last executing test programs:

2m38.121039263s ago: executing program 0 (id=1252):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, &(0x7f0000000300)={'nat\x00', 0x0, 0x0, 0x0, [0x702e1c50, 0x7, 0x6, 0x101, 0x0, 0xfffffffffffffff9], 0x3, &(0x7f0000000200)=[{}, {}, {}, {}, {}], 0x0, [{}, {}, {}]}, 0xa8)
sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x5)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
r5 = dup3(r4, r3, 0x0)
sendmmsg$inet6(r5, &(0x7f0000000600)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0xfff, @mcast1, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000000bc0)=[@flowinfo={{0x14, 0x29, 0xb, 0x80000}}], 0x18}}], 0x1, 0x810)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
r7 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000bc0)=ANY=[@ANYRES32=r2, @ANYRES32=0x0, @ANYBLOB="0000a37bc4d24bfedeffbd"], 0x4c}, 0x1, 0x0, 0x0, 0x40190}, 0x40000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r8, 0xc004500a, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r9, 0x0, 0x0)
r10 = syz_open_dev$video4linux(&(0x7f0000000000), 0x10000, 0x440)
ioctl$VIDIOC_S_CTRL(r10, 0xc008561c, &(0x7f00000002c0)={0x9a090a, 0x937})

2m36.453424978s ago: executing program 3 (id=1259):
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='dyn'])
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, 0x0, 0x0}, 0x94)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mount$afs(&(0x7f00000002c0), &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x40, &(0x7f0000000380)={[{@flock_write}, {@flock_openafs}, {@flock_local}, {@flock_openafs}, {@dyn}, {@flock_openafs}], [{@fsmagic={'fsmagic', 0x3d, 0x6}}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x800000000000002, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r4, &(0x7f0000000f80)=""/4096, 0x1000)

2m35.569814305s ago: executing program 3 (id=1262):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680))
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xf3, 0x1b1c07, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
r2 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80d02, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00'})
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='source', &(0x7f0000000180)='b:::\x00\xef\xdfB\xfa=\xe3\xd1\x9d\xe1\xbfUlJ4]y-,\x8a\x03\x91xu\x9cP\xdc\xe5\x95\xa2@\x9c\x98\xa4\xd2\xd4}\xc8]7N\xf3\x0e\'\xa0x\xfbdt\xb4\x1fW\xe7\xbe\xaf\x01.zT\xab\x92I\x104\x8c\x18\x16\x1c\x8a\x8e\xfd\x8b{ZVHZ2\xd3\xd6-~\x96\x80#\xee)+L\xf1\x00\xd5p\xe7 \x8c\xd2\a\x1e\xae\xb4\xe8\xd1\xe1\xed\xb8\x94\xb2*\x1c\xaeG\x1e\xdb\xc0Q\xb9`K\xffG\xc0\xa2\xb41\xac\x98\x01\xde}:\b\xa0Oq\xec\xa8\xf0\x8f\xe3\xa17\xe3\xd7\x9c^\x90\xfal\xbe\x81\x9a\xa4\x00K', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
close(r1)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r6=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r6, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
fremovexattr(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="74224b87089dd08998"])
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

2m34.355105869s ago: executing program 0 (id=1265):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
open(&(0x7f00000000c0)='./cgroup/../file0\x00', 0x284800, 0x30)
mkdir(0x0, 0x22)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, <r3=>r1})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x8, 0xfffa}, 0x3a, [0x8000, 0x3ff, 0xf, 0x8, 0x80000001, 0x2, 0x7, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x7, 0x5, 0x1fd, 0x0, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x22, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x0, 0x7, 0x5, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x0, 0x1, 0x7, 0x3, 0x3e, 0x20018e, 0xa, 0xfffffeff, 0x0, 0x6, 0x4, 0x8, 0x3ff, 0xfffffff9, 0x0, 0x4, 0x6, 0x4, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8008, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0x5, 0x1510edcf, 0x2c3, 0x6c7, 0x9, 0x0, 0x3, 0x7, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x17fff, 0x6, 0x400, 0x401, 0x6, 0x2, 0xff, 0x5, 0x1000005, 0x5f2d, 0xb, 0x4e0, 0x381, 0x4, 0xc, 0x4, 0x9, 0x8, 0x44, 0x6, 0x47, 0x8000, 0x1, 0x0, 0xffff, 0x2, 0x4, 0x9, 0x4, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0x1, 0x48c93793, 0x42, 0x3], [0x7, 0x408, 0x3ff, 0x5, 0xffffffff, 0x100, 0x9, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x80, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303e, 0x3e7, 0xb, 0x5, 0x0, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x200, 0x40200, 0xffffffff, 0x3, 0x4, 0x2950bfaf, 0x8001, 0xa2, 0xf3, 0xa9, 0x20000005, 0x6, 0xac4, 0xbf, 0xfffffffe, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x7, 0x1c, 0x120000, 0x7ff, 0x2009, 0x2, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x10, 0x2, 0x57, 0x4000005, 0x3, 0x2, 0x10001, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000006, 0x150, 0x1, 0x6, 0x6, 0xffffffff, 0x80000004, 0x5, 0x5, 0xc8, 0x1, 0xfffff002, 0x90000, 0x3, 0x7e, 0x100, 0x9622, 0x8, 0xae, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf3f, 0x7, 0x530e, 0x6a, 0x0, 0x4, 0x5, 0x7ff, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c)
splice(r2, &(0x7f00000002c0)=0x6, r0, &(0x7f0000000300), 0xffff, 0x6)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r5 = dup2(r3, r3)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, 0x0, 0x48004)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
shmctl$IPC_RMID(0x0, 0xf00)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007006e6174003c000000060a0104000000"], 0xcc}, 0x1, 0x0, 0x0, 0x880}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001e61e410b1134200557b0102030109021b0001000000000904000001cf28fc00090582"], 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x420440, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x13f, 0xa}}, 0x20)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}}, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10)

2m34.214975699s ago: executing program 3 (id=1267):
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
socket$tipc(0x1e, 0x5, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81e8943c, &(0x7f0000000500))
rseq(0x0, 0x0, 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2c)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x17a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f00000001c0)=0x10001)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r2, 0x0, 0x4c)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f00000002c0)=0x1)
read$dsp(0xffffffffffffffff, &(0x7f0000000200)=""/168, 0x7c)

2m31.772818109s ago: executing program 3 (id=1274):
mmap$IORING_OFF_SQ_RING(&(0x7f000071c000/0xe000)=nil, 0xe000, 0x0, 0x810, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r2 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7)
mknodat$loop(r2, &(0x7f0000001600)='./file1\x00', 0x200, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
linkat(r2, &(0x7f0000000040)='./file1\x00', r2, &(0x7f0000000180)='./bus\x00', 0x0)
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
open(&(0x7f0000000440)='./file0\x00', 0xe8142, 0x7000000)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000080)={0x0, 0x2000000, @ioapic={0x0, 0x1, 0x8000, 0x0, 0x0, [{0x6, 0x7, 0xa, '\x00', 0xab}, {0x2, 0x0, 0x4, '\x00', 0x5b}, {0x1d, 0x4, 0x8, '\x00', 0xb}, {0x5, 0xe, 0x7, '\x00', 0xf1}, {0x1c, 0xc, 0xd, '\x00', 0x43}, {0x4, 0x78, 0xc5, '\x00', 0x9}, {0x94, 0x5, 0x9, '\x00', 0xbe}, {0xf, 0x0, 0x6, '\x00', 0xfc}, {0x1, 0x4, 0x5, '\x00', 0x33}, {0x9, 0xf, 0x57, '\x00', 0x9}, {0x2, 0x4, 0x1}, {0x81, 0x6, 0x6, '\x00', 0x48}, {0x3, 0x1, 0x8, '\x00', 0x8}, {0x6, 0x3, 0x2, '\x00', 0x2}, {0x8, 0x5, 0x3, '\x00', 0x50}, {0xd, 0x2, 0xd}, {0x8, 0x81, 0x81, '\x00', 0xb}, {0x3, 0x89, 0x81, '\x00', 0xf}, {0x7b, 0x7, 0x2, '\x00', 0x5}, {0x3, 0x7, 0x4, '\x00', 0x7}, {0x6, 0x26, 0x5, '\x00', 0x9}, {0x7, 0x9, 0xe4, '\x00', 0x4}, {0xc1, 0xd, 0x3, '\x00', 0x10}, {0xfd, 0x3, 0x80, '\x00', 0x6}]}})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
chown(&(0x7f0000000580)='./file0\x00', 0x0, 0x0)
listen(r4, 0x80)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f00000002c0)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)
ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000007c0))
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2m31.505076062s ago: executing program 0 (id=1275):
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f000040d000/0x4000)=nil, 0x4000, 0xd, 0x11, 0xffffffffffffffff, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x123480, 0x0)
ioctl$TCSETAW(r1, 0x5407, &(0x7f0000000040)={0x6, 0x7, 0x5, 0x0, 0x1, "000000001a000020"})
ioctl$TIOCMSET(r1, 0x5418, 0x0)
openat$ttyS3(0xffffff9c, &(0x7f0000000140), 0x20040, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xd)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f00000001c0)={0x0, 0x0, 0x1, 0xffff, 0xe, 0x1ff, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR2(0xffffffffffffffff, 0xc02464bb, &(0x7f0000000080)={0x3, 0x0, 0x1fa, 0x0, 0x4, 0x800008, 0x0, 0x4, 0x4040})
syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r4, 0x4b72, &(0x7f0000000000)={0x4, 0x0, 0x10, 0x20, 0x100, &(0x7f00000007c0)="387ed7626d850509a2d6c1aa38f15cd0c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88731b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d461d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a541620000000000000004549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8ddbf5e20d60441304000000cbf881caf811852806175d638909f6234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab828313501e80d899e9252f99d3a266639438ac5252d9bccff4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60bafd013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a9013923167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"})
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)="480000001400190d09004beafc0d8c560a8447608004000000000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/mcfilter6\x00')
exit(0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r7 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000180), 0x40400, 0x0)
fchdir(r7)
mount(&(0x7f0000000100)=@md0, &(0x7f0000000280)='./file0\x00', 0x0, 0x7d809, 0x0)
ioctl$SIOCSIFMTU(r5, 0x8923, &(0x7f0000000000)={'bridge_slave_0\x00', 0x1})
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x4, &(0x7f00000000c0)=ANY=[@ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)

2m30.157077548s ago: executing program 3 (id=1279):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x31}}, 0x1c)
syz_emit_vhci(0x0, 0x7)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x7, 0x0, 0x0, 0x0, 0x4}, 0x94)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = socket$nl_generic(0x11, 0x3, 0x10)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000300000000000010000b7080000000000007b8af8ff00000000b7080000000000107b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r3, @ANYBLOB="0000000002000000b705000008000000850000005d00000095"], &(0x7f00000001c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0xa}, 0x94)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0xfffe, 0x0, 0x0, 0x2, 0x0, @private, @multicast1}, @address_request={0x11, 0x2, 0x0, 0x12}}}}}, 0x0)
sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x2c, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x3e}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x1230, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r7, {0x8, 0xfff3}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x11fc, 0x2, [@TCA_MATCHALL_ACT={0x11f8, 0x2, [@m_tunnel_key={0x114, 0x1e, 0x0, 0x0, {{0xf}, {0x58, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x9, 0x6, 0x20000000, 0x6, 0x2}, 0x1}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x7, 0x4, 0xfffffffffffffff9, 0x400, 0x1}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @mcast2}]}, {0x8f, 0x6, "c894f33fd70b641d15a5cff1774d824dc5f96a056a827473467cdaa0ad493cf2c671b4e9ea40099c2cfa54286c8ff2cd00e4e2f57df97b36d47673b2c10af13efca8a76b2c1296296e4fc7389f643f61894b2a717e14deda58f76d2bdbdee6aacac1fd6d715cd6fe08aa4318302507ff1e15ff68e487198f1e189c985b8788c9062e49bf19633d206c5b6d"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xb0, 0x5, 0x0, 0x0, {{0x8}, {0x58, 0x2, 0x0, 0x1, [@TCA_IFE_METALST={0x30, 0x6, [@IFE_META_TCINDEX={0x6, 0x5, @val=0x2}, @IFE_META_TCINDEX={0x6, 0x5, @val=0x5}, @IFE_META_PRIO={0x8, 0x3, @val=0x7fff}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x4, 0x5, @void}]}, @TCA_IFE_TYPE={0x6, 0x5, 0x7}, @TCA_IFE_PARMS={0x1c, 0x1, {{0xb, 0x2, 0x0, 0x6, 0x2}, 0x1}}]}, {0x31, 0x6, "f8affc2a5cf7cbb6ce694cf74b0d8c12f937eaf1a11df11ea74106d05f69f9ccd244ad1e9495b2f0588ae9f5b7"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ctinfo={0x1030, 0xc, 0x0, 0x0, {{0xb}, {0x4}, {0x1004, 0x6, "abaa3066bec70c18e746a74038cf88eb3437d9981d0ba0d6858aaa948dae0988f44a989911787f83dba77452ee649d8268281a4075279c6346e8e5398fd46ca761f05e837695f81e611b8d871c3b933982dee7c333d629f0a079c1818dc6a78add8742c2cc28109e5ee7790cdbebcbabc5917106f0ee9006db5b66515cc10a0a204b5356a7587fec10ed0a139b208141caa5b0a97406f26468da8194413713d10b22369437ed6dbc7cd3cb2ea48d4b68f525807da9bab39a80dddcc4860f72a136246c16e378eac39054782cc72051ee988134558cd544df86c18fc16b8e19f5d4fc3763226029f8b5e2352d8084078646f648a16cca3d1eaa65d68cd34c3db5389323d1019acdc68d5546f4a24e26c7118689171088890a8558a27e3e4079cb04655ce0983c219f3e6912c324abc6a6214fd2206317a7c842f50bb2735bbf0b5329ea8f3a298082f4e072227399a742727bb046bc6d20916ed8f3b07b6f8c781d3a1e03d92adac212a587777984543278b2c3721bdd1b2e35f91e7ab6ff6329cd5f0bb617dd97cd837f34a580b57a71fcfc4247d43e90e2f1ead36ddcfbfaf650ca529055b6a62b4c86bf51ef6a1c3b88265888d30b41f29a098232293082bed80c026769294d71c11887e6510a10ca2a4a641aed74918739ff9005b63ae490818ba5487a0507cae3543f9bef633e162031f4031af0c976ef01efc13f79bbf177e7143ac0130c44ef0aced059a590ead4cd29d5c25a25b7bb44a820cab646fab22a2198ea3b255f583e27049edfed097375b9bc25aefc87dbf0b4c254363ffbe4d17ca0b6d957df8c389ee99f615bb4cbe5c9fb11d64557b50aa86850ce8053eda3e26e0dc88607d716182c7f035bc0b0f6d33b0f79005f4dbc391426820c487d104cd4eb9a60f7d6aa4c0cde5482cc52e79f80deb340deb569b8c379ed5cdb615b7fb8dccd5cf2fe7e72f0a970357dd4378e85667fa746a40d084d1896f4f9c3cae824b0e4aaa0da14165d1ef5dc484f4913f256f92f28cc276ae4a85b1431167da10c736d61a17544132c26387baf3631341a4e6c6970a464e980d203354a3856c52bf088ac4649bb2f944e8be2b117f765bdf474ad8c21cbce55dfcb47c60f40e30c4eac1eb50b337170401ba5de7ce780ad6d2e1bab20e7ff9292b8d5c205abd9dc1c4fa6b16a101e34465bbc85f22d73e96bf4f8014563c57135dd169447eeb7cb96df9cd2acfbff4bb6769592da76baf2f797d20b607a95576df8cf5f250cd66c7831193fc85f805ebfec282e974f31afec9262a3ede15cbf679d60d5f63d77daaa5e3635be278b2c5d202fcf5712a23b26fd5fcbcaf22fed6035e952b7f23b67b04041b9ec2c8581d16dc96cac863d0302cc12e099f88ecd5d821fa9a85aff2ad0eec6b2a700cceb9922cd112e58c4754a044f528c49b2f028212ecc7989c18ad1f597b6f663b6d9eaef3ebd7091df9937327a474fcced59c4d149babe195fcfe742e56fa5a9b21f5ff0967111735ad181df3458b49c3928aa24ac266a212ffbb375f8fe005f82eff6d0cef5f3faaef3cde5c596b259d25eae024d346d076734fc7838e70c13341e17c6c7ea6171c47a26bb975717551cc901fc7148bcfb0fa42e1cf62b4a887e33375a0142d5dfc8fc1a74b8f5307c21d595ffe80dff14f0e7894372eedb8bcafc20c3522bbbbf3989b0efb6eb40668fdbfadd741d723980b004ac0537e1e21eaef1bcf699498b2e4ae0b19f8e762640ab04deb5477df95b289d62c4e98ae5056c21df4f719148dbdede11cc7c1b5fc445d8f6fd2f6dad10a043a7f64ed1fe3a5b605d9e0304070f280a783b3cc4feb0cf70dee8028859b6907de1d2555b65290c4ea11a9903d10cb6c8166ab296108e5a7b7422aceeb27fcd3ee280aa9dc7c9606026d3e3589f3c7e671de59d62e9e055f22b1a074cb9259e7b792b0f51e2ee20e990b4642bd3c45ca8aa055ab3da6813ea5e8dd72b457d12274570a38b88c55ce5a6dbed303da87dd249c71713491a11eb0c1c07eeaebce54cc02522054eb168305184da3b73fd5cdb8145b751a0fd00da3758991a738bcf694cc262e73fb24652906f4e942c2c7847d7b865b177398ca7c01b1ba620f7a67bfaf068eef68400982d0c4d96aea948bb0005b1cae7a56d0a82b545af0822853d14468aa4a78c216608c554410fe9379ea272c04000ec9b914ab056f53f6ebf694b3128684a80823c3a4b9589c55db85d90c16c4ee932878e6e4ac3f303fcdca48fc912b363fb287c48855005b228cad28e350df44fb7f1818ff24d6c19290d73ffd3dc0019c3ca4431e88b982b525cd1f6c17bdb3f3cb2f2334b727d8aa2ac9e8e19aa0465fac80480d09e4a8516fff25b9d243fc4b06f8191cd450e5f385cf2cb47c876963810e2ba0210029ca289ca1156d87cd7ac606b7d86f2e1a2a7fad4146951cb85bf14c6a122b90bdfeeb28a00a3d9b70309b343c3d92c49a3d05a953d0302ed30aa70e6a903f1fb6e1c121a34ef21e510cb19ff803a0b618796328c2defe13d95e4c5315cae7105e891d274f30087f1348286ffda25378dc2bfeee3a3d954a25fafde5787e4f9e2248a4f7109daa84ea9f58460f281c88ee4eefb1b21794c5253565467dde0dc0bcfe2daed710ce57277a9d31e7978f2fe16536b72c8dc060c2fab184f2092f7557c423485af3c98dbb1e834a92d3371e44fbcd03ea44b1de1054b8b540dcc4f448a406bc20840b0bb92bf763c262dbe50ca5354e273063aec08251096557525e44bdea079d868aab256ec2b3cfdc14eca273b1d03f620a8bb6af895f11fe1b1c5a6ff4fa4d96e1c2c3499a97353794dfe89f215f7fba32f627c60ee5a1eb0096af120a3a45d54164b0842967d03b0f19fb85368d34056f56f9678fc6b845b757f5fe372b4d1e440813a95befc89f6c9e590b7fa1e3655e8c7a47ad4166e28b963b93b06c69b088acbdceb569e73a38a19daca064a6171c89ed2a98eb16c3f1777372da9fb20d24434f7c160d71c228fe42d541fef34fcb18cfe9910dce3ceb902e84df10de5881c07f9ca3c63ff778837c43cab80b7d7a4e25b33256ef5c2bc374107196000119a06148cd9f99fd0c0524066e5fb8c1bf313b6ba3bbfc2773371789526e31780fb8aa4faa79f89a3e23f0e58529f4db469c37521305c25895a7a1c840c14c472fce7f71debc93c925f3c68529dddbe84728227fc9e2a43f2c3d31588e4719420e3f412ece2802864bf69a24d136eeb25cbad841925508014b38d41411e7a2a19d2cc1cf7e47af1763d182759b7861e23afc6404f5c601e4201a8d34342fbc2100cebd057bd98ef9b715c3414d043c99df6ba764cd2ffa2649ff936ece53a398257d96aeba90eec78a19e0d6ab9d7ea020fda18bdf2bc858e27777600c912efbbede50e8498ea011b5b7cc1d73094e6392a7cb6d721c347f859acc114adb45a5f264dd8df9417efbe51a1263c233ad94c63ee5c68f3b6d97bdb8f341b545607718d6bbd8ad9b537b57549c5e407eebf1e8c2a35bd49c73280f85e8243dd01dbe5901aaca9cb5e90966ea937ecc3b160e15301328271f8958bd7ea7dd315a61e6f3f05419d39c55702428e276a6a5777cf0cec19238237f54d490a4743c7ebd695d72299b0552311cfdedac85f45159bd2d43dc5b1e8045ca33ce41776fe91f53b50e360eac3afd96c418b9ae83a3d9ef172894cbfb2dc48f805637dd7b82d98e0e9fffd0ccad6b09303574d9ebf26912ef2ee5267572d6a61f700827f1e8abb2b834a6fd6b97cb24e73b82f711e0068d7839160e39a0613bb7e15b7c79dcc9d700507670d769567d2113377c85e0f2623fef8f766910057073589cecf38440d1e815bafbd4010d9685f09e4540a8852b8fd8b04cd66bc83f1b75e96b7f1ed76dc2685f47220483ebab7bd9b2dc395d980c7eb4ed117c0214ccdb0b1504dc3c2fae8678e0c7c10c955de175062cfa1c11182f6bf7d5cfc3c8a74bb244d4d82d77259b1e6c0c30bdad88d58629ae214a040594d44ca0d7aac6b4afb5fd5730a8797b9cc5ab07a2496bbdfa437b554bd1567bd77e0fe1407a19d3f56137f59cf5d81e685752e40da410761a8b19046a353638d6e18225d4aea632145996c19e93f63fb0ee536e148a4a87a1e5a3a053cae6bf2c499cc37d8beb4f746fc716ce11074c353e91e7b8aa28518b32a880b6669942b7b533a0c18f906cb481f5c0298917dfc69e4a0747d78f8a543f387a622461df89918a279c59e01e0d609ad66fa44409e0c0f9cb868d8df6d7935c74cd726a158dc5d16366841986679d148e21ef4ffcea0cbe3e9077e72eef3edd48b261025e845d082c3558ba4e51332a5b9d6124f7d4080983393b1b2d439a02b3b0ca0649d8f6f2f88f58cd3370f9b409bbef9305b05f60f289d101a1581e82386d3ecdb99ec4fcba910af6da65d784d5b732c556dfe151ac36c09e42c66c07ed6d19e6a6dffa9f86636288a11a9eb787c1d392a86271e6d456e19c83eeaa4de81b4bb14a1c1c0cd3a3dece18d929559cbfb78fe4f52af5c7b1044003f922e36af0bd382fe10139cfac483a7e9958ae2b6a446539328881e10bcacfd5d19e7df8393c6846b4fd03ccedfdf70f828c21212624eca676870d11e2c1412ba0f4728adced1c7d2fef0aaa3cc2456f52540d293e9482ca8c0e9d3ac9d3a53cbdd4130570842f2f8c5065de3400eb4fcbcc3251898449181980210929cbeebaec9673d2e0c8f10da810de755b68569106af09119b2e8c6ea91028f78c7b04391d23d5ed5753ec11caad70ed049eadecac6d135e649ced44228f8cbdc72668d85f6c047ee1d84af4b2c7c711600f77ea050b40e01ae44f81c54c06c04410eb6e37443ce8c1c5d9277caf12ce7f1da63c49ebf18e8094c75e0fb713bf1d1f9cc86c447ea16e16335763051c3641dad8357531188060d8cb908743e53773ccbe5509a26d1860908d4c1ac4be569fb20cd42f68500c8c2f7c2925085b28472875a8f5362c84fc0ce408e0134a7aadde10b58b681b40abd43951bbc1c6c3545513c0a1fae4c39fc7e74a8fcfaf6eca5a3069beb3a43c8e9853f5bdd667bda5c38b4f7ef446a485fb53d2b993b7cd6319e9ec2b876ce37724c2e1dea1dc5502d96f3e346313c69405341a348a838f7b95f16bd621b1f7cc9750d61e88dc1154fbcd8d2b79b5d5cf76eb71a13aabb2168174ba0b89c791e016c02efccc5af05c8b2cbb7407cef1aa113e1888b844862901445c57eb4df8d864db8986ed91ac9f80cf0e4acc146ecd5e4e6612fc71b4ba13f9f29fe11a35d4337d0348b4a14306e02d9ea18d2e85aa578fab9b16ca489a0c7dd8e3c13a2eec0348efbe019905482c45eb7e7d507b584d69883521ec0f0715315ec25ac2dc3c7bf1e923e5eb0b8eede209d87ed31bfdd4041a52e591730b8ed3bd2950164f18050129d311a0bb398a3011f82cabed78f6ef18e2b19345abacd31dcba0256cd96291ca59b6b59a9ea4459ae09e0249d093a1f2c0d95c19175848b192419c526b26cfc018d1b54d6320c2bf4fe927327bfbc6dd3684571012403b89496ddb4f5a189f04f1d243d58df53c61408f5ca86ae124783fcb41b668a31c336a8d295a20368fe738a1bfc0f12d3a51702dd8955cb486a62707daa64b3d6d7b6b6e2a88fbaa9270e5afaa38eb12fc596e94600c1e2f283fcb0fc601527eca32a9e26d3979e9d954e791e70e59856aa51d20aa0bf4b53ac58ed0c01822fe688fc77ffbe1002fab794f58e0f92e93dd9d9"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x1230}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

