  801.576107][T13086] veth0_macvtap: entered promiscuous mode
[  802.743257][T13086] veth1_macvtap: entered promiscuous mode
[  803.890924][T13086] batman_adv: batadv0: Interface activated: batadv_slave_0
[  804.176672][T13460] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  804.468022][T13086] batman_adv: batadv0: Interface activated: batadv_slave_1
[  804.510338][T13086] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  804.571074][T13086] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  804.603283][T13086] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  804.624827][T13086] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  805.218752][T13478] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1993'.
[  805.293189][T13466] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  805.306083][ T9928] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  805.347284][ T9928] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  805.815963][ T6061] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  805.857535][ T6061] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  806.845370][T13499] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1998'.
[  807.122452][T13507] netlink: 'syz.5.1999': attribute type 1 has an invalid length.
[  808.037854][T13515] vivid-007: kernel_thread() failed
[  808.283097][T13523] tmpfs: Bad value for 'nr_blocks'
[  809.742610][T13540] FAULT_INJECTION: forcing a failure.
[  809.742610][T13540] name failslab, interval 1, probability 0, space 0, times 0
[  809.817342][T13540] CPU: 1 UID: 0 PID: 13540 Comm: syz.2.2008 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  809.817375][T13540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  809.817389][T13540] Call Trace:
[  809.817398][T13540]  <TASK>
[  809.817407][T13540]  dump_stack_lvl+0x189/0x250
[  809.817443][T13540]  ? __pfx____ratelimit+0x10/0x10
[  809.817471][T13540]  ? __pfx_dump_stack_lvl+0x10/0x10
[  809.817502][T13540]  ? __pfx__printk+0x10/0x10
[  809.817529][T13540]  ? __pfx___might_resched+0x10/0x10
[  809.817564][T13540]  should_fail_ex+0x414/0x560
[  809.817594][T13540]  should_failslab+0xa8/0x100
[  809.817631][T13540]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  809.817656][T13540]  ? __alloc_skb+0x112/0x2d0
[  809.817682][T13540]  __alloc_skb+0x112/0x2d0
[  809.817707][T13540]  netlink_sendmsg+0x5c6/0xb30
[  809.817740][T13540]  ? __pfx_netlink_sendmsg+0x10/0x10
[  809.817771][T13540]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  809.817795][T13540]  ? __pfx_netlink_sendmsg+0x10/0x10
[  809.817822][T13540]  __sock_sendmsg+0x219/0x270
[  809.817856][T13540]  ____sys_sendmsg+0x505/0x830
[  809.817885][T13540]  ? __pfx_____sys_sendmsg+0x10/0x10
[  809.817920][T13540]  ? import_iovec+0x74/0xa0
[  809.817955][T13540]  ___sys_sendmsg+0x21f/0x2a0
[  809.817981][T13540]  ? __pfx____sys_sendmsg+0x10/0x10
[  809.818046][T13540]  ? __fget_files+0x2a/0x420
[  809.818072][T13540]  ? __fget_files+0x3a0/0x420
[  809.818111][T13540]  __x64_sys_sendmsg+0x19b/0x260
[  809.818138][T13540]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  809.818174][T13540]  ? __pfx_ksys_write+0x10/0x10
[  809.818195][T13540]  ? rcu_is_watching+0x15/0xb0
[  809.818231][T13540]  ? do_syscall_64+0xbe/0x3b0
[  809.818265][T13540]  do_syscall_64+0xfa/0x3b0
[  809.818292][T13540]  ? lockdep_hardirqs_on+0x9c/0x150
[  809.818320][T13540]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  809.818340][T13540]  ? clear_bhb_loop+0x60/0xb0
[  809.818366][T13540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  809.818386][T13540] RIP: 0033:0x7faa2b58e929
[  809.818405][T13540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  809.818422][T13540] RSP: 002b:00007faa2c329038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  809.818445][T13540] RAX: ffffffffffffffda RBX: 00007faa2b7b5fa0 RCX: 00007faa2b58e929
[  809.818460][T13540] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000005
[  809.818474][T13540] RBP: 00007faa2c329090 R08: 0000000000000000 R09: 0000000000000000
[  809.818486][T13540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  809.818499][T13540] R13: 0000000000000000 R14: 00007faa2b7b5fa0 R15: 00007ffc1d2e64b8
[  809.818531][T13540]  </TASK>
[  810.092247][T13541] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  810.101317][T13541] random: crng reseeded on system resumption
[  812.709923][T13573] lo speed is unknown, defaulting to 1000
[  814.634890][T13600] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  814.723742][T13600] random: crng reseeded on system resumption
[  819.419509][T13642] evm: overlay not supported
[  820.205130][T13645] devtmpfs: Too few inodes for current use
[  820.641494][T13645] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2032'.