2m28.65401382s ago: executing program 0 (id=1280):
syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x1, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x7ff}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r3], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x24000848)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x804)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="791298000000000061138c0000000000bf2000000000001f15000000080063033d030100000000009500003a000000006916000000000000bf6700000000000066060500fcff0300670600001f000000760300000ee60060bf050000000000002c650000000000006507f9ff01000000070700004cdfffff1e75040000000000bf54000000000000070400000400f9ffad43010000000000d5000000000000000500000000000000950000000000000032410000000000000054bb12dc8c27df8ecfc7bdd2d17f2f1754558f22dd399703d6c4f6f3be0b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf7a13ba1fcf1111ce4fc0d742a81762bab8395fa64810b5b40d893ea8fe0ffffff7f1b546cad3f1d5af65706fd4f68795cce6cf16ab689b555202da2e0ec2871a51445dc8da39e5b0ab71ca9b901627b562ed84b026002d4519af619e3cca4d69e0dee080006774a8f3e691700ec88158f02001b0000c81c8b297dff0445a13d0045fb3cda32a673a6bb55d8c80800dce431e56723888fb126a1403d2b63f16fb2ad9bc117aba7cbebe174aba210d739a018f9bbec63222d20cedbc4d03723f1c932b3a6aa57f1ad2e99e0e67a993716d20000009f0f53acbb40b401e3738270b3156268784f2af9e4bcf8b07a10d6735154be1602f9dd1d7d4301e00000000000460bcc5989ec85e3cbcb6bcfaf0000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d0861cd64722cf74686ebfbe2562671cd47840f81d2a8f8f9be3bcd19dc6840aa7afaab43176e65ec1118d50d1e80100008000000000887a5ad103649afa17690884f800031e03a651bb96589a7eab049b1bd47287cd31cc43ea0ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae899a56715a0a62a26a0f6a5480a55c22fe394ae0000000000000000000000000000437d57defb79ea000500000000000000000000f014a4a318ba48d35ae9f438000000000000db894b62a614cb1fdd46619c5d2200000000000700000000000000000000006dcd2f421400f69947e4f26e099c9e8369080663c909b7e7c87e3b5e8e5a6df77c8f7338cd5a85f211a41b5d529d4243e47d7ab0d5991756b59d363ba30b18fc2ff189a4e8db38ab97c6a125e2785619e84c6a2b50f0e3ff83ef5149aff43dc899fdebdc2c496e6bdd4dd4d21f06fe133f4444272c5f0839ad663100452a6c6b6421f7e89a33b339401eee2cd466ab2a93a1ee7fb8a9e455ba1c6e17b02a1cd7bf35d36cf5b2a0f063469ae0d0b9fc042b48e98626eb0f9754d8cbbefa3079fe63063047baff09e9aaf7600000fba9a88db9ebef86f7cb522a784bb6d37e5f802757a15c6735138b493db9df53440a63fc565a0b190a710ae1e6807cbeb415ac841e94b706974160a60a14e571274f333d23186143b95514c79b50994cb39cda343bda8f01cf8ec7cdfdace0289e83ce50a57d69bfecfaf69fe7ff5b0375a47d3eb57b41d8a0589b82a1cf1149ba3f21ea2b65433321eb1a6f04ecc713c2b26d27baa49e54c2babec86335b9f418b5a5eb997bc9dd65197124b9aa80fc4aa8defb986bf05c41b919886bb81ecd3d24cf9ecc7004000000000000002c70d32f5d55ef2a2cf7560cb2884f46a92b3c25550f73e407fc5d514b2b7a6b690e290e676266addb7d96e723dec9c418eec8c48dffb6f432b4d5fef16e4f0051ba7efc690022c3f62b37cb5682d8bfdfc637ad3bf089ef0117bcd395322fcfb8e8e0a6e2babceb5f289b1d991770681192bcd0b584c3497e455f30ab918a690514a87a7d8e1d5f169a4e680e9c390071d26f2e0e26fc062f2785f14c0404fe01fb4000000000000000577dcb1698a9021a36d73ed03651c1937b2c84046023a1a0a87b208e33ad2d7c2892b176877264e1d699b7401eb917b289f6f67060fda0fa44b54bd87517a2bf09dba7209e41db4288b61bda5960952c45e5c55f2cd68bf9c6ff33e46109584bf42e8696ef1876564fef6f24cbbed0db8ab7fda1ffcc8c9fd4ab2cbe8f8df8e5535b12a942a948eacdaf308d48932064cfc3329da74f6f3e4409d6764a29680e312bf1a0143180e6493c9201ea916e6c9b2566c558ad88d9f7c0aebf82f5807eecefa97ada9bbd9e478e5d7748ee188bc719ca7a73dce5b6758a767c4c6b7572ab25eb2d73986379d5685cb438fe7091d097cc8f33fc0f83dee76603d6580f1c8fc4c37efd305ccc5a25678180425718bb9344e60dda8dae2677bb602d29aa0810616a2fdbca7020d72291b592b84223e2522ee01f5bdaa0fc4eb8d71d948a2baccf3ea2aa79d4d9069d8c0000000000000000000000321cd67859b4567badee56f158406f08683bdc5ffe2dedc916000c71f922fa2dfead7535999436a4aeb908781893479319b8b55e00d90ae6f09f06be2a0fc0bc17bef53331208112a0132350c0c5dd4607547079acc9471300dea6ae01742dccdae69f932cef80bca1bfcb57b9c852cf8358a580044772a80f20de36f707385380155be8907029d039a1d1447fc06b7020221e0d439f3f47edcf12f913dc8b6389a540340ae37804728ea65352e630c2e90424d58d72fdc1b28403e1dc7aad238b81df3b2d4166d656c6a9c73554bdf4f7312a4c0271e0eb45b4a596b7fa928ac3683f09fdaca46226c1df2c6c866cb4412d17d3d52c38cf0f7bd3b0eea2d4e06d061bb1b7c8c52f37f4036932d00028abd4527f5649bd60df638596fd639d7b16860033754ab13419429e5e39f290751ab6bd9392aef5519cd8c16e1f1cb1f225cc84a1a62497c1e436142fe28048a2b4d133905814a1808bc5b3e45eaa9eaebd946bee806968aeeb5a9eed87eba3d25d0b412a1b4cf2d419a58b09fc275c4395a0bd332eb538321465043e5967dd22459d0f52190a37f93ab823431a81fa6f54de61637fd473e19a6f567fead100e7d8cac149b66ebe9973af846146c62065a64854ed21e8b6f6fbe78474b753915a42efcb7da8ad18bacff8d69e0af1ca1f8174530a21820738412b100b54ee9b4a0dc22d5fe1cadecaea73fbfad087b19ce53177488d230539c5174f572a539d9d7c42698aa82bccf030ad393f25c10baa17e919f647d0e31877b7a6c1d8d86583f884a0c1da07b9b6dced06cdeb0094aa635a82f233b5993926b8970a0840ba116a7d20a40efb3bd03c4bdf380a2510a0a1ea69811ded68943c71218b42783b38959753978f222e1396b9b36dee2ce205122a000577cab29f48bff4f88c417e6bf5fb430d925596f29aca8677ca5a113aeaa5e0252ca17244d6c76e78ff1bbd81a71c4dfc72431d7f1126f8bdbf4056ee0f58a1bf83d53b1de07489541182dc4ee0f573c25b6c15dad930bc7a770b5a4f407d7a879db7185f15f80100000000000000739cc97db66ec6b925955d9a591808947fdd8d484ad27353230a449fdf87fc46c73b852fec931cfb6718acf3315bf5e577d00beb77c5514bc05d576a81345a03ad7aae74c5d2b77d45718348aed4fcbcd1441ff31b8f038824a989a9446a4a69367b228b3d174230b7320fc4d3c03368db573816dd0c04e65d6f8ce48283e76abdddbb965e0b2568e93c9cc5494a55421793f562c50c53f876cbde93c5cc7a3099c99d9775af010ba093f8a13b771782a3cfb24fbde6ef763e20c613164ab014d1906c4e098f1431b6b2886a155c4bac2911d7ee6a646f5913205ebd175e68975b93c330e4f9131788026b3b7cd5b6452c9e17452ac70000000000000000000000c71185f72436640fd4294fc3da230f9065095be47d7a848df12316c3c8b184fe110b061987fd79cf7d83443e69d08e2e839ae4fbe26ef7764f4870ef3bd0ec12eb45f60ca10dbfe329271f0bc93b28798e982e0dd32fc14bd4313c63b2dbb568f33fb45acad2dc7f438ea162c0709c0bbe1ea13e1e47399286e8143f400d7adf5f69e455706626814ee49274667f47769293451fd49885a152b8d2cf18febc7993f4a93893c6c7b7e46a230359ef2443e6bb9f50bb0faa5eaafd3ed6d551600c46b58a29fd7ccbbb0616f0be27302b683eccd742791d97f4a1daa0447f004426fd09b67d926f51525da63987bc73af35b28277879089b89fff6edab2fa1caf660a46a1a9f09e2d095b1c4be95c7c33dc81857f580e36c0a78d94dd879ee18de4a6475858d2ded2e3427ae007cc6f8e5e99aa146667f71ad83f3ddcf5db2dc396d7da499b65cd98125f20c284fc84d6a70be1de44b49c82022225292199c75cc26beab98dce4c331ed722f01d0d6314a72416814a565f4d90a5f8a255810f23541082f4b06f451e4724cd882f4d589600000000005854ca490d7df9cc293547c9a51aecc7a92f417f6a4d327737f1b198252358832dbe43507844a0cc112af4ce457c173fa64174ffd5ab9501eeb85508ebb60e169c0736c5960f2fe08735d6a7aa7c1f4a6433e77d3e547bbe6cf5b5d93a491ab4bba1ea7a1e6f37618b1d74cff3630d85a210092211be1ec12a30891eef590b19cdde055d626818c64e1c56b8918f33441a64b54946571b7bc70fb065d3bb1647f6f989ab8159e6d1cfa6c0ec7329d7d2263ca22144bf17d8692f03b592bd0f610096094da096233984e95b9a8216a6e60a104ae0bb5f77ac70b4390ea2cb6f6c40c928fae489f447240a25fd0a5bd9d5b6cd2a98f8804862922c11229c4e45c765e4d3348af3d3aadd5cc24b39437f1ea2df0000000000000000000000000022b90d93a267f3af4e02606f0ce6c2ffc4cab575a09d6e625f3248689005eb4a9c8df3c67e6b2b759cab3a7bedf1b927cd8ba6d13b3e7d7279515e3d6d20"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e1c, 0x2, @loopback, 0x1}, 0x1c)

2m28.377260694s ago: executing program 3 (id=1282):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='timerslack_ns\x00')
read$FUSE(r0, &(0x7f0000000700)={0x2020}, 0x2020)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000), 0xc)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
getsockopt$PNPIPE_IFINDEX(r0, 0x113, 0x2, &(0x7f0000000240)=<r3=>0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={@mcast2, @dev={0xfe, 0x80, '\x00', 0x41}, @private1={0xfc, 0x1, '\x00', 0x1}, 0xd, 0x401, 0xf9, 0x500, 0x1000, 0x200012, r3})
ftruncate(r1, 0x9)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r4 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
lseek(r4, 0x1000000000931f, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair(0x1, 0x100000005, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r6, r5, &(0x7f00000000c0)=0x58, 0x5)

2m25.305906459s ago: executing program 0 (id=1288):
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x80000018})
shutdown(0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x10000, 0x1, 0x8000000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
epoll_create1(0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5)
setsockopt$inet_tcp_int(r3, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r3, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb00182", 0xb}], 0x1}}], 0x1, 0x20008000)
setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
socket$netlink(0x10, 0x3, 0x10)
readv(0xffffffffffffffff, &(0x7f00000006c0)=[{&(0x7f0000000240)=""/50, 0x32}, {&(0x7f0000000280)=""/203, 0xcb}, {&(0x7f0000000380)=""/14, 0xe}, {&(0x7f00000003c0)=""/235, 0xeb}, {&(0x7f00000004c0)=""/226, 0xe2}, {&(0x7f00000005c0)=""/234, 0xea}], 0x6)
r4 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r4, 0x40305652, &(0x7f0000000040)={0x1, 0x1, 0x6e, 0x0, 0xd, 0x80000000, 0x4001})

2m24.124951454s ago: executing program 0 (id=1290):
socket$packet(0x11, 0x2, 0x300)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, 0x0, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
write$tun(r3, &(0x7f0000004c40)={@val={0x1c, 0xf5}, @val, @mpls={[{}], @ipv6=@gre_packet={0x4, 0x6, "ace260", 0x44, 0x2f, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00', {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x2}, {}, {0x0, 0x0, 0x1, 0x1}, {0x8, 0x88be, 0x2, {{0x0, 0x1, 0x23, 0x0, 0x0, 0x1, 0x0, 0x2}, 0x1, {0x3e}}}, {0x8, 0x22eb, 0x3, {{0x2, 0x2, 0x48, 0x1, 0x1, 0x0, 0x1, 0x61}, 0x2, {0xfffffffb, 0xf587, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7e)
write$cgroup_int(r2, &(0x7f0000000000)=0x2b00, 0x12)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r4, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000cc0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x7}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_KEY_END={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc4}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000040)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000240)="d2a7b3", 0x3}, {&(0x7f0000000400)="e06bd3f745", 0xfcfd}, {&(0x7f0000000500)="86e9a0d8", 0x4}, {&(0x7f00000005c0)="25062456", 0x4}], 0x4}}], 0x1, 0x4000800)
syz_usb_connect(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x55, 0xe7, 0x64, 0x20, 0x421, 0x492, 0x49fc, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0x84, 0x0, 0x2, 0xd3, 0xc0, 0x44, 0x0, [], [{{0x9, 0x5, 0x3, 0x2, 0x3ff}}, {{0x9, 0x5, 0x2, 0x2, 0x8}}]}}]}}]}}, 0x0)

2m13.651205153s ago: executing program 32 (id=1282):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='timerslack_ns\x00')
read$FUSE(r0, &(0x7f0000000700)={0x2020}, 0x2020)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000), 0xc)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
getsockopt$PNPIPE_IFINDEX(r0, 0x113, 0x2, &(0x7f0000000240)=<r3=>0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={@mcast2, @dev={0xfe, 0x80, '\x00', 0x41}, @private1={0xfc, 0x1, '\x00', 0x1}, 0xd, 0x401, 0xf9, 0x500, 0x1000, 0x200012, r3})
ftruncate(r1, 0x9)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r4 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
lseek(r4, 0x1000000000931f, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair(0x1, 0x100000005, 0x0, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r6, r5, &(0x7f00000000c0)=0x58, 0x5)

2m9.691523062s ago: executing program 33 (id=1290):
socket$packet(0x11, 0x2, 0x300)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, 0x0, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
write$tun(r3, &(0x7f0000004c40)={@val={0x1c, 0xf5}, @val, @mpls={[{}], @ipv6=@gre_packet={0x4, 0x6, "ace260", 0x44, 0x2f, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00', {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x0, 0x2}, {}, {0x0, 0x0, 0x1, 0x1}, {0x8, 0x88be, 0x2, {{0x0, 0x1, 0x23, 0x0, 0x0, 0x1, 0x0, 0x2}, 0x1, {0x3e}}}, {0x8, 0x22eb, 0x3, {{0x2, 0x2, 0x48, 0x1, 0x1, 0x0, 0x1, 0x61}, 0x2, {0xfffffffb, 0xf587, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7e)
write$cgroup_int(r2, &(0x7f0000000000)=0x2b00, 0x12)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r4, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000cc0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x7}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_KEY_END={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc4}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000040)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000240)="d2a7b3", 0x3}, {&(0x7f0000000400)="e06bd3f745", 0xfcfd}, {&(0x7f0000000500)="86e9a0d8", 0x4}, {&(0x7f00000005c0)="25062456", 0x4}], 0x4}}], 0x1, 0x4000800)
syz_usb_connect(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x55, 0xe7, 0x64, 0x20, 0x421, 0x492, 0x49fc, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0x84, 0x0, 0x2, 0xd3, 0xc0, 0x44, 0x0, [], [{{0x9, 0x5, 0x3, 0x2, 0x3ff}}, {{0x9, 0x5, 0x2, 0x2, 0x8}}]}}]}}]}}, 0x0)

1m38.746582581s ago: executing program 2 (id=1433):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000000080)=0x959)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$can_j1939(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)="cd27f43d1c0fcf403f90c0e4438ceffb651de771f22548b61ff17d32c15bdc7db87ffbcc6c22458bd295ca19993636f2ce2bba153cb067f09b0f7b2a32edb9fc1f25a44c008aa9d033901ee3cbd8b6d4698480d6a172d6145841275d2cbaa14e93842cae230c8372c343d7b77286a8133516d4d0b2d6f18413bb0c511c3473552ba40040699112fd83b8fbbf351c26", 0x8f}}, 0x0)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x1a, &(0x7f0000000280)=@raw=[@map_idx={0x18, 0x6, 0x5, 0x0, 0xc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}, @ringbuf_query, @initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7}, @generic={0x0, 0x7, 0x2, 0xef3, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @tail_call, @initr0={0x18, 0x0, 0x0, 0x0, 0xe0, 0x0, 0x0, 0x0, 0x200}, @tail_call, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffd}], &(0x7f0000000380)='GPL\x00', 0x4, 0x39, &(0x7f00000003c0)=""/57, 0x41100, 0x0, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f0000000400)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, &(0x7f0000000440)=[{0x4, 0x3, 0xa, 0xc}, {0x4, 0x4, 0xf, 0x7}, {0x2, 0x5, 0x0, 0xc}, {0x2, 0x3, 0x3, 0xa}, {0x0, 0x5, 0xa, 0xb}, {0x2, 0x5, 0xa, 0x5}, {0x5, 0x1, 0x7}, {0x5, 0x1, 0x5, 0x9}, {0x2, 0x1, 0x9}], 0x10, 0x8f7e}, 0x94)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000005c0)=@generic={&(0x7f0000000100)='./file0\x00', r6}, 0x18)
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0x541b, &(0x7f0000000000)={<r7=>0xffffffffffffffff, 0x0, 0x1, 0x27})
close_range(r7, 0xffffffffffffffff, 0x0)