[  821.341910][T13658] fuse: Unknown parameter '0x0000000000000007'
[  823.857503][T13675] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2042'.
[  824.067696][T13673] snd_dummy snd_dummy.0: control 2:16:0:syz0:-3 is already present
[  824.954064][ T5889] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  825.032975][T13691] lo speed is unknown, defaulting to 1000
[  825.150790][ T5889] usb 3-1: Using ep0 maxpacket: 32
[  825.158468][ T5889] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  825.209526][ T5889] usb 3-1: config 0 has no interfaces?
[  825.221390][T13700] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  825.242492][ T5889] usb 3-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01
[  825.244626][T13700] random: crng reseeded on system resumption
[  825.284799][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  825.335908][ T5889] usb 3-1: config 0 descriptor??
[  825.591679][ T5889] usb 3-1: string descriptor 0 read error: -71
[  825.634084][ T5889] usb 3-1: USB disconnect, device number 65
[  825.678419][T13705] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  827.833668][   T30] audit: type=1326 audit(1751297792.508:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13714 comm="syz.7.2053" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2bb898e929 code=0x0
[  829.602524][T13729] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2056'.
[  831.390920][ T5834] Bluetooth: hci5: command 0x0406 tx timeout
[  832.027352][T13741] bridge0: port 2(bridge_slave_1) entered disabled state
[  832.420974][ T5889] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  832.474528][T13754] lo speed is unknown, defaulting to 1000
[  832.520587][ T5917] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  832.606087][ T5889] usb 3-1: Using ep0 maxpacket: 32
[  832.615701][ T5889] usb 3-1: config 0 has an invalid interface number: 219 but max is 0
[  832.624938][ T5889] usb 3-1: config 0 has no interface number 0
[  832.650902][ T5889] usb 3-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  832.668400][ T5889] usb 3-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  832.707982][ T5889] usb 3-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  832.708335][ T5917] usb 6-1: Using ep0 maxpacket: 8
[  832.848367][ T5917] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 17
[  832.964981][ T5917] usb 6-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=c8.07
[  833.018392][ T5917] usb 6-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60
[  833.102050][ T5917] usb 6-1: Product: syz
[  833.107048][ T5917] usb 6-1: Manufacturer: syz
[  833.111705][ T5889] usb 3-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  833.111741][ T5889] usb 3-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023
[  833.111782][ T5889] usb 3-1: config 0 interface 219 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  833.115017][ T5889] usb 3-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  833.123124][ T5917] usb 6-1: SerialNumber: syz
[  833.221636][ T5917] usb 6-1: config 0 descriptor??
[  833.272704][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  833.421257][ T5889] usb 3-1: Product: syz
[  833.465473][ T5889] usb 3-1: Manufacturer: syz
[  833.513260][ T5889] usb 3-1: SerialNumber: syz
[  833.538635][ T5889] usb 3-1: config 0 descriptor??
[  833.564683][T13747] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  833.580786][T13747] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  833.731950][T13770] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2069'.