1m38.261211908s ago: executing program 2 (id=1435):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsopen(&(0x7f00000000c0)='hpfs\x00', 0x1)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
socket(0x2c, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xff}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r2, 0x58}, 0x6)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x80040, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0x3, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xc, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0xfffffffd, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x7, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x4, 0x4000, 0x8000, 0x2, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x7, 0x5, 0x0, 0xffffffff, 0x8000, 0xffff, 0x2, 0x9, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0xb, 0x9, 0x48c93690, 0x3, 0xff], [0x9b55, 0x4, 0xd, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x1, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x1, 0x53cf697b, 0x5, 0x6, 0x54fe12d6, 0xbf, 0x200, 0x3, 0xbac, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x7, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x203, 0x6, 0x8ad, 0x5, 0x3, 0x101, 0xfffc, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x3, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x1, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x3, 0x1d}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000600)=<r6=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000040)={&(0x7f0000002000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r3, 0x0, 0x0, 0x0, 0x40002202, 0x1, {0x1}})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)

1m33.663367698s ago: executing program 2 (id=1447):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x4000, &(0x7f00000003c0)=ANY=[])
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x22, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x5d3, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x6, 0x8, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x800003, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x9, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x4, 0x6, 0x2, 0x5, 0x3f7, 0x1ff, 0x1, 0x7fbf, 0x35db, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x5, 0x2e6bf783, 0x80000001, 0xd, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x3fc, 0x40, 0x6, 0x7, 0x7, 0x2, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9c26, 0x5, 0x8, 0x2, 0x2, 0x4, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x8, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0x20bfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x6, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x25337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x5393, 0x1, 0x1b18]}, 0x45c)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r5, 0xc008aec1, &(0x7f0000000880)={0xa, 0x0, [{0x80000007, 0x5, 0x1, 0x7e4, 0x200, 0x2, 0x2}, {0xd, 0xd73e, 0x2, 0x9, 0x9, 0x2, 0xd1}, {0x40000000, 0x8, 0x3, 0x6, 0x5, 0x517}, {0xc0000000, 0x6, 0x5, 0x1, 0x8, 0x5, 0x8}, {0x40000000, 0x9, 0x0, 0x2, 0x9, 0x6f, 0xa}, {0x7, 0x6, 0x0, 0x4, 0x5, 0x2, 0x2}, {0x7, 0x2, 0x4, 0x0, 0x1000, 0x0, 0x1c}, {0xd, 0x1, 0x7, 0x6b8, 0x80000001, 0x7}, {0x80000001, 0x6, 0x3, 0x3, 0x6, 0x5, 0xa}, {0x80000000, 0x1, 0x7, 0x8, 0x9, 0xa, 0xfffff801}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff})
getsockopt(r8, 0x1, 0xe, 0x0, &(0x7f0000000640))
ioctl$VIDIOC_QUERYCTRL(r7, 0xc0445624, &(0x7f0000000340)={0x2, 0x3, "39e08e682c22dbe9a99ea2d4eab006a2a8ec0d90d9844aeea3c3284ef2dc64b4", 0x10001, 0x4, 0x4, 0x55d, 0x8})
r9 = dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r13=>0x0})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r12, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="05000000", @ANYRES16=r11, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r13, @ANYBLOB="080026006c09000008002700000000000800a10000000005"], 0x34}}, 0x884)
ioctl$DRM_IOCTL_GET_CLIENT(r9, 0xc0286405, &(0x7f00000001c0)={0x5, 0x400, {}, {}, 0x3, 0x1})

1m33.053028656s ago: executing program 2 (id=1450):
r0 = syz_open_dev$evdev(&(0x7f0000003880), 0x4, 0x2)
ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000004e40)={0xe, 0x1, 0x1, 0x1, "4d512c91002a4950676142687108dcd3f82acf5a895bd90fca2bb40bb4fbf29c"})
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="20000104000012"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000540)={0x14, &(0x7f00000004c0)={0x20, 0x5, 0x22, {0x22, 0x7, "9c3d68b8a50482911aa64fd5f17d2597fdaabc728c7a0014e7b91a5421a5a975"}}, &(0x7f0000000500)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000800)={0x44, &(0x7f0000000580)={0x0, 0x12, 0xac, "c6d87e7823e25a8460b175d83e8b67dd36001f56e3160e13dee2f4a863c1fb560c9d7f0a425f892b681e1dbb9c91a0b8ad234eddfd3aad76923340110090c087260b58700cc77c1da066ad25afbff7c57051abed480c23661c8815fc6a6f5d61374b7a5450008f79b0345e3c7d776fc6c2ec231e0d4cbe9f9ba570ced668f5d993b0891db5471de4e495d47c497364bdf041e151039ec8022dc677d166559becea565d2bf4252a56dead42a2"}, &(0x7f0000000640)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000680)={0x0, 0x8, 0x1, 0x7f}, &(0x7f00000006c0)={0x20, 0x80, 0x1c, {0xffff, 0x5, 0xf6, 0x0, 0x2, 0x24e, 0x100, 0xc4, 0x8dfc, 0x7, 0x5, 0x9}}, &(0x7f0000000700)={0x20, 0x85, 0x4, 0x469cbe68}, &(0x7f0000000740)={0x20, 0x83, 0x2}, &(0x7f0000000780)={0x20, 0x87, 0x2, 0xc}, &(0x7f00000007c0)={0x20, 0x89, 0x2, 0x1}})

1m29.71243716s ago: executing program 2 (id=1460):
r0 = socket(0x10, 0x2, 0x0)
r1 = fanotify_init(0xf00, 0x109400)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r1, 0x455, 0x40000008, r2, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000140)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xffffffff, 0x38}}}}, [@NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x1}, @NL80211_ATTR_STA_WME={0xc, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xd}]}]}, 0x34}}, 0x800)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_emit_vhci(&(0x7f0000000300)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2)
syz_emit_ethernet(0xbe, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, &(0x7f0000000100)={0x0, 0x5, 0x20, 0x8, 0x1}, &(0x7f0000000280)=0x18)

1m29.357210353s ago: executing program 2 (id=1462):
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000540)={[0x4, 0xb4fb, 0x5, 0x7, 0x0, 0x4, 0x7, 0x1800000000, 0x81, 0x6, 0x7, 0x1, 0x4, 0xeb, 0x43d, 0xffffffffffffffff], 0xffff1000})
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_COPY(r1, 0x3b83, &(0x7f0000000140)={0x28, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x2})
r2 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x18c)
r5 = creat(&(0x7f0000000ac0)='./file0\x00', 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x800)
ioctl$SIOCX25SCALLUSERDATA(r5, 0x89e5, &(0x7f00000008c0)={0x2a, "0d3154df30934d68ef49e4b2441112bfb76bb765c95269ffaaecd78543c000bd838c3b34c19c0b3b86c975437807198ab3f65989d7dc4e2125b0c2fcd6f37aa41cfa6e9a72cb7947686fc6d92dfa46764381984a91391bf4b64fbc9ea7ac8dd41590ac1c9920e92e6700eec3ac1747a85e9ca97aeef90db125b488f9d7852905"})
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0x0, @ANYBLOB="02000600", @ANYRES32=0x0, @ANYBLOB="040000000000000010000200090000002000000000000000"], 0x34, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r6, &(0x7f00000000c0)=""/55, 0x37)
getdents64(r6, &(0x7f0000000f80)=""/4096, 0x1000)
getsockname$inet(0xffffffffffffffff, &(0x7f0000000600)={0x2, 0x0, @empty}, &(0x7f0000000640)=0x10)
ioctl$EVIOCGBITKEY(r5, 0x80404521, 0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0)=0xffffffffffffffff, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
write$cgroup_int(r7, &(0x7f0000000040)=0x900, 0x12)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a09040000000000000000020000000900010073797a30000000000900020073797a320000000020000000080a0500000000000000000002e7ff010900010073797a30000000002c000000080a01010000000000000000020000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a91a3784ce5c754e254ba7cfc20056c7783c95cddfe2a66859d132dafb2f1509fd418aa98afb6af3f297f1fabba6ea54b9c47abbe0fcf59970ec3034069c193da7d7d4fc23c28e9f83e7990808dd756e6023d4be0d56e55c3022bc47353944ea952e5b0347bf4e6f65873005c4c16ebad0dd2b53a61057bc91de02cb0fc26801601b76058a15bced8842900000000"], 0xa0}}, 0x40000)
socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x2, 0x0, 0x0, 0x0, 0x81, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0xfffffffffffffffe, 0x8, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d51e619, 0x0, 0x0, 0x6, 0x3, 0x0, 0x0, 0x7f, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x800000, 0x0, 0x101, 0x9, 0xd721, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x83, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]})

1m14.933364923s ago: executing program 34 (id=1462):
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000540)={[0x4, 0xb4fb, 0x5, 0x7, 0x0, 0x4, 0x7, 0x1800000000, 0x81, 0x6, 0x7, 0x1, 0x4, 0xeb, 0x43d, 0xffffffffffffffff], 0xffff1000})
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_COPY(r1, 0x3b83, &(0x7f0000000140)={0x28, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x2})
r2 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x18c)
r5 = creat(&(0x7f0000000ac0)='./file0\x00', 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440), 0x800)
ioctl$SIOCX25SCALLUSERDATA(r5, 0x89e5, &(0x7f00000008c0)={0x2a, "0d3154df30934d68ef49e4b2441112bfb76bb765c95269ffaaecd78543c000bd838c3b34c19c0b3b86c975437807198ab3f65989d7dc4e2125b0c2fcd6f37aa41cfa6e9a72cb7947686fc6d92dfa46764381984a91391bf4b64fbc9ea7ac8dd41590ac1c9920e92e6700eec3ac1747a85e9ca97aeef90db125b488f9d7852905"})
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0x0, @ANYBLOB="02000600", @ANYRES32=0x0, @ANYBLOB="040000000000000010000200090000002000000000000000"], 0x34, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r6, &(0x7f00000000c0)=""/55, 0x37)
getdents64(r6, &(0x7f0000000f80)=""/4096, 0x1000)
getsockname$inet(0xffffffffffffffff, &(0x7f0000000600)={0x2, 0x0, @empty}, &(0x7f0000000640)=0x10)
ioctl$EVIOCGBITKEY(r5, 0x80404521, 0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000000c0)=0xffffffffffffffff, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
write$cgroup_int(r7, &(0x7f0000000040)=0x900, 0x12)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a09040000000000000000020000000900010073797a30000000000900020073797a320000000020000000080a0500000000000000000002e7ff010900010073797a30000000002c000000080a01010000000000000000020000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a91a3784ce5c754e254ba7cfc20056c7783c95cddfe2a66859d132dafb2f1509fd418aa98afb6af3f297f1fabba6ea54b9c47abbe0fcf59970ec3034069c193da7d7d4fc23c28e9f83e7990808dd756e6023d4be0d56e55c3022bc47353944ea952e5b0347bf4e6f65873005c4c16ebad0dd2b53a61057bc91de02cb0fc26801601b76058a15bced8842900000000"], 0xa0}}, 0x40000)
socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x2, 0x0, 0x0, 0x0, 0x81, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0xfffffffffffffffe, 0x8, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d51e619, 0x0, 0x0, 0x6, 0x3, 0x0, 0x0, 0x7f, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x800000, 0x0, 0x101, 0x9, 0xd721, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x83, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]})

13.424806092s ago: executing program 7 (id=1686):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
recvmsg(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/68, 0x4e}], 0x1000000000000047}, 0x40000000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount$cgroup(0x0, &(0x7f0000000600)='.\x00', &(0x7f0000000640), 0x2208010, 0x0)
setgroups(0x0, 0x0)
r5 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x3})
ioctl$VIDIOC_QUERYMENU(r5, 0xc008561c, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000240)=@proc={0x10, 0x0, 0x25dfdbfd, 0x10000}, 0xc, &(0x7f0000000280)=[{&(0x7f0000000880)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="d5001e00da8ea166c2250fae0f8581b9f177254b2c703af81f06343a569a99b7115dd4c6c9f4f4fc83a539dcce4ed93eab70ebc5cd693a493e3f28c5b1a1766d43a48ce6b5126db40752d65e935f81809f488d95f42b2dfa83cc90c1164f0d5beb84b9ff9530eaa66aadb65815ac9def29794eb61d13ddd996d9b4642972c7873309de0fb015de3e0156047af6ce467369f25f2769dc62a030d3b2edc52ae7d3c21e867dc5a2eb113ea628f9ae006e811af5f2c44d18e7b56d97f2c3657bf90c2c168f47d12487d03ba8ded7a02032c0b12486e943000000"], 0x1e4}], 0x1}, 0x40000)
r6 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
rmdir(&(0x7f0000000000)='.\x00')
ioctl$vim2m_VIDIOC_DQBUF(r6, 0xc0585611, &(0x7f00000001c0)=@mmap={0xffffffff, 0x1, 0x4, 0x8, 0x6, {0x77359400}, {0x2, 0x0, 0x8, 0xb8, 0xd, 0xe, "c783b98c"}, 0xff, 0x1, {}, 0x400})
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r0, 0x7a9, &(0x7f00000000c0)={{@local, 0xfffffffa}, 0x9, 0xfffffffffffffffa, 0x8, 0x1, 0x1, 0x800, 0x2, 0x3})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x820040, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)

12.222508772s ago: executing program 7 (id=1689):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000000c0), 0xfffffffffffffffc, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180)=0xe)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, 0x1, 0x9, 0x301, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x24000011)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000034000)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
r4 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r4, 0xffffffff80000901, 0xee00, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000300)='bic\x00', 0x4)
sendmmsg$inet(r3, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4867681f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e347081fdb93cee93217e11f19cde423e6138bd1b79ee615527ccaf8049959ac6e32af46d777ccb8c26ca925f69590df13a81aee3213e80ba5cacf1f930b3cc49093d11594ef13", 0xb2}, {&(0x7f00000002c0)="9c811ff500139d7d", 0x8}], 0x2}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f00000007c0)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f2a765f8220323add67b2b6695ca41adcda387a4264bcd94c8578a9ccca3b55ebcda45369b56068cfeec34abc2cbd94b9b12d057fa9d4328d57073f40e5ae64443e4a10ed400575bbd1168a170a0134b9ad28735dbd9603a9e417cce864f2141a92f57e1fdfcff4776f94a794d6db8d3e9e0ecc783956c7ab15a8d5639d3df1ac9da6057af913a563bd55b657f37cbf4cae2919aea6ff8a7490b4c036361b8866cc062bbad019f43d02b0c38bd6309f2baa53924466203ab8d00daaac4c9da846e645d64c10e47c32e9824e79ade4eeee7cbf71b1bb48f760800b04334745ab553dea12a85f0671eb07a4cc67ceaffa8269e0b052f25136cfb8a6b9327a2d165c42933642d3171ad00ebf0be485f5ed319021600a94072f251c8905a2451eba3ba7db2ec5fb8613463a796610629719166259ffa3261e06f09b5a69798b88848da9028ff7ed8a", 0x2fb}], 0x1}}], 0x2, 0x0)

11.78111909s ago: executing program 7 (id=1691):
r0 = syz_open_dev$evdev(&(0x7f0000003880), 0x4, 0x2)
ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000004e40)={0xe, 0x1a, 0x1, 0x1, "4d9b69d464c707fb8f6122625571729ed7c6cf000000000fca2bb40bb4fbf29c"})
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$lan78xx(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_usb_connect$rtl8150(0x5, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$rtl8150(r1, &(0x7f0000000180)={0x14, &(0x7f0000000040)={0x0, 0xb, 0xce, {0xce, 0x10, "d514d343f0f843714b0243d3fecbdb59635c8d6c5243a07772164f10df322fa898cb92868112d0384f786c2bd2f4c3e01b7f156a0957bb25ae8ea0166303baa2309dcb537ec8310614f30096a4befaf5d53a37a8fdde0b91beebd02fe69f66a433eb0bc79033c645e1b102b750980212674a1d063888c312d2ae29cc8bc72edce5a1d359faf68fdcaa85a3a899ebbfa8e62d9192d1fa3058c236ae4641be7a8eb3e2794bc9f70a0d6493319fc7fa60ab36e87da1ff984aa42f59e995662117cccc91e84d5fafcb026beff54c"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x418}}}, &(0x7f00000003c0)={0x2c, &(0x7f00000001c0)={0x0, 0x3, 0xdb, "2c2c55d3a412ff786372805cf6306b74afe20bfe42cbdec5e2c32910b31c1352fadbf6c07d3797ffef4b5bb8b94c29cfdd24727911500907b0aff38662628bcbc4b7aaf0087143ab5236989bd96b7985e11ddc9acdd72a0c7529327e69f327f9bb0e7495ddfaef6e6deb99493e168f764301389a6e5f19217a79b294508bc71d3bc3fcdbf0038576181f0d55c3f33eafba67240e118e039ba63e07284fa7f3794b2afb01d1165414735728fa0befcd0fe89f5ec034fce032f589caabddda05f53b89622c8c448287c22455eed67ce8e97610a287c78130073e9ddb"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0xfa}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x4b}, &(0x7f0000000340)={0xc0, 0x5, 0x3, "ae8072"}, &(0x7f0000000380)={0x40, 0x5, 0x2, "53ef"}})
ioctl$EVIOCGBITKEY(r0, 0x80404521, 0x0)

11.66629715s ago: executing program 5 (id=1692):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000005c0), 0x20642, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$SIOCAX25ADDUID(r1, 0x89e1, &(0x7f0000000240)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xee00})
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000340)={{0x1, 0x1, 0x18, <r2=>r0}, './file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = gettid()
timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x22, 0x800000000004, @tid=r3}, &(0x7f0000000280))
syz_open_dev$ttys(0xc, 0x2, 0x1)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000600)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6004, 0x1)
pipe2$9p(&(0x7f00000000c0), 0x0)
timer_settime(0x0, 0x0, &(0x7f00000004c0)={{}, {0x0, 0x9}}, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000440)={{0x0, 0x3938700}}, &(0x7f0000000480))
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0x7, &(0x7f0000000040)={0x5, 0x40, 0x5, 0x9735}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x1, &(0x7f0000000080))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_ENUMSTD(r5, 0xc0485619, &(0x7f00000000c0)={0x6, 0x1000, "94da23c6bb3dc1946f19f99f838cbeecefdffad6262a9d96", {0x6, 0x2}, 0xdbf9})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20004005)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x20, 0x3, &(0x7f0000000480)=ANY=[@ANYRES8=0x0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
socket$nl_sock_diag(0x10, 0x3, 0x4)
getpriority(0x2, 0x0)

10.817845007s ago: executing program 5 (id=1695):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, 0x1, 0x9, 0x301, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x24000011)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000034000)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
r2 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r2, 0xffffffff80000901, 0xee00, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000300)='bic\x00', 0x4)
sendmmsg$inet(r1, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4867681f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e347081fdb93cee93217e11f19cde423e6138bd1b79ee615527ccaf8049959ac6e32af46d777ccb8c26ca925f69590df13a81aee3213e80ba5cacf1f930b3cc49093d11594ef13", 0xb2}, {&(0x7f00000002c0)="9c811ff500139d7d", 0x8}], 0x2}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f00000007c0)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f2a765f8220323add67b2b6695ca41adcda387a4264bcd94c8578a9ccca3b55ebcda45369b56068cfeec34abc2cbd94b9b12d057fa9d4328d57073f40e5ae64443e4a10ed400575bbd1168a170a0134b9ad28735dbd9603a9e417cce864f2141a92f57e1fdfcff4776f94a794d6db8d3e9e0ecc783956c7ab15a8d5639d3df1ac9da6057af913a563bd55b657f37cbf4cae2919aea6ff8a7490b4c036361b8866cc062bbad019f43d02b0c38bd6309f2baa53924466203ab8d00daaac4c9da846e645d64c10e47c32e9824e79ade4eeee7cbf71b1bb48f760800b04334745ab553dea12a85f0671eb07a4cc67ceaffa8269e0b052f25136cfb8a6b9327a2d165c42933642d3171ad00ebf0be485f5ed319021600a94072f251c8905a2451eba3ba7db2ec5fb8613463a796610629719166259ffa3261e06f09b5a69798b88848da9028ff7ed8a", 0x2fb}], 0x1}}], 0x2, 0x0)

9.885336753s ago: executing program 4 (id=1699):
socket(0x2, 0x80805, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x8, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x5}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
tgkill(0x0, 0x0, 0x12)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000100)={@empty, @multicast1, @multicast1}, 0xc)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0xb)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(r0, &(0x7f0000000000)={0x38, 0x5, 0x8000001, 0x1, 0x2, 0x0, 0xfffffffffffffffe, 0x8, 0x9}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/timers\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000200)={0x2020}, 0x2020)
sched_setscheduler(r0, 0x6, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
add_key(&(0x7f00000000c0)='.request_key_auth\x00', &(0x7f00000005c0)={'syz', 0x1}, &(0x7f0000000980), 0x0, 0xfffffffffffffffb)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a30010000060a010400000000000000000a0000010900010073797a310000000004010480000101800a0001006d61746368000000f00002800c000100636c7573746572006b0003002f9cd5b917818b4f35f3f887cd5725849e73364b409a5dec8560a7cdf931760b08c050478faa83231d0781d0ef5f4b5fac70cae2e8e0954ae06684dc648e18f288f71b43137a5dc139db7bae20ce912883f967a923b1ec1b24e07c098b405e9c612e87090f0d3d006c0003009f592b22e23033a62c3f435e2e2e074e94c4997382645cc3fd646c007903de7647abf6111748451fd5dc678e8232f2f260193ed461e51c6bba6c2e4e71a6e86c095a82bf84d12164aced2418a67d16b4"], 0x158}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
sched_setaffinity(0x0, 0x0, 0x0)

9.44468948s ago: executing program 7 (id=1702):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000001340)=@abs={0x0, 0x0, 0x104e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r3, &(0x7f0000001040)=[{{&(0x7f0000000200)={0xa, 0x4e21, 0x6, @loopback, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000a80)=[@tclass={{0x14, 0x29, 0x43, 0x9b2}}], 0x18}}], 0x1, 0x24000000)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=@bridge_dellink={0xec, 0x13, 0x5, 0x2000, 0x25dfdbfd, {0x7, 0x0, 0x0, r6, 0x10400, 0x1952}, [@IFLA_AF_SPEC={0xcc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x4, 0x0, 0x1, {0x4, 0x6}}, @AF_BRIDGE={0x4}, @AF_INET={0x30, 0x2, 0x0, 0x1, {0x2c, 0x1, 0x0, 0x1, [{0x8, 0x8, 0x0, 0x0, 0x4}, {0x8, 0x1a, 0x0, 0x0, 0x5}, {0x8, 0x18, 0x0, 0x0, 0x7fff}, {0x8, 0x20, 0x0, 0x0, 0x4}, {0x8, 0x4, 0x0, 0x0, 0x4}]}}, @AF_MPLS={0x4}, @AF_MPLS={0x4}, @AF_INET6={0x84, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @empty}}, @IFLA_INET6_TOKEN={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}, @IFLA_INET6_TOKEN={0x14, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @IFLA_INET6_TOKEN={0x14, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x14, 0x7, @loopback}, @IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x3}, @IFLA_INET6_TOKEN={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}]}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r7 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)
sendmsg$inet(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000040)=[{&(0x7f00000000c0)="6ec34466ec4d7f7592860f1836d3febb9d975d4ef6a2f5bca8f818803675786677a50ef928acb149eea21982b3ffd19657e979ad411b959dd03fcb06f06559fb989c3813ddffc23ae475d7b52a044f0c26c1ce938ebb51ad9c0d", 0x5a}], 0x1, &(0x7f0000000400)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @rand_addr=0x64010101, @remote}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x9}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @multicast1, @multicast1}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @rand_addr=0x64010102, @dev={0xac, 0x14, 0x14, 0x25}}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xf9}}, @ip_ttl={{0x14}}], 0xc0}, 0x84)
bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$sock_int(r4, 0x1, 0x29, &(0x7f0000000300)=0x20, 0x4)
readv(r4, 0x0, 0x0)
write$binfmt_misc(r4, &(0x7f0000000300), 0x6)
keyctl$instantiate(0xc, 0x0, 0x0, 0x2d, 0xfffffffffffffff9)

8.263037845s ago: executing program 7 (id=1704):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002740)=[{{0x0, 0x0, &(0x7f0000002900)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000002680)=""/157, 0x9d}], 0x6}, 0x4cb}], 0x1, 0x0, 0x0) (async)
recvmmsg(0xffffffffffffffff, &(0x7f0000002740)=[{{0x0, 0x0, &(0x7f0000002900)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000002680)=""/157, 0x9d}], 0x6}, 0x4cb}], 0x1, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r0, &(0x7f0000000400)="2ae0e710", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
recvmmsg(r0, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0) (async)
recvmmsg(r0, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) (async)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r3, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x10)
setsockopt$TIPC_GROUP_LEAVE(r3, 0x10f, 0x88) (async)
setsockopt$TIPC_GROUP_LEAVE(r3, 0x10f, 0x88)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000001c0)={0x4, 0x4, 0x2000103})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0xabfb5f979e2510e1, 0x11, 0xffffffffffffffff, 0x0)
mount$afs(&(0x7f0000000200)=ANY=[@ANYBLOB='%\x00\x00\x00'], &(0x7f0000000340)='.\x00', &(0x7f0000000380), 0x8, 0x0) (async)
mount$afs(&(0x7f0000000200)=ANY=[@ANYBLOB='%\x00\x00\x00'], &(0x7f0000000340)='.\x00', &(0x7f0000000380), 0x8, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200001a000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b70600007fffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e0ebc622003b538dfc8e012e79578e51bc5f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b803000000661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148ba532e6ea09c346dfebd38608b32a0080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e14861d0227dbfd2e6d7f715a7f3d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10}, 0x94)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = dup(r6)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}}, 0x0)
r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) (async)
r9 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2}) (async)
ioctl$vim2m_VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2})

7.790183298s ago: executing program 1 (id=1706):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, 0x1, 0x9, 0x301, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x24000011)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000034000)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
r2 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r2, 0xffffffff80000901, 0xee00, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000300)='bic\x00', 0x4)
sendmmsg$inet(r1, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4867681f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e347081fdb93cee93217e11f19cde423e6138bd1b79ee615527ccaf8049959ac6e32af46d777ccb8c26ca925f69590df13a81aee3213e80ba5cacf1f930b3cc49093d11594ef13", 0xb2}, {&(0x7f00000002c0)="9c811ff500139d7d", 0x8}], 0x2}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f00000007c0)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f2a765f8220323add67b2b6695ca41adcda387a4264bcd94c8578a9ccca3b55ebcda45369b56068cfeec34abc2cbd94b9b12d057fa9d4328d57073f40e5ae64443e4a10ed400575bbd1168a170a0134b9ad28735dbd9603a9e417cce864f2141a92f57e1fdfcff4776f94a794d6db8d3e9e0ecc783956c7ab15a8d5639d3df1ac9da6057af913a563bd55b657f37cbf4cae2919aea6ff8a7490b4c036361b8866cc062bbad019f43d02b0c38bd6309f2baa53924466203ab8d00daaac4c9da846e645d64c10e47c32e9824e79ade4eeee7cbf71b1bb48f760800b04334745ab553dea12a85f0671eb07a4cc67ceaffa8269e0b052f25136cfb8a6b9327a2d165c42933642d3171ad00ebf0be485f5ed319021600a94072f251c8905a2451eba3ba7db2ec5fb8613463a796610629719166259ffa3261e06f09b5a69798b88848da9028ff7ed8a", 0x2fb}], 0x1}}], 0x2, 0x0)

6.637428261s ago: executing program 1 (id=1708):
mmap$IORING_OFF_SQ_RING(&(0x7f000071c000/0xe000)=nil, 0xe000, 0x0, 0x810, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x309201, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
r3 = syz_open_dev$media(&(0x7f0000000280), 0xde, 0x8001)
ioctl$MEDIA_IOC_G_TOPOLOGY(r3, 0xc0487c04, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000140)=[{}]})
syz_emit_ethernet(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r4 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7)
mknodat$loop(r4, &(0x7f0000001600)='./file1\x00', 0x200, 0x0)
linkat(r4, &(0x7f0000000040)='./file1\x00', r4, &(0x7f0000000180)='./bus\x00', 0x0)
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
open(&(0x7f0000000440)='./file0\x00', 0xe8142, 0x0)
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r5, 0x4020aeb2, &(0x7f0000000080)={0x0, 0x2000000, @ioapic={0x0, 0x1, 0x8000, 0x0, 0x0, [{0x6, 0x7, 0xa, '\x00', 0xab}, {0x2, 0x0, 0x4, '\x00', 0x5b}, {0x1d, 0x4, 0x8, '\x00', 0xb}, {0x5, 0xe, 0x7, '\x00', 0xf1}, {0x1c, 0xc, 0xd, '\x00', 0x43}, {0x4, 0x78, 0xc5, '\x00', 0x9}, {0x94, 0x5, 0x9, '\x00', 0xbe}, {0xf, 0x0, 0x6, '\x00', 0xfc}, {0x1, 0x4, 0x5, '\x00', 0x33}, {0x9, 0xf, 0x57, '\x00', 0x9}, {0x2, 0x4, 0x1}, {0x81, 0x6, 0x6, '\x00', 0x48}, {0x3, 0x1, 0x8, '\x00', 0x8}, {0x6, 0x3, 0x2, '\x00', 0x2}, {0x8, 0x5, 0x3, '\x00', 0x50}, {0xd, 0x2, 0xd}, {0x8, 0x81, 0x81, '\x00', 0xb}, {0x3, 0x89, 0x81, '\x00', 0xf}, {0x7b, 0x7, 0x2, '\x00', 0x5}, {0x3, 0x7, 0x4, '\x00', 0x7}, {0x6, 0x26, 0x5, '\x00', 0x9}, {0x7, 0x9, 0xe4, '\x00', 0x4}, {0xc1, 0xd, 0x3, '\x00', 0x10}, {0xfd, 0x3, 0x80, '\x00', 0x6}]}})
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
chown(&(0x7f0000000580)='./file0\x00', 0x0, 0x0)
listen(r6, 0x80)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f00000002c0)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)
ioctl$KVM_RESET_DIRTY_RINGS(r5, 0xaec7)

6.292730411s ago: executing program 4 (id=1709):
mmap$IORING_OFF_SQ_RING(&(0x7f000071c000/0xe000)=nil, 0xe000, 0x0, 0x810, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x309201, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
r3 = syz_open_dev$media(&(0x7f0000000280), 0xde, 0x8001)
ioctl$MEDIA_IOC_G_TOPOLOGY(r3, 0xc0487c04, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000140)=[{}]})
syz_emit_ethernet(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r4 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7)
mknodat$loop(r4, &(0x7f0000001600)='./file1\x00', 0x200, 0x0)
linkat(r4, &(0x7f0000000040)='./file1\x00', r4, &(0x7f0000000180)='./bus\x00', 0x0)
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
open(&(0x7f0000000440)='./file0\x00', 0xe8142, 0x0)
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r5, 0x4020aeb2, &(0x7f0000000080)={0x0, 0x2000000, @ioapic={0x0, 0x1, 0x8000, 0x0, 0x0, [{0x6, 0x7, 0xa, '\x00', 0xab}, {0x2, 0x0, 0x4, '\x00', 0x5b}, {0x1d, 0x4, 0x8, '\x00', 0xb}, {0x5, 0xe, 0x7, '\x00', 0xf1}, {0x1c, 0xc, 0xd, '\x00', 0x43}, {0x4, 0x78, 0xc5, '\x00', 0x9}, {0x94, 0x5, 0x9, '\x00', 0xbe}, {0xf, 0x0, 0x6, '\x00', 0xfc}, {0x1, 0x4, 0x5, '\x00', 0x33}, {0x9, 0xf, 0x57, '\x00', 0x9}, {0x2, 0x4, 0x1}, {0x81, 0x6, 0x6, '\x00', 0x48}, {0x3, 0x1, 0x8, '\x00', 0x8}, {0x6, 0x3, 0x2, '\x00', 0x2}, {0x8, 0x5, 0x3, '\x00', 0x50}, {0xd, 0x2, 0xd}, {0x8, 0x81, 0x81, '\x00', 0xb}, {0x3, 0x89, 0x81, '\x00', 0xf}, {0x7b, 0x7, 0x2, '\x00', 0x5}, {0x3, 0x7, 0x4, '\x00', 0x7}, {0x6, 0x26, 0x5, '\x00', 0x9}, {0x7, 0x9, 0xe4, '\x00', 0x4}, {0xc1, 0xd, 0x3, '\x00', 0x10}, {0xfd, 0x3, 0x80, '\x00', 0x6}]}})
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
chown(&(0x7f0000000580)='./file0\x00', 0x0, 0x0)
listen(r6, 0x80)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f00000002c0)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)
ioctl$KVM_RESET_DIRTY_RINGS(r5, 0xaec7)

6.230114285s ago: executing program 5 (id=1710):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x80000018})
shutdown(r1, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x10000, 0x1, 0x8000000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
epoll_create1(0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, 0x0, 0xc000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5)
setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000)
setsockopt$inet_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r5 = socket$netlink(0x10, 0x3, 0x10)
readv(r1, &(0x7f00000006c0)=[{&(0x7f0000000240)=""/50, 0x32}, {&(0x7f0000000280)=""/203, 0xcb}, {&(0x7f0000000380)=""/14, 0xe}, {&(0x7f00000003c0)=""/235, 0xeb}, {&(0x7f00000004c0)=""/226, 0xe2}, {&(0x7f00000005c0)=""/234, 0xea}], 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
ioctl$VIDIOC_S_HW_FREQ_SEEK(0xffffffffffffffff, 0x40305652, &(0x7f0000000040)={0x1, 0x1, 0x6e, 0x0, 0xd, 0x80000000, 0x4001})

5.633487309s ago: executing program 6 (id=1711):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e27}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x20, 0x33, 0x107, 0x0, 0x0, {0x2, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)

4.655625676s ago: executing program 6 (id=1712):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e27}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x20, 0x33, 0x107, 0x0, 0x0, {0x2, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}]}, 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) (fail_nth: 1)

4.060668855s ago: executing program 4 (id=1713):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet(0x2, 0x800, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, 0x0, 0x0)
r2 = syz_clone(0x1004000, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(0x0, 0x0, 0x80000000, 0x0)
setns(0xffffffffffffffff, 0x10000000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000200)})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[0x0, 0x0, <r6=>0x0], &(0x7f0000000040), 0x3, r5, 0xcccccccc})
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16)
move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f0000000240)=[r5], &(0x7f0000000200), &(0x7f00000000c0)=[r6], &(0x7f0000000040), 0x0, 0x300})
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000180)=@assoc_value, &(0x7f00000003c0)=0x8)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x33, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000a2000), 0x10)
setsockopt(r0, 0x5, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000400)=[@in6={0xa, 0x4e24, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8001}, @in6={0xa, 0x4e24, 0x2, @local, 0x8000009}, @in6={0xa, 0x4e22, 0xd7a, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3}, @in6={0xa, 0x4e22, 0x2, @private2, 0x6}, @in={0x2, 0xe24, @broadcast}, @in={0x2, 0x4e20, @multicast1}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x44}}], 0xa0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'veth0_vlan\x00'})
lseek(0xffffffffffffffff, 0x7, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)

4.049518955s ago: executing program 5 (id=1714):
socket(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0xfffff000)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file4\x00', 0x1, 0x20)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', &(0x7f00000000c0)={0x8a001, 0x0, 0x20}, 0x18)
syz_usb_connect$uac1(0x2, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xf, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000002b40)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd", 0x7}], 0x1}], 0x1, 0x40800)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040e01"], 0x7)
openat$nvram(0xffffffffffffff9c, 0x0, 0x204000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0))
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @my=0x1, 0x0, 0x0, 0x5e})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r2, 0x7af, &(0x7f0000000080)={@hyper})
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r3 = signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
mkdir(0x0, 0x5)
close(r3)
inotify_init1(0x0)

3.965956124s ago: executing program 1 (id=1715):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680))
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80d02, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r4=>0x0})
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000080)='source', &(0x7f0000000180)='b:::\x00\xef\xdfB\xfa=\xe3\xd1\x9d\xe1\xbfUlJ4]y-,\x8a\x03\x91xu\x9cP\xdc\xe5\x95\xa2@\x9c\x98\xa4\xd2\xd4}\xc8]7N\xf3\x0e\'\xa0x\xfbdt\xb4\x1fW\xe7\xbe\xaf\x01.zT\xab\x92I\x104\x8c\x18\x16\x1c\x8a\x8e\xfd\x8b{ZVHZ2\xd3\xd6-~\x96\x80#\xee)+L\xf1\x00\xd5p\xe7 \x8c\xd2\a\x1e\xae\xb4\xe8\xd1\xe1\xed\xb8\x94\xb2*\x1c\xaeG\x1e\xdb\xc0Q\xb9`K\xffG\xc0\xa2\xb41\xac\x98\x01\xde}:\b\xa0Oq\xec\xa8\xf0\x8f\xe3\xa17\xe3\xd7\x9c^\x90\xfal\xbe\x81\x9a\xa4\x00K', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
close(r1)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r7=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r7, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
fremovexattr(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="74224b87089dd08998"])
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

3.665510222s ago: executing program 6 (id=1716):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$sock_TIOCINQ(r0, 0x541b, 0x0)

3.654478674s ago: executing program 7 (id=1717):
mmap$IORING_OFF_SQ_RING(&(0x7f000071c000/0xe000)=nil, 0xe000, 0x0, 0x810, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r2 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7)
mknodat$loop(r2, &(0x7f0000001600)='./file1\x00', 0x200, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
linkat(r2, &(0x7f0000000040)='./file1\x00', r2, &(0x7f0000000180)='./bus\x00', 0x0)
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
open(&(0x7f0000000440)='./file0\x00', 0xe8142, 0x2f00000000000000)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x4020aeb2, &(0x7f0000000080)={0x0, 0x2000000, @ioapic={0x0, 0x1, 0x8000, 0x0, 0x0, [{0x6, 0x7, 0xa, '\x00', 0xab}, {0x2, 0x0, 0x4, '\x00', 0x5b}, {0x1d, 0x4, 0x8, '\x00', 0xb}, {0x5, 0xe, 0x7, '\x00', 0xf1}, {0x1c, 0xc, 0xd, '\x00', 0x43}, {0x4, 0x78, 0xc5, '\x00', 0x9}, {0x94, 0x5, 0x9, '\x00', 0xbe}, {0xf, 0x0, 0x6, '\x00', 0xfc}, {0x1, 0x4, 0x5, '\x00', 0x33}, {0x9, 0xf, 0x57, '\x00', 0x9}, {0x2, 0x4, 0x1}, {0x81, 0x6, 0x6, '\x00', 0x48}, {0x3, 0x1, 0x8, '\x00', 0x8}, {0x6, 0x3, 0x2, '\x00', 0x2}, {0x8, 0x5, 0x3, '\x00', 0x50}, {0xd, 0x2, 0xd}, {0x8, 0x81, 0x81, '\x00', 0xb}, {0x3, 0x89, 0x81, '\x00', 0xf}, {0x7b, 0x7, 0x2, '\x00', 0x5}, {0x3, 0x7, 0x4, '\x00', 0x7}, {0x6, 0x26, 0x5, '\x00', 0x9}, {0x7, 0x9, 0xe4, '\x00', 0x4}, {0xc1, 0xd, 0x3, '\x00', 0x10}, {0xfd, 0x3, 0x80, '\x00', 0x6}]}})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
chown(&(0x7f0000000580)='./file0\x00', 0x0, 0x0)
listen(r4, 0x80)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f00000002c0)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)
ioctl$KVM_RESET_DIRTY_RINGS(r3, 0xaec7)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000007c0))
bpf$PROG_LOAD(0x5, 0x0, 0x0)

3.266989495s ago: executing program 6 (id=1718):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, 0x1, 0x9, 0x301, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x24000011)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000034000)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
r2 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r2, 0xffffffff80000901, 0xee00, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000300)='bic\x00', 0x4)
sendmmsg$inet(r1, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4867681f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e347081fdb93cee93217e11f19cde423e6138bd1b79ee615527ccaf8049959ac6e32af46d777ccb8c26ca925f69590df13a81aee3213e80ba5cacf1f930b3cc49093d11594ef13", 0xb2}, {&(0x7f00000002c0)="9c811ff500139d7d", 0x8}], 0x2}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f00000007c0)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f2a765f8220323add67b2b6695ca41adcda387a4264bcd94c8578a9ccca3b55ebcda45369b56068cfeec34abc2cbd94b9b12d057fa9d4328d57073f40e5ae64443e4a10ed400575bbd1168a170a0134b9ad28735dbd9603a9e417cce864f2141a92f57e1fdfcff4776f94a794d6db8d3e9e0ecc783956c7ab15a8d5639d3df1ac9da6057af913a563bd55b657f37cbf4cae2919aea6ff8a7490b4c036361b8866cc062bbad019f43d02b0c38bd6309f2baa53924466203ab8d00daaac4c9da846e645d64c10e47c32e9824e79ade4eeee7cbf71b1bb48f760800b04334745ab553dea12a85f0671eb07a4cc67ceaffa8269e0b052f25136cfb8a6b9327a2d165c42933642d3171ad00ebf0be485f5ed319021600a94072f251c8905a2451eba3ba7db2ec5fb8613463a796610629719166259ffa3261e06f09b5a69798b88848da9028ff7ed8a", 0x2fb}], 0x1}}], 0x2, 0x0)

3.237902959s ago: executing program 4 (id=1719):
syz_open_dev$video(&(0x7f0000000200), 0x5, 0x2800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil)
r3 = syz_open_dev$vim2m(0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
gettid()
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4802}, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x30, 0x3e, 0x1, 0x80000, 0x5000, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x10, 0x0, 0x1, [@nested={0x4, 0xb}]}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64}]}, 0x30}, 0x1, 0x0, 0x0, 0x400c805}, 0x4008094)