[  833.784850][ T5917] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  834.187214][ T5889] etas_es58x 3-1:0.219: Starting syz syz (Serial Number syz)
[  834.203509][ T5889] etas_es58x 3-1:0.219: could not parse product info: '424242424242'
[  835.038935][ T5917] gspca_sunplus: reg_w_riv err -110
[  835.044417][ T5917] sunplus 6-1:0.0: probe with driver sunplus failed with error -110
[  835.322111][ T5889] usb 3-1: USB disconnect, device number 66
[  835.355275][ T5889] etas_es58x 3-1:0.219: Disconnecting syz syz
[  835.364432][ T5917] usb 6-1: USB disconnect, device number 47
[  835.697114][T13791] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  836.441518][   T24] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  836.496700][T13796] lo speed is unknown, defaulting to 1000
[  836.630606][   T24] usb 9-1: Using ep0 maxpacket: 8
[  836.651147][   T24] usb 9-1: config 179 has an invalid interface number: 65 but max is 0
[  836.872824][   T24] usb 9-1: config 179 has no interface number 0
[  836.879927][   T24] usb 9-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  836.891414][   T24] usb 9-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  836.903046][   T24] usb 9-1: config 179 interface 65 altsetting 12 has an invalid descriptor for endpoint zero, skipping
[  836.914195][   T24] usb 9-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  836.940612][   T24] usb 9-1: config 179 interface 65 has no altsetting 0
[  836.952947][   T24] usb 9-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  836.974595][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  838.597061][   T10] usb 9-1: USB disconnect, device number 2
[  839.085401][T13816] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2080'.
[  839.525893][T13828] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2084'.
[  841.208268][T13839] FAULT_INJECTION: forcing a failure.
[  841.208268][T13839] name failslab, interval 1, probability 0, space 0, times 0
[  841.268941][T13839] CPU: 0 UID: 0 PID: 13839 Comm: syz.6.2087 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  841.268964][T13839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  841.268974][T13839] Call Trace:
[  841.268980][T13839]  <TASK>
[  841.268986][T13839]  dump_stack_lvl+0x189/0x250
[  841.269015][T13839]  ? __pfx____ratelimit+0x10/0x10
[  841.269036][T13839]  ? __pfx_dump_stack_lvl+0x10/0x10
[  841.269058][T13839]  ? __pfx__printk+0x10/0x10
[  841.269074][T13839]  ? __pfx___might_resched+0x10/0x10
[  841.269096][T13839]  ? fs_reclaim_acquire+0x7d/0x100
[  841.269120][T13839]  should_fail_ex+0x414/0x560
[  841.269141][T13839]  should_failslab+0xa8/0x100
[  841.269161][T13839]  __kmalloc_noprof+0xcb/0x4f0
[  841.269178][T13839]  ? tomoyo_encode+0x28b/0x550
[  841.269203][T13839]  tomoyo_encode+0x28b/0x550
[  841.269228][T13839]  tomoyo_realpath_from_path+0x58d/0x5d0
[  841.269257][T13839]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  841.269274][T13839]  tomoyo_path_number_perm+0x1e8/0x5a0
[  841.269293][T13839]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  841.269324][T13839]  ? __lock_acquire+0xab9/0xd20
[  841.269359][T13839]  ? __fget_files+0x2a/0x420
[  841.269380][T13839]  ? __fget_files+0x2a/0x420
[  841.269398][T13839]  ? __fget_files+0x3a0/0x420
[  841.269416][T13839]  ? __fget_files+0x2a/0x420
[  841.269438][T13839]  security_file_ioctl+0xcb/0x2d0
[  841.269459][T13839]  __se_sys_ioctl+0x47/0x170
[  841.269476][T13839]  do_syscall_64+0xfa/0x3b0
[  841.269503][T13839]  ? lockdep_hardirqs_on+0x9c/0x150
[  841.269531][T13839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  841.269552][T13839]  ? clear_bhb_loop+0x60/0xb0
[  841.269587][T13839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  841.269607][T13839] RIP: 0033:0x7fe63cd8e929
[  841.269625][T13839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  841.269642][T13839] RSP: 002b:00007fe63dbe5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  841.269664][T13839] RAX: ffffffffffffffda RBX: 00007fe63cfb5fa0 RCX: 00007fe63cd8e929
[  841.269678][T13839] RDX: 00002000000001c0 RSI: 00000000c02c5341 RDI: 0000000000000003
[  841.269691][T13839] RBP: 00007fe63dbe5090 R08: 0000000000000000 R09: 0000000000000000
[  841.269703][T13839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  841.269715][T13839] R13: 0000000000000000 R14: 00007fe63cfb5fa0 R15: 00007ffc34de0928
[  841.269745][T13839]  </TASK>
[  841.496747][T10872] Bluetooth: hci1: command 0x0406 tx timeout
[  841.518827][T13839] ERROR: Out of memory at tomoyo_realpath_from_path.