2.220898246s ago: executing program 6 (id=1720):
mknod(&(0x7f0000002800)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200, 0x40000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000600)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000008c80)=[{{0x0, 0x0, &(0x7f0000001a40)=[{&(0x7f0000002200)=""/124, 0x7c}], 0x1, &(0x7f0000002280)=""/110, 0x6e}, 0x8}, {{&(0x7f0000002300)=@in, 0x80, &(0x7f00000048c0)=[{&(0x7f0000002380)=""/131, 0x83}, {&(0x7f0000002440)=""/81, 0x51}, {&(0x7f00000024c0)=""/166, 0xa6}, {&(0x7f0000002580)=""/231, 0xe7}, {&(0x7f0000003800)=""/4096, 0x1000}, {&(0x7f0000002680)=""/32, 0x20}, {&(0x7f00000026c0)=""/129, 0x81}, {&(0x7f0000002780)=""/29, 0x1d}, {&(0x7f0000004800)=""/163, 0xa3}, {&(0x7f00000027c0)=""/13, 0xd}], 0xa, &(0x7f0000004980)=""/4095, 0x1000}, 0x2}, {{&(0x7f0000005980)=@hci, 0x80, &(0x7f0000005b80)=[{&(0x7f0000005a00)=""/24, 0x18}, {&(0x7f0000005a40)=""/25, 0x19}, {&(0x7f0000005a80)=""/110, 0x6e}, {&(0x7f0000005b00)=""/55, 0x37}, {&(0x7f0000005dc0)=""/43, 0x28a0a05969befb1c}], 0x5}, 0x6}, {{0x0, 0x0, &(0x7f0000007700)=[{&(0x7f0000005c00)=""/242, 0xf2}, {&(0x7f0000005d00)=""/140, 0x8c}], 0x2, &(0x7f0000005e00)=""/4096, 0x1000}, 0x8}, {{&(0x7f0000006e00)=@in={0x2, 0x0, @private}, 0x80, &(0x7f00000072c0)=[{&(0x7f0000006e80)=""/227, 0xe3}, {&(0x7f0000006f80)=""/133, 0x85}, {&(0x7f0000007040)=""/56, 0x38}, {&(0x7f0000008e40)=""/186, 0xba}, {&(0x7f0000007140)=""/209, 0xd1}, {&(0x7f0000007240)=""/107, 0x6b}], 0x6, &(0x7f0000007340)=""/244, 0xf4}, 0x3d8b}, {{&(0x7f0000007440)=@nl=@proc, 0x80, &(0x7f0000007740)=[{&(0x7f00000074c0)=""/103, 0x67}, {&(0x7f0000007540)=""/142, 0x8e}, {&(0x7f0000007600)=""/110, 0x6e}, {&(0x7f0000007680)=""/112, 0x70}, {&(0x7f0000007700)}], 0x5, &(0x7f0000008f00)=""/257, 0xfe}, 0x5}, {{&(0x7f00000078c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000008b40)=[{&(0x7f0000007940)=""/104, 0x68}, {&(0x7f00000079c0)=""/120, 0x78}, {&(0x7f0000007a40)=""/4094, 0x1000}, {&(0x7f00000077c0)=""/228, 0xe4}], 0x4, &(0x7f0000008b80)=""/204, 0xcc}, 0x1}], 0x7, 0x40000100, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, <r4=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r4)
mount$tmpfs(0x0, &(0x7f0000009040)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000005b40), 0x1002000, &(0x7f0000007080)={[{@grpquota_inode_hardlimit={'grpquota_inode_hardlimit', 0x3d, [0x67]}}], [{@hash}, {@smackfsfloor}, {@dont_appraise}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@uid_eq={'uid', 0x3d, r4}}]})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r7, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
recvmmsg(r8, &(0x7f00000020c0)=[{{&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000080)=""/43, 0x2b}, {&(0x7f00000000c0)=""/160, 0xa0}, {&(0x7f0000000180)=""/99, 0x63}], 0x3, &(0x7f0000000240)=""/154, 0x9a}, 0xfffffffa}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000300)=""/243, 0xf3}], 0x1, &(0x7f0000000440)=""/47, 0x2f}, 0x4000800}, {{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000001480)=""/135, 0x87}, {&(0x7f0000001540)=""/168, 0xa8}, {&(0x7f0000001600)=""/116, 0x74}], 0x4}, 0x8}, {{&(0x7f00000016c0)=@caif, 0x80, &(0x7f0000001d00)=[{&(0x7f0000001740)=""/244, 0xf4}, {&(0x7f0000001840)=""/188, 0xbc}, {&(0x7f0000001900)=""/142, 0x8e}, {&(0x7f00000019c0)=""/88, 0x58}, {&(0x7f0000001a40)}, {&(0x7f0000001a80)=""/184, 0xb8}, {&(0x7f0000001b40)=""/248, 0xf8}, {&(0x7f0000001c40)=""/75, 0x4b}, {&(0x7f0000001cc0)=""/44, 0x2c}], 0x9, &(0x7f0000001dc0)=""/94, 0x5e}, 0xffff}, {{&(0x7f0000001e40)=@un=@abs, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000001ec0)=""/230, 0xe6}], 0x1, &(0x7f0000002000)=""/176, 0xb0}, 0x2}], 0x5, 0x0, 0x0)

2.148219883s ago: executing program 4 (id=1721):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680))
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xf3, 0x1b1c07, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
r1 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80d02, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r3=>0x0})
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='source', &(0x7f0000000180)='b:::\x00\xef\xdfB\xfa=\xe3\xd1\x9d\xe1\xbfUlJ4]y-,\x8a\x03\x91xu\x9cP\xdc\xe5\x95\xa2@\x9c\x98\xa4\xd2\xd4}\xc8]7N\xf3\x0e\'\xa0x\xfbdt\xb4\x1fW\xe7\xbe\xaf\x01.zT\xab\x92I\x104\x8c\x18\x16\x1c\x8a\x8e\xfd\x8b{ZVHZ2\xd3\xd6-~\x96\x80#\xee)+L\xf1\x00\xd5p\xe7 \x8c\xd2\a\x1e\xae\xb4\xe8\xd1\xe1\xed\xb8\x94\xb2*\x1c\xaeG\x1e\xdb\xc0Q\xb9`K\xffG\xc0\xa2\xb41\xac\x98\x01\xde}:\b\xa0Oq\xec\xa8\xf0\x8f\xe3\xa17\xe3\xd7\x9c^\x90\xfal\xbe\x81\x9a\xa4\x00K', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
bind$can_j1939(r2, &(0x7f0000000340)={0x1d, r3, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
close(0xffffffffffffffff)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r6=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r6, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
fremovexattr(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="74224b87089dd08998"])
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

2.01419715s ago: executing program 5 (id=1722):
syz_open_dev$vbi(0x0, 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43}}, &(0x7f0000000480)='syzkaller\x00', 0x44000000}, 0x80)

1.667935671s ago: executing program 1 (id=1723):
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000000c0), 0xfffffffffffffffc, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180)=0xe)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, 0x1, 0x9, 0x301, 0x0, 0x0, {0x1, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x24000011)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000034000)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setresgid(0x0, 0xee01, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
r4 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r4, 0xffffffff80000901, 0xee00, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000300)='bic\x00', 0x4)
sendmmsg$inet(r3, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4867681f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e347081fdb93cee93217e11f19cde423e6138bd1b79ee615527ccaf8049959ac6e32af46d777ccb8c26ca925f69590df13a81aee3213e80ba5cacf1f930b3cc49093d11594ef13", 0xb2}, {&(0x7f00000002c0)="9c811ff500139d7d", 0x8}], 0x2}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f00000007c0)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f2a765f8220323add67b2b6695ca41adcda387a4264bcd94c8578a9ccca3b55ebcda45369b56068cfeec34abc2cbd94b9b12d057fa9d4328d57073f40e5ae64443e4a10ed400575bbd1168a170a0134b9ad28735dbd9603a9e417cce864f2141a92f57e1fdfcff4776f94a794d6db8d3e9e0ecc783956c7ab15a8d5639d3df1ac9da6057af913a563bd55b657f37cbf4cae2919aea6ff8a7490b4c036361b8866cc062bbad019f43d02b0c38bd6309f2baa53924466203ab8d00daaac4c9da846e645d64c10e47c32e9824e79ade4eeee7cbf71b1bb48f760800b04334745ab553dea12a85f0671eb07a4cc67ceaffa8269e0b052f25136cfb8a6b9327a2d165c42933642d3171ad00ebf0be485f5ed319021600a94072f251c8905a2451eba3ba7db2ec5fb8613463a796610629719166259ffa3261e06f09b5a69798b88848da9028ff7ed8a", 0x2fb}], 0x1}}], 0x2, 0x0)

1.308494637s ago: executing program 5 (id=1724):
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r0 = socket$tipc(0x1e, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0xcbe8, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
socket$inet_tcp(0x2, 0x1, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x20010, 0xffffffffffffffff, 0x200000)
openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x5)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8926, &(0x7f0000002640)={'team_slave_0\x00', @random="76f64c34b99d"})
bind$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10)
listen(r0, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r4, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x0)
accept4(0xffffffffffffffff, &(0x7f0000000180)=@xdp, &(0x7f0000000140)=0x80, 0x80000)
socket(0x2, 0x80805, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

1.131584846s ago: executing program 6 (id=1725):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0x80000018})
shutdown(r1, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x10000, 0x1, 0x8000000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
epoll_create1(0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, 0x0, 0xc000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5)
setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000)
setsockopt$inet_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r5 = socket$netlink(0x10, 0x3, 0x10)
readv(r1, &(0x7f00000006c0)=[{&(0x7f0000000240)=""/50, 0x32}, {&(0x7f0000000280)=""/203, 0xcb}, {&(0x7f0000000380)=""/14, 0xe}, {&(0x7f00000003c0)=""/235, 0xeb}, {&(0x7f00000004c0)=""/226, 0xe2}, {&(0x7f00000005c0)=""/234, 0xea}], 0x6)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
ioctl$VIDIOC_S_HW_FREQ_SEEK(0xffffffffffffffff, 0x40305652, &(0x7f0000000040)={0x1, 0x1, 0x6e, 0x0, 0xd, 0x80000000, 0x4001})

727.956742ms ago: executing program 1 (id=1726):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000005c0), 0x20642, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$SIOCAX25ADDUID(r1, 0x89e1, &(0x7f0000000240)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xee00})
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000340)={{0x1, 0x1, 0x18, <r2=>r0}, './file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x22, 0x800000000004}, &(0x7f0000000280)=<r3=>0x0)
r4 = syz_open_dev$ttys(0xc, 0x2, 0x1)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000600)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6004, 0x1)
pipe2$9p(&(0x7f00000000c0), 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000200), 0x1000, &(0x7f00000003c0)=ANY=[@ANYRESHEX=r3, @ANYRES32, @ANYBLOB="fbd1b8b850db180c1def3d", @ANYRESHEX=r4, @ANYRESOCT=r2])
timer_settime(0x0, 0x0, &(0x7f00000004c0)={{}, {0x0, 0x9}}, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000440)={{0x0, 0x3938700}}, &(0x7f0000000480))
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0x7, &(0x7f0000000040)={0x5, 0x40, 0x5, 0x9735}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x1, &(0x7f0000000080))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_ENUMSTD(r6, 0xc0485619, &(0x7f00000000c0)={0x6, 0x1000, "94da23c6bb3dc1946f19f99f838cbeecefdffad6262a9d96", {0x6, 0x2}, 0xdbf9})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20004005)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x20, 0x3, &(0x7f0000000480)=ANY=[@ANYRES8=0x0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
socket$nl_sock_diag(0x10, 0x3, 0x4)
getpriority(0x2, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x541b)

296.569521ms ago: executing program 4 (id=1727):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680))
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xf3, 0x1b1c07, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
r1 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80d02, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r3=>0x0})
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='source', &(0x7f0000000180)='b:::\x00\xef\xdfB\xfa=\xe3\xd1\x9d\xe1\xbfUlJ4]y-,\x8a\x03\x91xu\x9cP\xdc\xe5\x95\xa2@\x9c\x98\xa4\xd2\xd4}\xc8]7N\xf3\x0e\'\xa0x\xfbdt\xb4\x1fW\xe7\xbe\xaf\x01.zT\xab\x92I\x104\x8c\x18\x16\x1c\x8a\x8e\xfd\x8b{ZVHZ2\xd3\xd6-~\x96\x80#\xee)+L\xf1\x00\xd5p\xe7 \x8c\xd2\a\x1e\xae\xb4\xe8\xd1\xe1\xed\xb8\x94\xb2*\x1c\xaeG\x1e\xdb\xc0Q\xb9`K\xffG\xc0\xa2\xb41\xac\x98\x01\xde}:\b\xa0Oq\xec\xa8\xf0\x8f\xe3\xa17\xe3\xd7\x9c^\x90\xfal\xbe\x81\x9a\xa4\x00K', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
bind$can_j1939(r2, &(0x7f0000000340)={0x1d, r3, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
close(r0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r6=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r6, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
fremovexattr(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="74224b87089dd08998"])
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

0s ago: executing program 1 (id=1728):
r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000005c0), 0x20642, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$SIOCAX25ADDUID(r1, 0x89e1, &(0x7f0000000240)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xee00})
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000340)={{0x1, 0x1, 0x18, <r2=>r0}, './file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = gettid()
timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x22, 0x800000000004, @tid=r3}, &(0x7f0000000280))
syz_open_dev$ttys(0xc, 0x2, 0x1)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000600)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6004, 0x1)
pipe2$9p(&(0x7f00000000c0), 0x0)
timer_settime(0x0, 0x0, &(0x7f00000004c0)={{}, {0x0, 0x9}}, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000440)={{0x0, 0x3938700}}, &(0x7f0000000480))
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0x7, &(0x7f0000000040)={0x5, 0x40, 0x5, 0x9735}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x1, &(0x7f0000000080))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_ENUMSTD(r5, 0xc0485619, &(0x7f00000000c0)={0x6, 0x1000, "94da23c6bb3dc1946f19f99f838cbeecefdffad6262a9d96", {0x6, 0x2}, 0xdbf9})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20004005)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x20, 0x3, &(0x7f0000000480)=ANY=[@ANYRES8=0x0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x541b)

kernel console output (not intermixed with test programs):