[  841.632927][T13844] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  843.890857][T10872] Bluetooth: hci1: command 0x0406 tx timeout
[  844.029817][T13867] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2094'.
[  844.804423][T13878] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  845.206636][   T30] audit: type=1326 audit(1751297810.758:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13887 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb898e929 code=0x7ffc0000
[  845.233894][   T30] audit: type=1326 audit(1751297810.758:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13887 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb898e929 code=0x7ffc0000
[  845.812452][   T30] audit: type=1326 audit(1751297810.758:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13887 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f2bb898e929 code=0x7ffc0000
[  845.856084][ T5889] libceph: connect (1)[c::]:6789 error -101
[  845.966293][   T30] audit: type=1326 audit(1751297810.758:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13887 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb898e929 code=0x7ffc0000
[  845.990819][   T30] audit: type=1326 audit(1751297810.758:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13887 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb898e929 code=0x7ffc0000
[  846.018566][ T5889] libceph: mon0 (1)[c::]:6789 connect error
[  846.070643][T13900] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  846.503761][   T43] libceph: connect (1)[c::]:6789 error -101
[  846.513007][   T43] libceph: mon0 (1)[c::]:6789 connect error
[  846.624104][T13888] ceph: No mds server is up or the cluster is laggy
[  846.645280][   T30] audit: type=1326 audit(1751297810.758:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13887 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=76 compat=0 ip=0x7f2bb898e929 code=0x7ffc0000
[  846.835391][   T43] libceph: connect (1)[c::]:6789 error -101
[  846.841613][   T43] libceph: mon0 (1)[c::]:6789 connect error
[  846.910852][   T30] audit: type=1326 audit(1751297810.758:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13887 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb898e929 code=0x7ffc0000
[  847.169041][   T30] audit: type=1326 audit(1751297810.758:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13887 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb898e929 code=0x7ffc0000
[  847.356312][ T5889] libceph: connect (1)[c::]:6789 error -101
[  847.557534][ T5889] libceph: mon0 (1)[c::]:6789 connect error
[  847.742957][   T30] audit: type=1326 audit(1751297810.758:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13887 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f2bb898e929 code=0x7ffc0000
[  847.790634][   T30] audit: type=1326 audit(1751297810.758:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13887 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb898e929 code=0x7ffc0000
[  848.328024][T13923] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2109'.
[  849.841722][T13932] xt_CHECKSUM: unsupported CHECKSUM operation 68
[  850.317843][T13938] lo speed is unknown, defaulting to 1000
[  850.342401][T13947] ntfs3(nullb0): Primary boot signature is not NTFS.
[  850.350091][T13947] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  851.325441][T13956] Cannot find add_set index 0 as target
[  851.331727][T13926] pim6reg0: tun_chr_ioctl cmd 1074025677
[  851.358445][T13926] pim6reg0: linktype set to 0
[  851.404584][T13958] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2120'.
[  956.560410][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  956.567460][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P13938/1:b..l
[  956.576122][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=62985, q=124 ncpus=2)
[  956.583881][    C1] task:syz.5.2114      state:R  running task     stack:25384 pid:13938 tgid:13937 ppid:7874   task_flags:0x400140 flags:0x00004002
[  956.598490][    C1] Call Trace:
[  956.601812][    C1]  <TASK>
[  956.604781][    C1]  __schedule+0x16a2/0x4cb0
[  956.609348][    C1]  ? preempt_schedule_irq+0xb5/0x150
[  956.614693][    C1]  ? __pfx___schedule+0x10/0x10
[  956.619620][    C1]  ? preempt_schedule_irq+0xaa/0x150
[  956.624945][    C1]  preempt_schedule_irq+0xb5/0x150
[  956.630096][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  956.635884][    C1]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[  956.641735][    C1]  irqentry_exit+0x6f/0x90
[  956.646201][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  956.652218][    C1] RIP: 0010:unwind_next_frame+0xc89/0x2390
[  956.658062][    C1] Code: af 00 49 89 1f 48 8b 44 24 58 80 3c 28 00 48 8b 5c 24 70 4c 8b 6c 24 50 4c 8b 64 24 10 74 08 48 89 df e8 ba 0f af 00 4c 89 23 <ba> 10 00 00 00 4c 89 ef 31 f6 e8 88 11 af 00 48 8b 14 24 e9 c5 04
[  956.677796][    C1] RSP: 0018:ffffc9000418eef8 EFLAGS: 00000246
[  956.683898][    C1] RAX: 1ffff92000831e00 RBX: ffffc9000418f000 RCX: 1ffff92000831d01
[  956.691904][    C1] RDX: ffffffff903bd65e RSI: 0000000000000002 RDI: ffffc9000418f368
[  956.699903][    C1] RBP: dffffc0000000000 R08: 000000000000000a R09: ffffffff81728af5
[  956.707913][    C1] R10: ffffc9000418f018 R11: ffffffff81ace5d0 R12: ffffc9000418f370
[  956.715910][    C1] R13: ffffc9000418f018 R14: ffffc9000418efc8 R15: ffffc9000418f010
[  956.723918][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  956.730123][    C1]  ? unwind_next_frame+0xa5/0x2390
[  956.735278][    C1]  ? unwind_next_frame+0xc3c/0x2390
[  956.740524][    C1]  ? unwind_next_frame+0xa5/0x2390
[  956.745677][    C1]  ? __kasan_kmalloc+0x93/0xb0
[  956.750477][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  956.756662][    C1]  arch_stack_walk+0x11c/0x150
[  956.761467][    C1]  ? __kmalloc_node_track_caller_noprof+0x271/0x4e0
[  956.768100][    C1]  stack_trace_save+0x9c/0xe0
[  956.772810][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  956.778221][    C1]  ? stack_depot_save_flags+0x40/0x900
[  956.783722][    C1]  kasan_save_track+0x3e/0x80
[  956.788435][    C1]  ? kasan_save_track+0x3e/0x80
[  956.793312][    C1]  ? __kasan_kmalloc+0x93/0xb0
[  956.798166][    C1]  __kasan_kmalloc+0x93/0xb0
[  956.802796][    C1]  __kmalloc_node_track_caller_noprof+0x271/0x4e0
[  956.809251][    C1]  ? __kernfs_new_node+0x9c/0x7e0
[  956.814322][    C1]  kstrdup+0x42/0x100
[  956.818349][    C1]  __kernfs_new_node+0x9c/0x7e0
[  956.823241][    C1]  ? __lock_acquire+0xab9/0xd20
[  956.828135][    C1]  ? __pfx___kernfs_new_node+0x10/0x10
[  956.833631][    C1]  ? kernfs_root+0x1c/0x230
[  956.838184][    C1]  ? kernfs_root+0x1c/0x230
[  956.842723][    C1]  ? kernfs_root+0x1c/0x230
[  956.847262][    C1]  ? kernfs_root+0x1c/0x230
[  956.851804][    C1]  kernfs_new_node+0x102/0x210
[  956.856616][    C1]  __kernfs_create_file+0x4b/0x2e0
[  956.861764][    C1]  sysfs_add_file_mode_ns+0x238/0x300
[  956.867196][    C1]  internal_create_group+0x66d/0x1110
[  956.872633][    C1]  ? kobject_add+0x155/0x220
[  956.877275][    C1]  ? __pfx_internal_create_group+0x10/0x10
[  956.883132][    C1]  ? rcu_is_watching+0x15/0xb0
[  956.887947][    C1]  sysfs_create_groups+0x59/0x120
[  956.893015][    C1]  ib_setup_port_attrs+0x1407/0x2070
[  956.898379][    C1]  ? __pfx_ib_setup_port_attrs+0x10/0x10