[ T5851] libceph: mon0 (1)[c::]:6789 connect error
[  450.734802][ T5851] libceph: connect (1)[c::]:6789 error -101
[  450.740866][ T5851] libceph: mon0 (1)[c::]:6789 connect error
[  450.809170][T10943] ceph: No mds server is up or the cluster is laggy
[  450.993140][ T5900] usb 3-1: device descriptor read/8, error -71
[  451.014083][ T5990] libceph: connect (1)[b::]:6789 error -101
[  451.035950][ T5990] libceph: mon0 (1)[b::]:6789 connect error
[  451.051879][   T30] audit: type=1400 audit(1758281385.301:803): avc:  denied  { write } for  pid=10950 comm="syz.4.1181" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  451.074862][    C0] vkms_vblank_simulate: vblank timer overrun
[  451.149421][   T24] libceph: connect (1)[c::]:6789 error -101
[  451.159643][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  451.168101][T10946] ceph: No mds server is up or the cluster is laggy
[  451.420767][ T5990] libceph: connect (1)[b::]:6789 error -101
[  451.644737][ T5990] libceph: mon0 (1)[b::]:6789 connect error
[  452.124181][T10965] netlink: 'syz.2.1182': attribute type 4 has an invalid length.
[  452.624650][T10975] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1187'.
[  452.704875][T10976] FAULT_INJECTION: forcing a failure.
[  452.704875][T10976] name failslab, interval 1, probability 0, space 0, times 0
[  452.717703][T10976] CPU: 1 UID: 0 PID: 10976 Comm: syz.3.1186 Not tainted syzkaller #0 PREEMPT(full) 
[  452.717729][T10976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  452.717739][T10976] Call Trace:
[  452.717745][T10976]  <TASK>
[  452.717752][T10976]  dump_stack_lvl+0x16c/0x1f0
[  452.717779][T10976]  should_fail_ex+0x512/0x640
[  452.717801][T10976]  ? fs_reclaim_acquire+0xae/0x150
[  452.717826][T10976]  ? tomoyo_encode2+0x100/0x3e0
[  452.717851][T10976]  should_failslab+0xc2/0x120
[  452.717871][T10976]  __kmalloc_noprof+0xd2/0x510
[  452.717889][T10976]  ? d_absolute_path+0x136/0x1a0
[  452.717919][T10976]  tomoyo_encode2+0x100/0x3e0
[  452.717948][T10976]  tomoyo_encode+0x29/0x50
[  452.717972][T10976]  tomoyo_realpath_from_path+0x18f/0x6e0
[  452.718005][T10976]  tomoyo_mount_acl+0x664/0x850
[  452.718042][T10976]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  452.718065][T10976]  ? irqentry_exit+0x3b/0x90
[  452.718115][T10976]  ? tomoyo_domain+0xbb/0x150
[  452.718132][T10976]  ? tomoyo_profile+0x47/0x60
[  452.718152][T10976]  tomoyo_mount_permission+0x16d/0x420
[  452.718175][T10976]  ? tomoyo_mount_permission+0x14f/0x420
[  452.718201][T10976]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  452.718241][T10976]  security_sb_mount+0x9b/0x260
[  452.718266][T10976]  path_mount+0x15f/0x2000
[  452.718293][T10976]  ? __pfx_path_mount+0x10/0x10
[  452.718316][T10976]  ? kmem_cache_free+0x2d1/0x4d0
[  452.718333][T10976]  ? putname+0x154/0x1a0
[  452.718360][T10976]  ? putname+0x154/0x1a0
[  452.718385][T10976]  ? __x64_sys_mount+0x28d/0x310
[  452.718405][T10976]  __x64_sys_mount+0x28d/0x310
[  452.718427][T10976]  ? __pfx___x64_sys_mount+0x10/0x10
[  452.718458][T10976]  do_syscall_64+0xcd/0x4e0
[  452.718483][T10976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.718505][T10976] RIP: 0033:0x7fbe9658eba9
[  452.718519][T10976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  452.718535][T10976] RSP: 002b:00007fbe974a0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  452.718553][T10976] RAX: ffffffffffffffda RBX: 00007fbe967d6180 RCX: 00007fbe9658eba9
[  452.718564][T10976] RDX: 0000200000000000 RSI: 00002000000001c0 RDI: 0000200000000080
[  452.718575][T10976] RBP: 00007fbe974a0090 R08: 0000000000000000 R09: 0000000000000000
[  452.718585][T10976] R10: 0000000000000401 R11: 0000000000000246 R12: 0000000000000002
[  452.718595][T10976] R13: 00007fbe967d6218 R14: 00007fbe967d6180 R15: 00007ffc9a178e98
[  452.718619][T10976]  </TASK>
[  452.718724][T10976] ERROR: Out of memory at tomoyo_realpath_from_path.
[  453.111612][T10978] netlink: 'syz.1.1189': attribute type 1 has an invalid length.
[  453.134621][T10978] netlink: 'syz.1.1189': attribute type 1 has an invalid length.
[  453.201672][T10978] bond2: entered promiscuous mode
[  453.220873][T10978] 8021q: adding VLAN 0 to HW filter on device bond2
[  453.260881][T10986] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  454.304116][T11008] openvswitch: netlink: Message has 8 unknown bytes.
[  454.311033][T11008] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  455.660297][T11017] netlink: 'syz.4.1193': attribute type 4 has an invalid length.
[  458.442296][T11053] openvswitch: netlink: Message has 8 unknown bytes.
[  458.449167][T11053] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  458.920103][T11056] FAULT_INJECTION: forcing a failure.
[  458.920103][T11056] name failslab, interval 1, probability 0, space 0, times 0
[  459.699770][T11056] CPU: 0 UID: 0 PID: 11056 Comm: syz.0.1204 Not tainted syzkaller #0 PREEMPT(full) 
[  459.699796][T11056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  459.699802][T11056] Call Trace:
[  459.699806][T11056]  <TASK>
[  459.699811][T11056]  dump_stack_lvl+0x16c/0x1f0
[  459.699833][T11056]  should_fail_ex+0x512/0x640
[  459.699848][T11056]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  459.699862][T11056]  should_failslab+0xc2/0x120
[  459.699875][T11056]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  459.699886][T11056]  ? __alloc_skb+0x2b2/0x380
[  459.699901][T11056]  __alloc_skb+0x2b2/0x380
[  459.699914][T11056]  ? __pfx___alloc_skb+0x10/0x10
[  459.699927][T11056]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  459.699945][T11056]  netlink_alloc_large_skb+0x69/0x130
[  459.699961][T11056]  netlink_sendmsg+0x6a1/0xdd0
[  459.699978][T11056]  ? __pfx_netlink_sendmsg+0x10/0x10
[  459.699998][T11056]  __sys_sendto+0x4a0/0x520
[  459.700011][T11056]  ? __pfx___sys_sendto+0x10/0x10
[  459.700035][T11056]  ? ksys_write+0x1ac/0x250
[  459.700047][T11056]  ? __pfx_ksys_write+0x10/0x10
[  459.700060][T11056]  __x64_sys_sendto+0xe0/0x1c0
[  459.700071][T11056]  ? do_syscall_64+0x91/0x4e0
[  459.700086][T11056]  ? lockdep_hardirqs_on+0x7c/0x110
[  459.700100][T11056]  do_syscall_64+0xcd/0x4e0
[  459.700115][T11056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.700126][T11056] RIP: 0033:0x7fc140d8eba9
[  459.700135][T11056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.700150][T11056] RSP: 002b:00007fc141b5d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  459.700160][T11056] RAX: ffffffffffffffda RBX: 00007fc140fd6090 RCX: 00007fc140d8eba9
[  459.700167][T11056] RDX: 0000000000000078 RSI: 0000200000000180 RDI: 0000000000000003
[  459.700174][T11056] RBP: 00007fc141b5d090 R08: 0000000000000000 R09: 0000000000000000
[  459.700180][T11056] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  459.700186][T11056] R13: 00007fc140fd6128 R14: 00007fc140fd6090 R15: 00007ffc8b3cd248
[  459.700200][T11056]  </TASK>
[  461.459274][ T5990] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  461.613585][ T5990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  461.625212][ T5990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  461.838072][   T30] audit: type=1326 audit(1758281396.587:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11082 comm="syz.0.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc140d8eba9 code=0x7ffc0000
[  461.883646][ T5990] usb 5-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00
[  461.901168][   T30] audit: type=1326 audit(1758281396.587:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11082 comm="syz.0.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc140d8eba9 code=0x7ffc0000
[  461.925019][ T5990] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.020719][ T5990] usb 5-1: config 0 descriptor??
[  462.059311][   T30] audit: type=1326 audit(1758281396.587:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11082 comm="syz.0.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7fc140d8eba9 code=0x7ffc0000
[  462.103769][   T30] audit: type=1326 audit(1758281396.587:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11082 comm="syz.0.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc140d8eba9 code=0x7ffc0000
[  462.282850][   T30] audit: type=1326 audit(1758281396.587:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11082 comm="syz.0.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc140d8d510 code=0x7ffc0000
[  462.599981][   T30] audit: type=1326 audit(1758281396.587:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11082 comm="syz.0.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc140d8eba9 code=0x7ffc0000
[  462.624446][   T30] audit: type=1326 audit(1758281396.587:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11082 comm="syz.0.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc140d8eba9 code=0x7ffc0000
[  462.647746][    C1] vkms_vblank_simulate: vblank timer overrun
[  462.819499][ T5990] waltop 0003:172F:0501.0009: hidraw0: USB HID v0.00 Device [HID 172f:0501] on usb-dummy_hcd.4-1/input0
[  462.859202][   T30] audit: type=1326 audit(1758281396.587:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11082 comm="syz.0.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc140d8eba9 code=0x7ffc0000
[  462.882594][    C1] vkms_vblank_simulate: vblank timer overrun
[  463.018583][   T30] audit: type=1326 audit(1758281396.587:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11082 comm="syz.0.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fc140d8eba9 code=0x7ffc0000
[  463.041948][    C1] vkms_vblank_simulate: vblank timer overrun
[  463.048702][   T30] audit: type=1326 audit(1758281396.587:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11082 comm="syz.0.1212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc140d8eba9 code=0x7ffc0000
[  463.072106][    C1] vkms_vblank_simulate: vblank timer overrun
[  463.645756][T11111] vlan2: entered allmulticast mode
[  464.559012][T11123] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1220'.
[  465.020536][ T5915] usb 5-1: USB disconnect, device number 32
[  465.099409][T11137] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  465.450371][ T5990] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  465.730306][ T5990] usb 3-1: Using ep0 maxpacket: 16
[  466.045892][ T5990] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  466.072936][ T5990] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  466.082018][ T5990] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.090505][ T5990] usb 3-1: Product: syz
[  466.094644][ T5990] usb 3-1: Manufacturer: syz
[  466.105507][ T5990] usb 3-1: SerialNumber: syz
[  466.150551][ T5990] usb 3-1: config 0 descriptor??
[  466.155130][T11146] netlink: 'syz.1.1225': attribute type 3 has an invalid length.
[  466.185610][T11141] GUP no longer grows the stack in syz.4.1223 (11141): 200000005000-200000008000 (200000004000)
[  466.196666][T11141] CPU: 1 UID: 0 PID: 11141 Comm: syz.4.1223 Not tainted syzkaller #0 PREEMPT(full) 
[  466.196691][T11141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  466.196702][T11141] Call Trace:
[  466.196709][T11141]  <TASK>
[  466.196717][T11141]  dump_stack_lvl+0x16c/0x1f0
[  466.196747][T11141]  gup_vma_lookup+0x1d2/0x220
[  466.196777][T11141]  __get_user_pages+0x243/0x34a0
[  466.196812][T11141]  ? down_read_killable+0x220/0x4b0
[  466.196841][T11141]  ? __pfx___get_user_pages+0x10/0x10
[  466.196867][T11141]  ? __lock_acquire+0x62e/0x1ce0
[  466.196899][T11141]  __gup_longterm_locked+0xa92/0x17e0
[  466.196932][T11141]  ? __pfx___gup_longterm_locked+0x10/0x10
[  466.196961][T11141]  ? find_held_lock+0x2b/0x80
[  466.196991][T11141]  gup_fast_fallback+0xf78/0x23f0
[  466.197023][T11141]  ? __pfx_stack_trace_save+0x10/0x10
[  466.197058][T11141]  ? __kasan_kmalloc+0xaa/0xb0
[  466.197076][T11141]  ? __pfx_gup_fast_fallback+0x10/0x10
[  466.197105][T11141]  ? __x64_sys_futex+0x1e0/0x4c0
[  466.197122][T11141]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.197153][T11141]  get_user_pages_fast+0xa7/0xf0
[  466.197178][T11141]  ? __pfx_get_user_pages_fast+0x10/0x10
[  466.197211][T11141]  get_futex_key+0x2c6/0x1560
[  466.197241][T11141]  ? __pfx_get_futex_key+0x10/0x10
[  466.197271][T11141]  ? kasan_save_track+0x14/0x30
[  466.197288][T11141]  ? __kasan_kmalloc+0xaa/0xb0
[  466.197309][T11141]  futex_lock_pi+0x1cc/0x7c0
[  466.197333][T11141]  ? __pfx_futex_lock_pi+0x10/0x10
[  466.197351][T11141]  ? __futex_wait+0x24c/0x2f0
[  466.197392][T11141]  ? futex_private_hash_put+0x18a/0x300
[  466.197424][T11141]  ? __pfx_futex_wake_mark+0x10/0x10
[  466.197460][T11141]  do_futex+0x11a/0x350
[  466.197488][T11141]  ? __pfx_do_futex+0x10/0x10
[  466.197523][T11141]  __x64_sys_futex+0x1e0/0x4c0
[  466.197544][T11141]  ? __pfx___x64_sys_futex+0x10/0x10
[  466.197572][T11141]  ? xfd_validate_state+0x61/0x180
[  466.197599][T11141]  ? __pfx___x64_sys_signalfd+0x10/0x10
[  466.197634][T11141]  do_syscall_64+0xcd/0x4e0
[  466.197661][T11141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.197679][T11141] RIP: 0033:0x7f029058eba9
[  466.197698][T11141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.197715][T11141] RSP: 002b:00007f02913c6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  466.197733][T11141] RAX: ffffffffffffffda RBX: 00007f02907d5fa0 RCX: 00007f029058eba9
[  466.197744][T11141] RDX: 0000000000000000 RSI: 000000000000000d RDI: 0000200000004000
[  466.197755][T11141] RBP: 00007f0290611e19 R08: 0000000000000000 R09: 0000000000200000
[  466.197765][T11141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  466.197775][T11141] R13: 00007f02907d6038 R14: 00007f02907d5fa0 R15: 00007ffebf670458
[  466.197800][T11141]  </TASK>
[  466.197994][ T5851] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  466.528689][ T5990] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  466.874468][ T5923] usb 3-1: USB disconnect, device number 41
[  466.874992][ T6411] usb 3-1: Failed to submit usb control message: -71
[  466.890865][ T6411] usb 3-1: unable to send the bmi data to the device: -71
[  466.899055][ T6411] usb 3-1: unable to get target info from device
[  466.906843][ T6411] usb 3-1: could not get target info (-71)
[  466.913423][ T6411] usb 3-1: could not probe fw (-71)
[  467.031043][ T5851] usb 1-1: Using ep0 maxpacket: 16
[  467.037624][ T5851] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  467.048568][ T5851] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  467.061131][ T5851] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  467.070760][ T5851] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.081837][ T5851] usb 1-1: config 0 descriptor??
[  467.120684][T11161] afs: Unknown parameter 'fsmagic'
[  467.689175][ T5851] hid-multitouch 0003:1FD2:6007.000A: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.0-1/input0
[  467.824140][T11170] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1231'.
[  469.403000][T11178] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  469.829116][ T5851] usb 1-1: USB disconnect, device number 45
[  470.270149][T11194] openvswitch: netlink: IP tunnel attribute has 95 unknown bytes.
[  470.974019][T11201] FAULT_INJECTION: forcing a failure.
[  470.974019][T11201] name failslab, interval 1, probability 0, space 0, times 0
[  470.986825][T11201] CPU: 1 UID: 0 PID: 11201 Comm: syz.3.1237 Not tainted syzkaller #0 PREEMPT(full) 
[  470.986850][T11201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  470.986860][T11201] Call Trace:
[  470.986867][T11201]  <TASK>
[  470.986874][T11201]  dump_stack_lvl+0x16c/0x1f0
[  470.986901][T11201]  should_fail_ex+0x512/0x640
[  470.986923][T11201]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  470.986952][T11201]  should_failslab+0xc2/0x120
[  470.986974][T11201]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  470.986993][T11201]  ? ovs_flow_alloc+0x10e/0x210
[  470.987017][T11201]  ovs_flow_alloc+0x10e/0x210
[  470.987036][T11201]  ovs_flow_cmd_new+0x231/0xe30
[  470.987061][T11201]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  470.987091][T11201]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  470.987111][T11201]  ? __kasan_kmalloc+0xaa/0xb0
[  470.987128][T11201]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  470.987154][T11201]  ? genl_family_rcv_msg_doit+0xbf/0x2f0
[  470.987178][T11201]  ? genl_rcv_msg+0x55c/0x800
[  470.987206][T11201]  ? netlink_sendmsg+0x8d1/0xdd0
[  470.987227][T11201]  ? ____sys_sendmsg+0xa98/0xc70
[  470.987251][T11201]  ? ___sys_sendmsg+0x134/0x1d0
[  470.987270][T11201]  ? __sys_sendmsg+0x16d/0x220
[  470.987289][T11201]  ? do_syscall_64+0xcd/0x4e0
[  470.987355][T11201]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  470.987381][T11201]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  470.987413][T11201]  genl_family_rcv_msg_doit+0x209/0x2f0
[  470.987441][T11201]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  470.987480][T11201]  ? ns_capable+0x7b/0x110
[  470.987505][T11201]  genl_rcv_msg+0x55c/0x800
[  470.987533][T11201]  ? __pfx_genl_rcv_msg+0x10/0x10
[  470.987559][T11201]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[  470.987595][T11201]  netlink_rcv_skb+0x155/0x420
[  470.987618][T11201]  ? __pfx_genl_rcv_msg+0x10/0x10
[  470.987644][T11201]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  470.987686][T11201]  genl_rcv+0x28/0x40
[  470.987708][T11201]  netlink_unicast+0x5aa/0x870
[  470.987735][T11201]  ? __pfx_netlink_unicast+0x10/0x10
[  470.987759][T11201]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  470.987790][T11201]  netlink_sendmsg+0x8d1/0xdd0
[  470.987818][T11201]  ? __pfx_netlink_sendmsg+0x10/0x10
[  470.987852][T11201]  ____sys_sendmsg+0xa98/0xc70
[  470.987879][T11201]  ? copy_msghdr_from_user+0x10a/0x160
[  470.987901][T11201]  ? __pfx_____sys_sendmsg+0x10/0x10
[  470.987948][T11201]  ___sys_sendmsg+0x134/0x1d0
[  470.987972][T11201]  ? __pfx____sys_sendmsg+0x10/0x10
[  470.988028][T11201]  __sys_sendmsg+0x16d/0x220
[  470.988050][T11201]  ? __pfx___sys_sendmsg+0x10/0x10
[  470.988090][T11201]  do_syscall_64+0xcd/0x4e0
[  470.988115][T11201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.988132][T11201] RIP: 0033:0x7fbe9658eba9
[  470.988147][T11201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.988163][T11201] RSP: 002b:00007fbe974a0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  470.988180][T11201] RAX: ffffffffffffffda RBX: 00007fbe967d6180 RCX: 00007fbe9658eba9
[  470.988196][T11201] RDX: 0000000004008094 RSI: 0000200000000100 RDI: 0000000000000007
[  470.988207][T11201] RBP: 00007fbe974a0090 R08: 0000000000000000 R09: 0000000000000000
[  470.988218][T11201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  470.988228][T11201] R13: 00007fbe967d6218 R14: 00007fbe967d6180 R15: 00007ffc9a178e98
[  470.988255][T11201]  </TASK>
[  471.368345][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  471.368356][   T30] audit: type=1400 audit(1758281406.654:839): avc:  denied  { connect } for  pid=11202 comm="syz.0.1239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  472.264116][T11218] afs: Unknown parameter 'fsmagic'
[  472.965779][ T5923] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  473.344900][ T5923] usb 4-1: Using ep0 maxpacket: 16
[  473.362318][ T5923] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  473.389956][ T5923] usb 4-1: config 0 interface 0 has no altsetting 0
[  473.410757][ T5923] usb 4-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00
[  473.517937][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.529854][ T5923] usb 4-1: config 0 descriptor??
[  473.611763][T11245] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1249'.
[  474.568590][ T5923] usbhid 4-1:0.0: can't add hid device: -71
[  474.595046][ T5923] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  474.655925][ T5923] usb 4-1: USB disconnect, device number 37
[  475.440573][T11263] ceph: No mds server is up or the cluster is laggy
[  475.448091][   T24] libceph: connect (1)[c::]:6789 error -101
[  475.454160][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  475.504397][   T24] libceph: connect (1)[b::]:6789 error -101
[  475.542812][   T24] libceph: mon0 (1)[b::]:6789 connect error
[  475.652036][T11265] ceph: No mds server is up or the cluster is laggy
[  475.907070][T11282] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  475.916349][T11282] exFAT-fs (loop4): unable to read boot sector
[  475.922526][T11282] exFAT-fs (loop4): failed to read boot sector
[  475.928674][T11282] exFAT-fs (loop4): failed to recognize exfat type
[  476.656741][T11286] afs: Unknown parameter 'fsmagic'
[  477.238283][   T24] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  477.423491][   T24] usb 5-1: Using ep0 maxpacket: 16
[  477.477438][   T24] usb 5-1: config 0 has no interfaces?
[  477.508883][   T24] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  477.553291][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.607610][   T24] usb 5-1: Product: syz
[  477.612098][   T24] usb 5-1: Manufacturer: syz
[  477.614736][ T5915] libceph: connect (1)[c::]:6789 error -101
[  477.617268][   T24] usb 5-1: SerialNumber: syz
[  477.645541][   T24] usb 5-1: config 0 descriptor??
[  477.655287][ T5915] libceph: mon0 (1)[c::]:6789 connect error
[  478.033671][ T5915] libceph: connect (1)[c::]:6789 error -101
[  478.114201][T11303] openvswitch: netlink: VXLAN extension 59 out of range max 1
[  478.441959][   T30] audit: type=1400 audit(1758281413.730:840): avc:  denied  { bind } for  pid=11299 comm="syz.2.1263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  478.451933][ T5915] libceph: mon0 (1)[c::]:6789 connect error
[  478.482733][T11295] ceph: No mds server is up or the cluster is laggy
[  478.800739][T11311] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1265'.
[  479.235255][ T5915] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  479.424329][ T5915] usb 1-1: Using ep0 maxpacket: 16
[  479.444354][ T5915] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  479.503827][ T5915] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  479.546124][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.554671][    T9] usb 5-1: USB disconnect, device number 33
[  479.605899][ T5915] usb 1-1: Product: syz
[  479.618609][ T5915] usb 1-1: Manufacturer: syz
[  479.642180][ T5915] usb 1-1: SerialNumber: syz
[  479.646168][T11324] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1269'.
[  480.251793][ T5915] usb 1-1: config 0 descriptor??
[  480.292122][T11324] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1269'.
[  480.310589][ T5915] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  480.626129][   T36] usb 1-1: Failed to submit usb control message: -71
[  480.633856][ T5915] usb 1-1: USB disconnect, device number 46
[  480.704808][   T36] usb 1-1: unable to send the bmi data to the device: -71
[  480.748415][   T36] usb 1-1: unable to get target info from device
[  480.762526][   T36] usb 1-1: could not get target info (-71)
[  480.768991][   T36] usb 1-1: could not probe fw (-71)
[  480.824457][ T5923] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  480.915083][T11342] netlink: 'syz.1.1272': attribute type 1 has an invalid length.
[  481.028699][T11345] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  481.101205][T11345] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  481.128367][ T5923] usb 3-1: Using ep0 maxpacket: 32
[  481.152624][ T5923] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  481.187808][ T5923] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  481.219496][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.234430][ T5923] usb 3-1: config 0 descriptor??
[  481.257757][ T5923] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  481.284591][T11345] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  481.732316][ T6411] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  481.755685][ T6411] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  481.765114][ T6411] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  481.785666][ T6411] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  481.990058][T11359] 
: renamed from bridge_slave_0 (while UP)
[  481.997174][   T30] audit: type=1400 audit(1758281417.793:841): avc:  denied  { read } for  pid=11326 comm="syz.2.1270" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  482.130742][ T5923] libceph: connect (1)[c::]:6789 error -101
[  482.137867][ T5923] libceph: mon0 (1)[c::]:6789 connect error
[  482.152799][   T30] audit: type=1400 audit(1758281417.793:842): avc:  denied  { open } for  pid=11326 comm="syz.2.1270" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  482.302400][T11357] ceph: No mds server is up or the cluster is laggy
[  482.347326][T11361] ceph: No mds server is up or the cluster is laggy
[  482.402300][ T5851] libceph: connect (1)[b::]:6789 error -101
[  482.411275][   T30] audit: type=1326 audit(1758281418.118:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11326 comm="syz.2.1270" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2b9898eba9 code=0x0
[  482.443620][ T5851] libceph: mon0 (1)[b::]:6789 connect error
[  483.272184][T11373] nbd0: detected capacity change from 0 to 127
[  483.415624][   T30] audit: type=1400 audit(1758281419.262:844): avc:  denied  { module_request } for  pid=11374 comm="syz.3.1279" kmod="netdev-syzkaller0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  483.529421][T11337] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  483.578118][ T5168] block nbd0: Receive control failed (result -104)
[  483.588249][T11337] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  484.120905][T11337] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  484.147699][T11337] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  484.172517][T11337] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  484.188331][T11337] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  484.244017][ T5168] Bluetooth: hci1: command 0x0406 tx timeout
[  484.251003][T11337] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  484.257784][T11337] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  484.541781][ T5923] usb 3-1: USB disconnect, device number 42
[  485.291557][ T5851] usb 1-1: new full-speed USB device number 47 using dummy_hcd
[  485.381950][ T5923] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  485.477678][ T5851] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  485.488110][ T5851] usb 1-1: config 0 has no interface number 0
[  485.517435][ T5851] usb 1-1: config 0 interface 12 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  485.558054][ T5851] usb 1-1: config 0 interface 12 has no altsetting 0
[  485.575625][ T5923] usb 3-1: Using ep0 maxpacket: 32
[  485.576512][ T5851] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  485.576537][ T5851] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.576556][ T5851] usb 1-1: Product: syz
[  485.576571][ T5851] usb 1-1: Manufacturer: syz
[  485.576585][ T5851] usb 1-1: SerialNumber: syz
[  485.578888][ T5851] usb 1-1: config 0 descriptor??
[  485.580653][T11393] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  485.581334][ T5923] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  485.581369][ T5923] usb 3-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  485.581391][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.614252][ T5923] usb 3-1: config 0 descriptor??
[  485.614916][ T5851] f81534 1-1:0.12: required endpoints missing
[  485.824737][ T5915] usb 3-1: USB disconnect, device number 43
[  485.967317][T11405] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  486.133925][ T5168] Bluetooth: hci2: command 0x0406 tx timeout
[  486.169686][ T5168] Bluetooth: hci3: command 0x0406 tx timeout
[  486.224882][ T5168] Bluetooth: hci4: command 0x0406 tx timeout
[  486.226330][ T5168] Bluetooth: hci1: command 0x0406 tx timeout
[  486.472924][ T5915] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  486.635476][ T5915] usb 3-1: too many configurations: 13, using maximum allowed: 8
[  486.636542][ T5915] usb 3-1: config 0 has no interfaces?
[  486.637626][ T5915] usb 3-1: config 0 has no interfaces?
[  486.641472][ T5915] usb 3-1: config 0 has no interfaces?
[  486.644717][ T5915] usb 3-1: config 0 has no interfaces?
[  486.645720][ T5915] usb 3-1: config 0 has no interfaces?
[  486.647703][ T5915] usb 3-1: config 0 has no interfaces?
[  486.648699][ T5915] usb 3-1: config 0 has no interfaces?
[  486.659062][ T5915] usb 3-1: config 0 has no interfaces?
[  486.678100][ T5915] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  486.678125][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.678142][ T5915] usb 3-1: Product: syz
[  486.678154][ T5915] usb 3-1: Manufacturer: syz
[  486.678162][ T5915] usb 3-1: SerialNumber: syz
[  486.679328][ T5915] usb 3-1: config 0 descriptor??
[  486.887867][ T5915] usb 3-1: USB disconnect, device number 44
[  487.257426][T11416] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  487.266665][T11416] exFAT-fs (loop4): unable to read boot sector
[  487.272807][T11416] exFAT-fs (loop4): failed to read boot sector
[  487.278993][T11416] exFAT-fs (loop4): failed to recognize exfat type
[  487.636623][ T5915] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  487.645833][ T5958] usb 1-1: USB disconnect, device number 47
[  487.712378][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  487.718801][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  487.816123][ T5915] usb 3-1: Using ep0 maxpacket: 32
[  487.986567][ T5915] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  487.997163][ T5915] usb 3-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  488.006399][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  488.014044][ T5915] usb 3-1: config 0 descriptor??
[  488.044800][ T5846] Bluetooth: hci2: command 0x0406 tx timeout
[  488.187512][ T5846] Bluetooth: hci3: command 0x0406 tx timeout
[  488.198440][ T5846] Bluetooth: hci4: command 0x0406 tx timeout
[  488.349293][ T5958] usb 3-1: USB disconnect, device number 45
[  488.638194][T11426] ceph: No mds server is up or the cluster is laggy
[  488.744014][ T5915] libceph: connect (1)[c::]:6789 error -101
[  488.754358][ T5915] libceph: mon0 (1)[c::]:6789 connect error
[  489.769340][T11442] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1292'.
[  490.504270][ T5915] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  490.807004][ T5851] usb 1-1: new full-speed USB device number 48 using dummy_hcd
[  490.902913][ T5915] usb 5-1: Using ep0 maxpacket: 8
[  490.910507][ T5915] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  490.919703][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.928743][ T5915] usb 5-1: Product: syz
[  490.933365][ T5915] usb 5-1: Manufacturer: syz
[  490.950277][ T5915] usb 5-1: SerialNumber: syz
[  490.967722][ T5915] usb 5-1: config 0 descriptor??
[  490.977534][ T5915] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  491.037172][ T5851] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  491.077213][ T5851] usb 1-1: config 0 has no interface number 0
[  491.084466][ T5851] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  491.135483][ T5851] usb 1-1: New USB device found, idVendor=0421, idProduct=0492, bcdDevice=49.fc
[  491.146224][ T5851] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.155946][ T5851] usb 1-1: Product: syz
[  491.160289][ T5851] usb 1-1: Manufacturer: syz
[  491.171481][ T5851] usb 1-1: SerialNumber: syz
[  491.187333][ T5851] usb 1-1: config 0 descriptor??
[  491.195591][T11438] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  491.206823][ T5851] usb-storage 1-1:0.132: USB Mass Storage device detected
[  491.237042][ T5851] usb-storage 1-1:0.132: Quirks match for vid 0421 pid 0492: 400
[  491.331166][   T24] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  491.478742][   T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  491.489023][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  491.501417][   T24] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  491.527647][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  491.547984][   T24] usb 3-1: SerialNumber: syz
[  491.548108][T11469] netlink: 268 bytes leftover after parsing attributes in process `syz.1.1300'.
[  491.585892][T11469] unsupported nla_type 65024
[  491.750788][T11472] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1301'.
[  492.085365][   T24] usb 3-1: 0:2 : does not exist
[  492.120400][   T24] usb 3-1: USB disconnect, device number 46
[  492.152797][ T8779] udevd[8779]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  492.635977][ T5915] gspca_sonixj: i2c_w8 err -71
[  492.693439][ T5915] sonixj 5-1:0.0: probe with driver sonixj failed with error -71
[  492.709828][ T5915] usb 5-1: USB disconnect, device number 34
[  492.791545][T11481] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1303'.
[  492.807860][T11481] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1303'.
[  494.242993][   T30] audit: type=1400 audit(1758281430.663:845): avc:  denied  { write } for  pid=11498 comm="syz.1.1310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  494.484718][   T24] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  494.636241][   T24] usb 2-1: Using ep0 maxpacket: 32
[  494.642854][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  494.653010][   T24] usb 2-1: config 0 has no interfaces?
[  494.658549][ T5851] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  494.676699][   T24] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  494.687506][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.724670][   T24] usb 2-1: config 0 descriptor??
[  494.808639][ T5851] usb 5-1: Using ep0 maxpacket: 8
[  494.815333][ T5851] usb 5-1: unable to get BOS descriptor or descriptor too short
[  494.825139][ T5851] usb 5-1: config 4 interface 0 has no altsetting 0
[  494.834313][ T5851] usb 5-1: string descriptor 0 read error: -22
[  494.840912][ T5851] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  494.850197][ T5851] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.863275][ T5851] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  494.887173][ T5851] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  494.901202][ T5851] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  494.909178][ T5851] usb 5-1: media controller created
[  494.928438][T11499] program syz.1.1310 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  494.949913][ T5851] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  495.032807][T11511] binder_alloc: 11510: binder_alloc_buf size 14440 failed, no address space
[  495.042396][T11511] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288)
[  495.126076][ T5851] usb 2-1: USB disconnect, device number 32
[  495.281770][T11502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  495.290523][T11502] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  495.304404][ T5851] usb 5-1: USB disconnect, device number 35
[  495.828736][   T30] audit: type=1400 audit(1758281432.332:846): avc:  denied  { mounton } for  pid=11522 comm="syz.4.1318" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  495.828756][T11523] binder: Unknown parameter 'spVÞ{'
[  495.931939][ T5958] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  496.076483][ T5958] usb 2-1: Using ep0 maxpacket: 8
[  496.107962][ T5915] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  496.187651][ T5958] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  496.202206][ T5958] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.224243][ T5958] usb 2-1: Product: syz
[  496.231718][ T5958] usb 2-1: Manufacturer: syz
[  496.245321][ T5958] usb 2-1: SerialNumber: syz
[  496.312290][ T5958] usb 2-1: config 0 descriptor??
[  496.352045][ T5915] usb 5-1: Using ep0 maxpacket: 8
[  496.398229][ T5915] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  496.425781][ T5958] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  496.444776][ T5915] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  496.455060][ T5915] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  496.465426][ T5915] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  496.476089][ T5915] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  496.497390][ T5915] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  496.506558][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  496.731050][ T5915] usb 5-1: GET_CAPABILITIES returned 0
[  496.736662][ T5915] usbtmc 5-1:16.0: can't read capabilities
[  496.925717][T11525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  496.934917][T11525] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  496.992701][T11532] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  496.992701][T11532] The task syz.4.1319 (11532) triggered the difference, watch for misbehavior.
[  497.557391][ T5915] libceph: connect (1)[c::]:6789 error -101
[  497.565871][ T5915] libceph: mon0 (1)[c::]:6789 connect error
[  497.818222][   T10] libceph: connect (1)[c::]:6789 error -101
[  497.824303][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  497.932113][ T5958] gspca_sonixj: i2c_w8 err -71
[  497.989266][ T5958] sonixj 2-1:0.0: probe with driver sonixj failed with error -71
[  497.999214][ T5958] usb 2-1: USB disconnect, device number 33
[  498.178802][T11535] ceph: No mds server is up or the cluster is laggy
[  498.754555][ T5958] usb 5-1: USB disconnect, device number 36
[  501.318467][T11408] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  501.327184][T11408] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  501.335355][T11408] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  501.352820][T11408] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  501.362917][T11408] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  501.392487][   T30] audit: type=1400 audit(1758281438.169:847): avc:  denied  { mounton } for  pid=11571 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  502.100335][T11571] chnl_net:caif_netlink_parms(): no params data found
[  502.378020][T11571] bridge0: port 1(bridge_slave_0) entered blocking state
[  502.405196][T11571] bridge0: port 1(bridge_slave_0) entered disabled state
[  502.433020][T11571] bridge_slave_0: entered allmulticast mode
[  502.450684][T11571] bridge_slave_0: entered promiscuous mode
[  502.476695][T11571] bridge0: port 2(bridge_slave_1) entered blocking state
[  502.657311][T11571] bridge0: port 2(bridge_slave_1) entered disabled state
[  502.666319][   T24] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  502.674663][T11571] bridge_slave_1: entered allmulticast mode
[  502.696861][T11571] bridge_slave_1: entered promiscuous mode
[  502.757052][T11571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  502.773833][T11571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  502.818686][   T24] usb 3-1: Using ep0 maxpacket: 8
[  502.832007][   T24] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  502.841328][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  502.849462][   T24] usb 3-1: Product: syz
[  502.866316][   T24] usb 3-1: Manufacturer: syz
[  502.882719][   T24] usb 3-1: SerialNumber: syz
[  502.902884][   T24] usb 3-1: config 0 descriptor??
[  502.934094][   T24] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  502.949092][T11571] team0: Port device team_slave_0 added
[  502.957526][T11571] team0: Port device team_slave_1 added
[  503.058974][T11571] batman_adv: batadv0: Adding interface: batadv_slave_0
[  503.066246][T11571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  503.093373][T11571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  503.107475][T11571] batman_adv: batadv0: Adding interface: batadv_slave_1
[  503.114484][T11571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  503.141885][T11571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  503.191577][T11571] hsr_slave_0: entered promiscuous mode
[  503.198177][T11571] hsr_slave_1: entered promiscuous mode
[  503.204857][T11571] debugfs: 'hsr0' already exists in 'hsr'
[  503.213893][T11571] Cannot create hsr debugfs directory
[  503.362410][T11408] Bluetooth: hci5: command tx timeout
[  503.801753][T11571] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  503.832738][T11571] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  503.854204][T11571] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  503.871695][T11571] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  503.987518][ T5846] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  503.996881][ T5846] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  504.007937][ T5846] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  504.017301][ T5846] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  504.027623][ T5846] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  504.401915][   T24] gspca_sonixj: i2c_w8 err -71
[  504.505291][   T24] sonixj 3-1:0.0: probe with driver sonixj failed with error -71
[  504.542719][   T24] usb 3-1: USB disconnect, device number 47
[  504.704946][T11571] 8021q: adding VLAN 0 to HW filter on device bond0
[  504.967854][T11571] 8021q: adding VLAN 0 to HW filter on device team0
[  504.995240][ T8324] bridge0: port 1(bridge_slave_0) entered blocking state
[  505.002438][ T8324] bridge0: port 1(bridge_slave_0) entered forwarding state
[  505.044728][ T8314] bridge0: port 2(bridge_slave_1) entered blocking state
[  505.051843][ T8314] bridge0: port 2(bridge_slave_1) entered forwarding state
[  505.160798][T11626] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1342'.
[  505.343005][T11408] Bluetooth: hci5: command tx timeout
[  505.543150][   T10] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  505.579545][T11612] chnl_net:caif_netlink_parms(): no params data found
[  505.705220][   T10] usb 3-1: Using ep0 maxpacket: 16
[  505.713622][T11612] bridge0: port 1(bridge_slave_0) entered blocking state
[  505.727808][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  505.730534][T11612] bridge0: port 1(bridge_slave_0) entered disabled state
[  505.758808][T11612] bridge_slave_0: entered allmulticast mode
[  505.768993][T11612] bridge_slave_0: entered promiscuous mode
[  505.779298][   T10] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  505.784488][T11612] bridge0: port 2(bridge_slave_1) entered blocking state
[  505.801519][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.812430][   T10] usb 3-1: Product: syz
[  505.816593][   T10] usb 3-1: Manufacturer: syz
[  505.826181][   T10] usb 3-1: SerialNumber: syz
[  505.838411][T11612] bridge0: port 2(bridge_slave_1) entered disabled state
[  505.843359][   T10] usb 3-1: config 0 descriptor??
[  505.874597][T11612] bridge_slave_1: entered allmulticast mode
[  505.894535][T11612] bridge_slave_1: entered promiscuous mode
[  505.904592][   T10] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  505.917295][   T30] audit: type=1326 audit(1758281442.914:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11650 comm="syz.1.1347" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f99f238eba9 code=0x0
[  505.953422][T11408] Bluetooth: hci6: command tx timeout
[  506.024890][T11612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  506.045083][T11612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  506.067612][   T10] usb 3-1: USB disconnect, device number 48
[  506.070560][ T8309] usb 3-1: Failed to submit usb control message: -71
[  506.091631][ T8309] usb 3-1: unable to send the bmi data to the device: -71
[  506.100834][ T8309] usb 3-1: unable to get target info from device
[  506.116541][ T8309] usb 3-1: could not get target info (-71)
[  506.125471][ T8309] usb 3-1: could not probe fw (-71)
[  506.144050][T11612] team0: Port device team_slave_0 added
[  506.162272][T11612] team0: Port device team_slave_1 added
[  506.179886][T11657] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  506.193432][T11657] exFAT-fs (loop4): unable to read boot sector
[  506.197580][T11571] 8021q: adding VLAN 0 to HW filter on device batadv0
[  506.206686][T11657] exFAT-fs (loop4): failed to read boot sector
[  506.210241][T11612] batman_adv: batadv0: Adding interface: batadv_slave_0
[  506.219417][T11657] exFAT-fs (loop4): failed to recognize exfat type
[  506.222988][T11612] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  506.257002][T11612] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  506.274875][T11612] batman_adv: batadv0: Adding interface: batadv_slave_1
[  506.282276][T11612] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  506.311363][T11612] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  506.366169][T11612] hsr_slave_0: entered promiscuous mode
[  506.376179][T11612] hsr_slave_1: entered promiscuous mode
[  506.384856][T11612] debugfs: 'hsr0' already exists in 'hsr'
[  506.390668][T11612] Cannot create hsr debugfs directory
[  506.541526][T11571] veth0_vlan: entered promiscuous mode
[  506.598064][T11571] veth1_vlan: entered promiscuous mode
[  506.671587][T11612] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  506.987297][T11612] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  507.018771][T11612] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  507.066009][T11612] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  507.091955][T11571] veth0_macvtap: entered promiscuous mode
[  507.151872][T11571] veth1_macvtap: entered promiscuous mode
[  507.310613][T11571] batman_adv: batadv0: Interface activated: batadv_slave_0
[  507.324757][T11408] Bluetooth: hci5: command tx timeout
[  507.759073][T11571] batman_adv: batadv0: Interface activated: batadv_slave_1
[  507.783215][   T10] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  507.818214][ T2117] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  507.832380][ T2117] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  507.844953][ T2117] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  507.869084][ T2117] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  507.934472][T11408] Bluetooth: hci6: command tx timeout
[  507.991227][   T10] usb 3-1: Using ep0 maxpacket: 8
[  508.013797][   T10] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  508.153342][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  508.190302][   T10] usb 3-1: Product: syz
[  508.247993][T11686] ceph: No mds server is up or the cluster is laggy
[  508.386215][    T9] libceph: connect (1)[c::]:6789 error -101
[  508.394481][T11612] 8021q: adding VLAN 0 to HW filter on device bond0
[  508.401305][   T10] usb 3-1: Manufacturer: syz
[  508.407579][   T10] usb 3-1: SerialNumber: syz
[  508.413124][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  508.418870][ T2117] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  508.436650][   T10] usb 3-1: config 0 descriptor??
[  508.447258][ T2117] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  508.470331][   T10] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  508.485216][T11612] 8021q: adding VLAN 0 to HW filter on device team0
[  508.566194][ T8313] bridge0: port 1(bridge_slave_0) entered blocking state
[  508.573297][ T8313] bridge0: port 1(bridge_slave_0) entered forwarding state
[  508.616269][ T8328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  508.627857][ T8314] bridge0: port 2(bridge_slave_1) entered blocking state
[  508.634965][ T8314] bridge0: port 2(bridge_slave_1) entered forwarding state
[  508.639237][ T8328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  508.789669][T11691] bridge0: port 2(bridge_slave_1) entered disabled state
[  508.797075][T11691] bridge0: port 1(bridge_slave_0) entered disabled state
[  508.812248][T11691] bridge0: entered promiscuous mode
[  508.931791][T11695] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1354'.
[  508.942340][T11695] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1354'.
[  509.164404][T11700] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  509.337748][    T9] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  509.345558][T11408] Bluetooth: hci5: command tx timeout
[  509.574623][    T9] usb 2-1: Using ep0 maxpacket: 16
[  509.589379][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  509.616655][    T9] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  509.635467][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  509.644355][    T9] usb 2-1: Product: syz
[  509.652340][    T9] usb 2-1: Manufacturer: syz
[  509.657029][    T9] usb 2-1: SerialNumber: syz
[  509.693496][    T9] usb 2-1: config 0 descriptor??
[  509.722242][T11612] 8021q: adding VLAN 0 to HW filter on device batadv0
[  509.839924][   T10] gspca_sonixj: i2c_w8 err -71
[  509.948725][T11408] Bluetooth: hci6: command tx timeout
[  510.000050][   T10] sonixj 3-1:0.0: probe with driver sonixj failed with error -71
[  510.031084][   T10] usb 3-1: USB disconnect, device number 49
[  510.124307][T11711] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1356'.
[  510.133469][T11711] openvswitch: netlink: Flow actions attr not present in new flow.
[  510.681454][T11719] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1357'.
[  511.022365][T11612] veth0_vlan: entered promiscuous mode
[  511.121055][T11612] veth1_vlan: entered promiscuous mode
[  511.124902][T11726] loop2: detected capacity change from 0 to 7
[  511.148915][T11726] Dev loop2: unable to read RDB block 7
[  511.154741][T11726]  loop2: unable to read partition table
[  511.166241][T11726] loop2: partition table beyond EOD, truncated
[  511.175376][T11726] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  511.252121][   T10] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  511.266471][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/70.tmp-b7:2' failed: Read-only file system
[  511.298853][T11612] veth0_macvtap: entered promiscuous mode
[  511.326153][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/70.tmp-b7:2' failed: Read-only file system
[  511.348561][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/70.tmp-b7:2' failed: Read-only file system
[  511.441616][   T10] usb 3-1: Using ep0 maxpacket: 16
[  511.443312][T11612] veth1_macvtap: entered promiscuous mode
[  511.448213][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  511.481883][   T10] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  511.491030][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.499024][   T10] usb 3-1: Product: syz
[  511.503468][   T10] usb 3-1: Manufacturer: syz
[  511.513089][   T10] usb 3-1: SerialNumber: syz
[  511.526634][   T10] usb 3-1: config 0 descriptor??
[  511.666260][T11612] batman_adv: batadv0: Interface activated: batadv_slave_0
[  511.728199][T11612] batman_adv: batadv0: Interface activated: batadv_slave_1
[  511.736176][   T10] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  511.798317][ T8309] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  511.825420][ T8309] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  511.843625][T11739] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.1361'.
[  511.872669][ T8309] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  511.906257][T11408] Bluetooth: hci6: command tx timeout
[  511.934512][   T10] usb 2-1: USB disconnect, device number 34
[  511.984486][ T8314] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  512.186635][   T10] usb 3-1: USB disconnect, device number 50
[  512.217239][ T2117] usb 3-1: Failed to submit usb control message: -71
[  512.653807][ T8314] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  512.672503][ T8314] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  512.694126][ T8314] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  512.703133][   T95] block nbd0: Possible stuck request ffff888026d65080: control (read@0,1024B). Runtime 30 seconds
[  512.714044][ T8314] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  512.716147][   T95] block nbd0: Possible stuck request ffff888026d65240: control (read@1024,1024B). Runtime 30 seconds
[  512.734420][   T95] block nbd0: Possible stuck request ffff888026d65400: control (read@2048,1024B). Runtime 30 seconds
[  512.750603][   T95] block nbd0: Possible stuck request ffff888026d655c0: control (read@3072,1024B). Runtime 30 seconds
[  512.762159][ T2117] usb 3-1: unable to send the bmi data to the device: -71
[  512.769377][ T2117] usb 3-1: unable to get target info from device
[  512.775772][ T2117] usb 3-1: could not get target info (-71)
[  512.781614][ T2117] usb 3-1: could not probe fw (-71)
[  513.239776][   T92] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  513.297502][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  513.435652][T11722] syz.4.1358 (11722): drop_caches: 2
[  513.470164][   T92] usb 2-1: Using ep0 maxpacket: 8
[  513.476848][   T92] usb 2-1: config 0 has an invalid interface number: 168 but max is 0
[  513.994770][   T92] usb 2-1: config 0 has no interface number 0
[  514.036854][   T92] usb 2-1: config 0 interface 168 has no altsetting 0
[  514.103290][   T92] usb 2-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  514.141656][   T92] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.639721][   T92] usb 2-1: config 0 descriptor??
[  514.669525][   T24] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  514.798713][T11771] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  514.805337][T11771] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  514.814282][T11771] vhci_hcd vhci_hcd.0: Device attached
[  514.837586][T11772] vhci_hcd: connection closed
[  514.839776][ T8324] vhci_hcd: stop threads
[  514.850319][ T8324] vhci_hcd: release socket
[  514.854414][   T24] usb 3-1: Using ep0 maxpacket: 8
[  514.855292][ T8324] vhci_hcd: disconnect device
[  514.871113][ T5851] usb 2-1: USB disconnect, device number 35
[  514.882521][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  514.902618][   T24] usb 3-1: config 0 has an invalid interface number: 88 but max is 0
[  514.911012][   T24] usb 3-1: config 0 has no interface number 0
[  514.919213][   T24] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  514.932289][   T24] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0
[  514.944051][   T24] usb 3-1: config 0 interface 88 has no altsetting 0
[  514.960789][   T24] usb 3-1: string descriptor 0 read error: -22
[  514.969764][   T24] usb 3-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  514.979821][   T24] usb 3-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  515.026127][   T24] usb 3-1: config 0 descriptor??
[  515.045520][   T24] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.88/input/input16
[  515.112931][ T8779] udevd[8779]: Error opening device "/dev/input/event4": No such file or directory
[  515.124484][ T8779] udevd[8779]: Unable to EVIOCGABS device "/dev/input/event4"
[  515.147905][ T8779] udevd[8779]: Unable to EVIOCGABS device "/dev/input/event4"
[  515.545278][ T5881] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  515.611975][ T5958] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  515.716560][ T5881] usb 6-1: Using ep0 maxpacket: 32
[  516.204442][ T5881] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  516.230449][ T5881] usb 6-1: config 0 has no interface number 0
[  516.249067][ T5881] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  516.261918][ T5881] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  516.270547][ T5881] usb 6-1: Product: syz
[  516.274749][ T5881] usb 6-1: Manufacturer: syz
[  516.279817][ T5958] usb 5-1: Using ep0 maxpacket: 32
[  516.285046][ T5881] usb 6-1: SerialNumber: syz
[  516.286350][   T24] usb 3-1: USB disconnect, device number 51
[  516.296544][ T5958] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  516.381052][ T5958] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  516.398884][ T5881] usb 6-1: config 0 descriptor??
[  516.406308][ T8779] udevd[8779]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  516.563767][ T5881] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  516.578623][ T5958] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  516.657081][ T5958] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  516.695129][ T5958] usb 5-1: config 0 descriptor??
[  516.712525][ T5958] hub 5-1:0.0: bad descriptor, ignoring hub