[  956.904049][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  956.909449][    C1]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  956.915485][    C1]  ? device_add+0x70b/0xb50
[  956.920045][    C1]  add_one_compat_dev+0x3d6/0x5c0
[  956.925120][    C1]  rdma_dev_init_net+0x1dd/0x270
[  956.930100][    C1]  ? __pfx_rdma_dev_init_net+0x10/0x10
[  956.935604][    C1]  ops_init+0x35c/0x5c0
[  956.939800][    C1]  setup_net+0x219/0x4b0
[  956.944085][    C1]  ? __pfx_setup_net+0x10/0x10
[  956.948894][    C1]  ? copy_net_ns+0x304/0x4d0
[  956.953527][    C1]  ? down_read_killable+0x1d1/0x350
[  956.958770][    C1]  copy_net_ns+0x31b/0x4d0
[  956.963236][    C1]  create_new_namespaces+0x3f3/0x720
[  956.968570][    C1]  ? security_capable+0x7e/0x2e0
[  956.973563][    C1]  unshare_nsproxy_namespaces+0x11c/0x170
[  956.979324][    C1]  ksys_unshare+0x4c8/0x8c0
[  956.983979][    C1]  ? __pfx_ksys_unshare+0x10/0x10
[  956.989076][    C1]  __x64_sys_unshare+0x38/0x50
[  956.993905][    C1]  do_syscall_64+0xfa/0x3b0
[  956.998485][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  957.003736][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  957.009833][    C1]  ? clear_bhb_loop+0x60/0xb0
[  957.014549][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  957.020470][    C1] RIP: 0033:0x7f246af8e929
[  957.024917][    C1] RSP: 002b:00007f246bd1f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  957.033368][    C1] RAX: ffffffffffffffda RBX: 00007f246b1b5fa0 RCX: 00007f246af8e929
[  957.041387][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000
[  957.049389][    C1] RBP: 00007f246b010b39 R08: 0000000000000000 R09: 0000000000000000
[  957.057386][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  957.065386][    C1] R13: 0000000000000001 R14: 00007f246b1b5fa0 R15: 00007ffee1dc7168
[  957.073400][    C1]  </TASK>
[  957.076442][    C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g62985 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[  957.088800][    C1] rcu: 	Possible timer handling issue on cpu=0 timer-softirq=52988
[  957.096723][    C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g62985 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
[  957.108146][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  957.118166][    C1] rcu: RCU grace-period kthread stack dump:
[  957.124097][    C1] task:rcu_preempt     state:I stack:26464 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  957.136076][    C1] Call Trace:
[  957.139405][    C1]  <TASK>
[  957.142366][    C1]  __schedule+0x16a2/0x4cb0
[  957.146922][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  957.152160][    C1]  ? schedule+0x165/0x360
[  957.156526][    C1]  ? __lock_acquire+0xab9/0xd20
[  957.161418][    C1]  ? __pfx___schedule+0x10/0x10
[  957.166327][    C1]  ? schedule+0x91/0x360
[  957.170607][    C1]  schedule+0x165/0x360
[  957.174800][    C1]  schedule_timeout+0x12b/0x270
[  957.179684][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  957.185094][    C1]  ? __pfx_process_timeout+0x10/0x10
[  957.190429][    C1]  ? prepare_to_swait_event+0x341/0x380
[  957.196015][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[  957.200913][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[  957.205888][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  957.211127][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  957.216445][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[  957.221696][    C1]  ? finish_swait+0xcd/0x1f0
[  957.226337][    C1]  rcu_gp_kthread+0x99/0x390
[  957.230965][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  957.236199][    C1]  ? __kthread_parkme+0x7b/0x200
[  957.241174][    C1]  ? __kthread_parkme+0x1a1/0x200
[  957.246249][    C1]  kthread+0x711/0x8a0
[  957.250353][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  957.255584][    C1]  ? __pfx_kthread+0x10/0x10
[  957.260210][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  957.265447][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  957.270685][    C1]  ? __pfx_kthread+0x10/0x10
[  957.275303][    C1]  ret_from_fork+0x3fc/0x770
[  957.279930][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  957.285084][    C1]  ? __switch_to_asm+0x39/0x70
[  957.289874][    C1]  ? __switch_to_asm+0x33/0x70
[  957.294665][    C1]  ? __pfx_kthread+0x10/0x10
[  957.299294][    C1]  ret_from_fork_asm+0x1a/0x30
[  957.304104][    C1]  </TASK>
[  957.307150][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  957.313514][    C1] Sending NMI from CPU 1 to CPUs 0:
[  957.318845][    C0] NMI backtrace for cpu 0
[  957.318862][    C0] CPU: 0 UID: 0 PID: 13960 Comm: syz.6.2120 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) 
[  957.318882][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  957.318893][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70
[  957.318916][    C0] Code: 8b 3d a4 e6 f8 0b 48 89 de 5b e9 13 91 56 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 c0 99 92 65 8b 15 88 72 d9 10 81 e2 00 01 ff 00
[  957.318932][    C0] RSP: 0000:ffffc90000007c68 EFLAGS: 00000002
[  957.318948][    C0] RAX: ffffffff897f6f78 RBX: 0000000000000001 RCX: 0000000000010000
[  957.318960][    C0] RDX: ffff8880306c1e00 RSI: 0000000000000001 RDI: 0000000000000000
[  957.318971][    C0] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  957.318981][    C0] R10: dffffc0000000000 R11: fffff52000000f7c R12: ffff88807d543340
[  957.318994][    C0] R13: ffff88807d543000 R14: dffffc0000000000 R15: ffff8880798dbc00
[  957.319007][    C0] FS:  00007fe63dba36c0(0000) GS:ffff888125c84000(0000) knlGS:0000000000000000
[  957.319022][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  957.319034][    C0] CR2: 00007fe63dba0f70 CR3: 0000000024516000 CR4: 00000000003526f0
[  957.319049][    C0] Call Trace:
[  957.319057][    C0]  <IRQ>
[  957.319064][    C0]  advance_sched+0x178/0xc90
[  957.319096][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  957.319127][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  957.319165][    C0]  ? __pfx_advance_sched+0x10/0x10
[  957.319191][    C0]  __hrtimer_run_queues+0x52c/0xc60
[  957.319241][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  957.319273][    C0]  ? read_tsc+0x9/0x20
[  957.319307][    C0]  hrtimer_interrupt+0x45b/0xaa0
[  957.319348][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x410
[  957.319376][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  957.319399][    C0]  </IRQ>
[  957.319406][    C0]  <TASK>
[  957.319413][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  957.319431][    C0] RIP: 0010:unwind_next_frame+0x395/0x2390
[  957.319457][    C0] Code: e0 48 c1 e8 03 0f b6 04 28 84 c0 0f 85 6d 19 00 00 4c 89 e8 48 c1 e8 03 0f b6 04 28 84 c0 0f 85 80 19 00 00 41 0f b6 44 24 01 <83> e0 07 0f 84 75 15 00 00 83 f8 01 4c 8b 7c 24 48 48 bd 00 00 00
[  957.319472][    C0] RSP: 0000:ffffc9000473f2b8 EFLAGS: 00000246
[  957.319487][    C0] RAX: 000000000000000b RBX: ffffffff8fada984 RCX: ffffffff8fada988
[  957.319500][    C0] RDX: ffffffff9025e64c RSI: ffffffff9025e5e6 RDI: ffffffff8be1b8a0
[  957.319513][    C0] RBP: dffffc0000000000 R08: 000000000000001c R09: ffffffff81728af5
[  957.319526][    C0] R10: ffffc9000473f3d8 R11: ffffffff81ace5d0 R12: ffffffff9025e650
[  957.319540][    C0] R13: ffffffff9025e651 R14: ffffc9000473f388 R15: ffffffff8fada984
[  957.319555][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  957.319574][    C0]  ? unwind_next_frame+0xa5/0x2390
[  957.319603][    C0]  ? unwind_next_frame+0xd4/0x2390
[  957.319630][    C0]  ? unwind_next_frame+0xa5/0x2390
[  957.319654][    C0]  ? asm_exc_page_fault+0x26/0x30
[  957.319673][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  957.319692][    C0]  arch_stack_walk+0x11c/0x150
[  957.319728][    C0]  ? asm_exc_page_fault+0x26/0x30
[  957.319748][    C0]  stack_trace_save+0x9c/0xe0
[  957.319765][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  957.319789][    C0]  save_stack+0xf7/0x1f0
[  957.319811][    C0]  ? __pfx_save_stack+0x10/0x10
[  957.319830][    C0]  ? post_alloc_hook+0x240/0x2a0
[  957.319850][    C0]  ? get_page_from_freelist+0x21d5/0x22b0
[  957.319874][    C0]  ? __alloc_frozen_pages_noprof+0x181/0x370
[  957.319899][    C0]  ? alloc_pages_mpol+0x232/0x4a0
[  957.319918][    C0]  ? vma_alloc_folio_noprof+0xe4/0x200
[  957.319939][    C0]  ? folio_prealloc+0x30/0x180
[  957.319959][    C0]  ? __handle_mm_fault+0x2c88/0x5620
[  957.319977][    C0]  ? handle_mm_fault+0x2d5/0x7f0
[  957.319995][    C0]  ? do_user_addr_fault+0xa81/0x1390
[  957.320014][    C0]  ? exc_page_fault+0x76/0xf0
[  957.320036][    C0]  ? asm_exc_page_fault+0x26/0x30
[  957.320055][    C0]  ? seqcount_lockdep_reader_access+0x102/0x180
[  957.320080][    C0]  __set_page_owner+0x8d/0x4a0
[  957.320102][    C0]  ? __pfx___set_page_owner+0x10/0x10
[  957.320128][    C0]  post_alloc_hook+0x240/0x2a0
[  957.320152][    C0]  get_page_from_freelist+0x21d5/0x22b0
[  957.320178][    C0]  ? finish_task_switch+0x266/0x950
[  957.320198][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  957.320244][    C0]  ? __pfx_get_page_from_freelist+0x10/0x10
[  957.320271][    C0]  ? prepare_alloc_pages+0x213/0x610
[  957.320299][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[  957.320327][    C0]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  957.320352][    C0]  ? futex_unqueue+0x22/0x240
[  957.320373][    C0]  ? policy_nodemask+0x27c/0x720
[  957.320392][    C0]  ? __lock_acquire+0xab9/0xd20
[  957.320417][    C0]  alloc_pages_mpol+0x232/0x4a0
[  957.320442][    C0]  vma_alloc_folio_noprof+0xe4/0x200
[  957.320466][    C0]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  957.320495][    C0]  folio_prealloc+0x30/0x180
[  957.320517][    C0]  __handle_mm_fault+0x2c88/0x5620
[  957.320536][    C0]  ? __lock_acquire+0xab9/0xd20
[  957.320568][    C0]  ? __pfx___handle_mm_fault+0x10/0x10
[  957.320587][    C0]  ? lock_vma_under_rcu+0xf8/0x710
[  957.320614][    C0]  ? lock_vma_under_rcu+0xf8/0x710
[  957.320636][    C0]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  957.320663][    C0]  handle_mm_fault+0x2d5/0x7f0
[  957.320688][    C0]  do_user_addr_fault+0xa81/0x1390
[  957.320718][    C0]  ? rcu_is_watching+0x15/0xb0
[  957.320744][    C0]  ? trace_page_fault_user+0x84/0x1e0
[  957.320766][    C0]  exc_page_fault+0x76/0xf0
[  957.320791][    C0]  asm_exc_page_fault+0x26/0x30
[  957.320807][    C0] RIP: 0033:0x7fe63cc5ffb6
[  957.320823][    C0] Code: 00 00 00 00 41 57 31 c0 41 56 49 89 d6 41 55 49 89 f5 48 89 d6 41 54 49 89 fc 48 8d 3d 8e 1f 1b 00 55 53 48 81 ec 88 20 00 00 <48> 89 0c 24 4c 89 44 24 08 e8 5c e0 fe ff 4d 85 f6 0f 84 46 0a 00
[  957.320838][    C0] RSP: 002b:00007fe63dba0f70 EFLAGS: 00010202
[  957.320853][    C0] RAX: 0000000000000000 RBX: 00007fe63cfb6160 RCX: 0000000000000000
[  957.320865][    C0] RDX: 0000200000000200 RSI: 0000200000000200 RDI: 00007fe63ce11f3b
[  957.320877][    C0] RBP: 00007fe63ce10b39 R08: 00007fe63cc4e3a0 R09: 0000000000000000
[  957.320888][    C0] R10: 0000000000000004 R11: 0000200000000200 R12: 0000000000000004
[  957.320900][    C0] R13: 0000000000000024 R14: 0000200000000200 R15: 00007ffc34de0928
[  957.320921][    C0]  </TASK>