[  516.726045][ T5958] hub 5-1:0.0: probe with driver hub failed with error -5
[  516.747630][ T5958] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  516.763266][ T5881] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  516.824465][ T5881] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  516.951619][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short
[  517.154192][T11776] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode active-backup(1)
[  517.483033][   T30] audit: type=1400 audit(1758281455.061:849): avc:  denied  { bind } for  pid=11800 comm="syz.6.1376" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  517.749258][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  517.759500][   T30] audit: type=1400 audit(1758281455.061:850): avc:  denied  { node_bind } for  pid=11800 comm="syz.6.1376" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  518.669545][   T24] usb 5-1: USB disconnect, device number 37
[  518.985709][    C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  518.986182][   T24] usb 6-1: USB disconnect, device number 2
[  519.018944][   T24] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  519.034804][ T5881] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[  519.075317][   T24] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  519.092332][ T8779] udevd[8779]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  519.264585][   T24] quatech2 6-1:0.51: device disconnected
[  519.700937][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  519.741280][T11832] mkiss: ax0: crc mode is auto.
[  519.785509][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 10
[  519.961591][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 255, setting to 64
[  520.379221][ T5881] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  520.406082][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  520.460176][   T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  520.482629][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  520.695412][ T5881] usb 2-1: config 0 descriptor??
[  520.812611][   T24] usb 6-1: Using ep0 maxpacket: 8
[  521.022834][   T24] usb 6-1: unable to get BOS descriptor or descriptor too short
[  521.031416][   T24] usb 6-1: config 0 has an invalid interface number: 88 but max is 0
[  521.039569][   T24] usb 6-1: config 0 has no interface number 0
[  521.054551][   T24] usb 6-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  521.110151][   T24] usb 6-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0
[  521.205088][   T24] usb 6-1: config 0 interface 88 has no altsetting 0
[  521.259745][   T24] usb 6-1: string descriptor 0 read error: -22
[  521.281223][T11854] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1387'.
[  521.311209][ T5881] usb 2-1: can't set config #0, error -71
[  521.322460][ T5881] usb 2-1: USB disconnect, device number 36
[  521.329252][   T24] usb 6-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  521.349677][   T24] usb 6-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  521.404271][   T24] usb 6-1: config 0 descriptor??
[  521.456608][   T24] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.88/input/input17
[  521.600374][ T8779] udevd[8779]: Error opening device "/dev/input/event4": No such file or directory
[  521.630015][ T8779] udevd[8779]: Unable to EVIOCGABS device "/dev/input/event4"
[  521.663936][ T8779] udevd[8779]: Unable to EVIOCGABS device "/dev/input/event4"
[  521.686398][ T8779] udevd[8779]: Assertion 'close_nointr(fd) != -EBADF' failed at util.c:228, function safe_close(). Aborting.
[  521.749368][ T5218] udevd[5218]: worker [8779] terminated by signal 6 (Aborted)
[  521.764016][ T5218] udevd[5218]: worker [8779] failed while handling '/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.88/input/input17/event4'
[  523.072259][ T5881] usb 6-1: USB disconnect, device number 3
[  523.781526][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  523.896981][T11882] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1395'.
[  524.106855][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  525.832303][T11903] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1400'.
[  525.898855][T11905] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1399'.
[  526.205802][   T30] audit: type=1400 audit(1758281464.057:851): avc:  denied  { getopt } for  pid=11902 comm="syz.5.1400" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  526.578558][T11903] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1400'.
[  527.150521][T11926] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1404'.
[  527.181107][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  529.134666][T11948] netlink: 136 bytes leftover after parsing attributes in process `syz.5.1411'.
[  529.143855][T11948] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  529.261366][T11951] FAULT_INJECTION: forcing a failure.
[  529.261366][T11951] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  529.309113][T11951] CPU: 0 UID: 0 PID: 11951 Comm: syz.5.1413 Not tainted syzkaller #0 PREEMPT(full) 
[  529.309142][T11951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  529.309152][T11951] Call Trace:
[  529.309158][T11951]  <TASK>
[  529.309165][T11951]  dump_stack_lvl+0x16c/0x1f0
[  529.309193][T11951]  should_fail_ex+0x512/0x640
[  529.309220][T11951]  _copy_from_user+0x2e/0xd0
[  529.309245][T11951]  input_event_from_user+0x133/0x3b0
[  529.309264][T11951]  ? __pfx_input_event_from_user+0x10/0x10
[  529.309281][T11951]  ? __pfx___might_resched+0x10/0x10
[  529.309302][T11951]  ? input_inject_event+0x1c0/0x3b0
[  529.309323][T11951]  evdev_write+0x37b/0x750
[  529.309344][T11951]  ? __pfx_evdev_write+0x10/0x10
[  529.309361][T11951]  ? bpf_lsm_file_permission+0x9/0x10
[  529.309382][T11951]  ? security_file_permission+0x71/0x210
[  529.309410][T11951]  ? rw_verify_area+0xcf/0x6c0
[  529.309438][T11951]  ? __pfx_evdev_write+0x10/0x10
[  529.309454][T11951]  vfs_write+0x2a0/0x11d0
[  529.309478][T11951]  ? __pfx_vfs_write+0x10/0x10
[  529.309493][T11951]  ? find_held_lock+0x2b/0x80
[  529.309514][T11951]  ? __fget_files+0x204/0x3c0
[  529.309537][T11951]  ? __fget_files+0x20e/0x3c0
[  529.309563][T11951]  ksys_write+0x1f8/0x250
[  529.309581][T11951]  ? __pfx_ksys_write+0x10/0x10
[  529.309607][T11951]  do_syscall_64+0xcd/0x4e0
[  529.309632][T11951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.309649][T11951] RIP: 0033:0x7f582cb8eba9
[  529.309663][T11951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  529.309679][T11951] RSP: 002b:00007f582daff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  529.309696][T11951] RAX: ffffffffffffffda RBX: 00007f582cdd5fa0 RCX: 00007f582cb8eba9
[  529.309707][T11951] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000004
[  529.309717][T11951] RBP: 00007f582daff090 R08: 0000000000000000 R09: 0000000000000000
[  529.309727][T11951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  529.309736][T11951] R13: 00007f582cdd6038 R14: 00007f582cdd5fa0 R15: 00007ffdeea49458
[  529.309761][T11951]  </TASK>
[  529.517785][    C0] vkms_vblank_simulate: vblank timer overrun
[  529.573973][ T5845] udevd[5845]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  530.315480][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  530.465435][T11972] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  531.006797][ T5881] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  531.224198][ T5881] usb 6-1: Using ep0 maxpacket: 32
[  531.298801][ T5881] usb 6-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  531.737811][ T5881] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  531.910374][ T5881] usb 6-1: config 0 descriptor??
[  532.035023][ T5881] as10x_usb: device has been detected
[  532.040966][ T5881] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  532.077592][ T5881] usb 6-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  532.087117][ T6062] udevd[6062]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  532.157319][T11991] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  532.510781][ T5881] as10x_usb: error during firmware upload part1
[  532.517498][ T5881] Registered device nBox DVB-T Dongle
[  532.610544][   T24] usb 6-1: USB disconnect, device number 4
[  532.814272][   T24] Unregistered device nBox DVB-T Dongle
[  532.827656][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  532.917496][T12006] openvswitch: netlink: IP tunnel dst address not specified
[  532.927533][   T30] audit: type=1400 audit(1758281471.196:852): avc:  denied  { create } for  pid=11997 comm="syz.4.1425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  532.974677][   T24] as10x_usb: device has been disconnected
[  533.440427][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  533.711629][   T92] usb 2-1: new full-speed USB device number 37 using dummy_hcd
[  533.786647][   T24] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  533.946272][   T92] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  534.014237][   T92] usb 2-1: config 0 has no interface number 0
[  534.026885][T12025] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1431'.
[  534.036529][   T24] usb 6-1: Using ep0 maxpacket: 32
[  534.083499][   T24] usb 6-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  534.094795][   T92] usb 2-1: config 0 interface 12 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  534.116291][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.124795][   T92] usb 2-1: config 0 interface 12 has no altsetting 0
[  534.143618][   T92] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  534.160512][   T24] usb 6-1: config 0 descriptor??
[  534.168510][   T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  534.185489][   T24] as10x_usb: device has been detected
[  534.196067][   T92] usb 2-1: Product: syz
[  534.201779][   T24] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  534.213710][   T92] usb 2-1: Manufacturer: syz
[  534.232620][   T92] usb 2-1: SerialNumber: syz
[  534.263222][   T92] usb 2-1: config 0 descriptor??
[  534.274543][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  534.292449][T12013] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  534.310983][   T24] usb 6-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  534.338126][   T92] f81534 2-1:0.12: required endpoints missing
[  534.369782][   T24] as10x_usb: error during firmware upload part1
[  534.404156][   T24] Registered device nBox DVB-T Dongle
[  534.414979][   T24] usb 6-1: USB disconnect, device number 5
[  534.612836][   T24] Unregistered device nBox DVB-T Dongle
[  534.616296][   T24] as10x_usb: device has been disconnected
[  534.673914][T12038] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  534.723453][T12039] vlan2: entered allmulticast mode
[  535.374360][T12010] udevd[12010]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  536.507517][   T92] usb 2-1: USB disconnect, device number 37
[  537.514729][T12070] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1444'.
[  537.539147][T12070] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1444'.
[  538.996133][T12073] FAULT_INJECTION: forcing a failure.
[  538.996133][T12073] name failslab, interval 1, probability 0, space 0, times 0
[  539.054227][T12073] CPU: 0 UID: 0 PID: 12073 Comm: syz.6.1445 Not tainted syzkaller #0 PREEMPT(full) 
[  539.054245][T12073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  539.054251][T12073] Call Trace:
[  539.054256][T12073]  <TASK>
[  539.054260][T12073]  dump_stack_lvl+0x16c/0x1f0
[  539.054279][T12073]  should_fail_ex+0x512/0x640
[  539.054295][T12073]  ? fs_reclaim_acquire+0xae/0x150
[  539.054311][T12073]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  539.054329][T12073]  should_failslab+0xc2/0x120
[  539.054342][T12073]  __kmalloc_noprof+0xd2/0x510
[  539.054357][T12073]  tomoyo_realpath_from_path+0xc2/0x6e0
[  539.054375][T12073]  ? tomoyo_profile+0x47/0x60
[  539.054387][T12073]  tomoyo_path_number_perm+0x245/0x580
[  539.054408][T12073]  ? tomoyo_path_number_perm+0x237/0x580
[  539.054430][T12073]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  539.054446][T12073]  ? find_held_lock+0x2b/0x80
[  539.054472][T12073]  ? find_held_lock+0x2b/0x80
[  539.054485][T12073]  ? hook_file_ioctl_common+0x145/0x410
[  539.054499][T12073]  ? __fget_files+0x20e/0x3c0
[  539.054514][T12073]  security_file_ioctl+0x9b/0x240
[  539.054531][T12073]  __x64_sys_ioctl+0xb7/0x210
[  539.054550][T12073]  do_syscall_64+0xcd/0x4e0
[  539.054566][T12073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.054578][T12073] RIP: 0033:0x7fee4b58eba9
[  539.054587][T12073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  539.054598][T12073] RSP: 002b:00007fee4c436038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  539.054609][T12073] RAX: ffffffffffffffda RBX: 00007fee4b7d5fa0 RCX: 00007fee4b58eba9
[  539.054616][T12073] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  539.054622][T12073] RBP: 00007fee4c436090 R08: 0000000000000000 R09: 0000000000000000
[  539.054629][T12073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  539.054635][T12073] R13: 00007fee4b7d6038 R14: 00007fee4b7d5fa0 R15: 00007ffe5c7ba8a8
[  539.054649][T12073]  </TASK>
[  539.582082][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  539.627433][T12073] ERROR: Out of memory at tomoyo_realpath_from_path.
[  539.962102][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  540.216610][ T5915] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  540.597719][ T5915] usb 3-1: Using ep0 maxpacket: 8
[  540.639923][ T5915] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  540.650785][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.678666][ T5915] usb 3-1: Product: syz
[  540.686248][ T5915] usb 3-1: Manufacturer: syz
[  540.723399][ T5915] usb 3-1: SerialNumber: syz
[  540.741400][ T5915] usb 3-1: config 0 descriptor??
[  540.762282][ T5915] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  540.880562][T12102] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  541.515046][   T95] block nbd0: Possible stuck request ffff888026d65080: control (read@0,1024B). Runtime 60 seconds
[  541.525865][   T95] block nbd0: Possible stuck request ffff888026d65240: control (read@1024,1024B). Runtime 60 seconds
[  541.622121][    T9] libceph: connect (1)[b::]:6789 error -101
[  541.628371][    T9] libceph: mon0 (1)[b::]:6789 connect error
[  541.634336][T12111] ceph: No mds server is up or the cluster is laggy
[  541.641369][   T95] block nbd0: Possible stuck request ffff888026d65400: control (read@2048,1024B). Runtime 60 seconds
[  541.652398][   T95] block nbd0: Possible stuck request ffff888026d655c0: control (read@3072,1024B). Runtime 60 seconds
[  542.219217][ T5915] gspca_sonixj: reg_w1 err -110
[  542.341016][ T5915] sonixj 3-1:0.0: probe with driver sonixj failed with error -110
[  543.265255][ T5915] usb 3-1: USB disconnect, device number 52
[  543.277758][ T5845] udevd[5845]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  543.349711][T12136] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12136 comm=syz.2.1460
[  543.381093][   T30] audit: type=1400 audit(1758281482.219:853): avc:  denied  { watch_mount } for  pid=12135 comm="syz.2.1460" path="/307" dev="tmpfs" ino=1654 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  543.579347][T12139] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1458'.
[  543.588483][T12139] bridge_slave_1: left allmulticast mode
[  543.594184][T12139] bridge_slave_1: left promiscuous mode
[  543.600251][T12139] bridge0: port 2(bridge_slave_1) entered disabled state
[  543.663879][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/71.tmp-b7:2' failed: Read-only file system
[  544.010526][T12139] bridge_slave_0: left promiscuous mode
[  544.050325][T12139] bridge0: port 1(bridge_slave_0) entered disabled state
[  545.055868][T12165] can: request_module (can-proto-4) failed.
[  545.741215][   T24] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  545.884391][   T24] usb 5-1: Using ep0 maxpacket: 16
[  545.926577][   T24] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  546.073677][ T5881] libceph: connect (1)[c::]:6789 error -101
[  546.212731][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  546.219059][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  546.229432][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  546.229588][ T5881] libceph: mon0 (1)[c::]:6789 connect error
[  546.268946][T12187] ceph: No mds server is up or the cluster is laggy
[  546.296065][   T24] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  546.392600][ T5881] libceph: connect (1)[b::]:6789 error -101
[  546.405180][ T5881] libceph: mon0 (1)[b::]:6789 connect error
[  546.434835][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  546.443090][   T24] usb 5-1: Product: syz
[  546.447454][   T24] usb 5-1: Manufacturer: syz
[  546.452196][   T24] usb 5-1: SerialNumber: syz
[  546.483016][T12189] ceph: No mds server is up or the cluster is laggy
[  546.487056][   T24] usb 5-1: config 0 descriptor??
[  546.501854][   T24] em28xx 5-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[  546.739787][T12197] netlink: 'syz.6.1472': attribute type 3 has an invalid length.
[  547.086790][T12212] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1476'.
[  547.821244][T12223] vlan2: entered allmulticast mode
[  548.644151][   T24] usb 5-1: USB disconnect, device number 38
[  550.299681][T12246] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1485'.
[  550.329733][T12249] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1487'.
[  550.803909][   T30] audit: type=1400 audit(1758281490.019:854): avc:  denied  { create } for  pid=12250 comm="syz.1.1489" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  550.971339][T12262] vlan2: entered allmulticast mode
[  551.161218][ T5851] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  551.341340][T12272] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1494'.
[  551.624484][ T5851] usb 6-1: Using ep0 maxpacket: 32
[  551.843672][ T5851] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  551.869956][ T5851] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  551.898319][ T5851] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  551.929496][ T5851] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.183381][ T5851] usb 6-1: config 0 descriptor??
[  552.727323][   T30] audit: type=1400 audit(1758281492.066:855): avc:  denied  { map } for  pid=12276 comm="syz.6.1495" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  552.766247][   T30] audit: type=1400 audit(1758281492.066:856): avc:  denied  { execute } for  pid=12276 comm="syz.6.1495" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  552.799614][ T5851] kone 0003:1E7D:2CED.000B: unknown main item tag 0x0
[  552.807771][ T5851] kone 0003:1E7D:2CED.000B: unknown main item tag 0x0
[  552.817848][ T5851] kone 0003:1E7D:2CED.000B: unknown main item tag 0x0
[  552.832181][ T5851] kone 0003:1E7D:2CED.000B: unknown main item tag 0x0
[  552.879893][ T5851] kone 0003:1E7D:2CED.000B: unknown main item tag 0x0
[  552.990437][ T5915] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  553.370604][ T5851] kone 0003:1E7D:2CED.000B: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.5-1/input0
[  553.386031][ T5851] kone 0003:1E7D:2CED.000B: couldn't init struct kone_device
[  553.393831][ T5851] kone 0003:1E7D:2CED.000B: couldn't install mouse
[  553.433766][ T5851] kone 0003:1E7D:2CED.000B: probe with driver kone failed with error -5
[  553.473896][ T5851] usb 6-1: USB disconnect, device number 6
[  553.625496][ T5915] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  553.636548][ T5915] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  553.656000][ T5915] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  553.687148][T12284] ceph: No mds server is up or the cluster is laggy
[  553.702254][    T9] libceph: connect (1)[c::]:6789 error -101
[  553.722938][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  553.731056][ T5915] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  553.821993][ T5915] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  553.862221][ T5851] libceph: connect (1)[b::]:6789 error -101
[  553.870152][ T5851] libceph: mon0 (1)[b::]:6789 connect error
[  553.872858][T12288] fido_id[12288]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  553.880792][T12286] ceph: No mds server is up or the cluster is laggy
[  553.894806][ T5915] usb 7-1: config 0 descriptor??
[  553.994521][T12297] overlayfs: failed to resolve './file1': -2
[  554.001543][ T5881] libceph: connect (1)[c::]:6789 error -101
[  554.007607][ T5881] libceph: mon0 (1)[c::]:6789 connect error
[  554.462610][T12302] netlink: 3 bytes leftover after parsing attributes in process `syz.6.1495'.
[  554.477156][   T30] audit: type=1400 audit(1758281493.903:857): avc:  denied  { map } for  pid=12276 comm="syz.6.1495" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  556.196580][T12314] vlan2: entered allmulticast mode
[  556.206311][T12315] ceph: No mds server is up or the cluster is laggy
[  556.213792][ T5958] libceph: connect (1)[b::]:6789 error -101
[  556.223638][ T5958] libceph: mon0 (1)[b::]:6789 connect error
[  556.297277][ T5915] usbhid 7-1:0.0: can't add hid device: -71
[  556.320246][ T5915] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  556.389674][ T5915] usb 7-1: USB disconnect, device number 2
[  557.048307][T12323] bridge_slave_0: entered promiscuous mode
[  558.476545][ T5846] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  558.488416][ T5846] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  558.516116][ T5958] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  558.535409][ T5846] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  558.561628][ T5846] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  558.578781][ T5846] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  558.896358][ T5958] usb 6-1: Using ep0 maxpacket: 32
[  558.932216][ T5958] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  558.944534][ T5958] usb 6-1: config 0 has no interface number 0
[  558.954293][ T5958] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  558.964660][ T5958] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.973245][ T5958] usb 6-1: Product: syz
[  558.978490][ T5958] usb 6-1: Manufacturer: syz
[  558.983581][ T5958] usb 6-1: SerialNumber: syz
[  558.998288][ T5958] usb 6-1: config 0 descriptor??
[  559.006644][ T5958] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  559.241246][ T5958] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  559.372775][ T5958] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  559.416762][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 7
[  559.474126][T12345] chnl_net:caif_netlink_parms(): no params data found
[  559.901678][T12345] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.909646][T12345] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.919963][T12345] bridge_slave_0: entered allmulticast mode
[  559.965153][T12345] bridge_slave_0: entered promiscuous mode
[  559.980900][T12343] loop2: detected capacity change from 0 to 7
[  560.118505][T12345] bridge0: port 2(bridge_slave_1) entered blocking state
[  560.129454][T12345] bridge0: port 2(bridge_slave_1) entered disabled state
[  560.139898][T12345] bridge_slave_1: entered allmulticast mode
[  560.149301][T12345] bridge_slave_1: entered promiscuous mode
[  560.155502][T12343] Dev loop2: unable to read RDB block 7
[  560.182088][T12343]  loop2: unable to read partition table
[  560.300956][T12343] loop2: partition table beyond EOD, truncated
[  560.321100][T12367] vlan2: entered allmulticast mode
[  560.394908][   T30] audit: type=1400 audit(1758281500.108:858): avc:  denied  { mount } for  pid=12365 comm="syz.6.1515" name="/" dev="bdev" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bdev_t tclass=filesystem permissive=1
[  560.779876][T12343] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  560.862030][ T5846] Bluetooth: hci7: command tx timeout
[  560.955011][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  560.997946][T12345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  561.064103][T12345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  561.066792][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  561.119708][    C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  561.120026][ T5851] usb 6-1: USB disconnect, device number 7
[  561.433832][ T5851] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  561.462260][ T6037] udevd[6037]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  561.463632][ T5851] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  561.480941][T12345] team0: Port device team_slave_0 added
[  561.513829][ T5851] quatech2 6-1:0.51: device disconnected
[  561.659545][T12345] team0: Port device team_slave_1 added
[  562.264817][T12345] batman_adv: batadv0: Adding interface: batadv_slave_0
[  562.273581][T12345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  562.300573][T12345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  562.320622][T12345] batman_adv: batadv0: Adding interface: batadv_slave_1
[  562.799855][T12345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  562.846606][ T5846] Bluetooth: hci7: command tx timeout
[  562.889422][T12345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  562.959415][T12345] hsr_slave_0: entered promiscuous mode
[  562.967013][T12345] hsr_slave_1: entered promiscuous mode
[  562.974026][T12345] debugfs: 'hsr0' already exists in 'hsr'
[  562.979867][T12345] Cannot create hsr debugfs directory
[  563.021091][   T30] audit: type=1326 audit(1758281502.869:859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12391 comm="syz.5.1524" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f582cb8eba9 code=0x0
[  563.203088][T12396] tmpfs: Bad value for 'nr_blocks'
[  563.450000][ T5915] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  563.495279][T12345] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  563.518628][T12345] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  563.559622][T12345] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  563.629991][T12345] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  563.683732][ T5915] usb 7-1: config 0 has an invalid interface number: 120 but max is 0
[  563.693918][ T5915] usb 7-1: config 0 has no interface number 0
[  563.711682][ T5915] usb 7-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  563.808077][ T5915] usb 7-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 52, changing to 9
[  563.860633][ T5915] usb 7-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid maxpacket 8241, setting to 1024
[  563.900745][ T5915] usb 7-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  563.942191][ T5915] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.966493][ T5915] usb 7-1: config 0 descriptor??
[  563.985432][ T5915] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.120/input/input18
[  564.133964][T12345] 8021q: adding VLAN 0 to HW filter on device bond0
[  564.909879][T12417] vlan2: entered allmulticast mode
[  564.934094][ T5846] Bluetooth: hci7: command tx timeout
[  564.960306][T12345] 8021q: adding VLAN 0 to HW filter on device team0
[  565.134745][   T30] audit: type=1400 audit(1758281505.084:860): avc:  denied  { append } for  pid=12388 comm="syz.6.1523" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  565.358693][ T8314] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.365822][ T8314] bridge0: port 1(bridge_slave_0) entered forwarding state
[  565.394977][ T8314] bridge0: port 2(bridge_slave_1) entered blocking state
[  565.395740][T12421] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1528'.
[  565.402178][ T8314] bridge0: port 2(bridge_slave_1) entered forwarding state
[  566.020544][T12430] openvswitch: netlink: VXLAN extension 59 out of range max 1
[  566.758043][ T5851] usb 7-1: USB disconnect, device number 3
[  566.921843][ T5846] Bluetooth: hci7: command tx timeout
[  567.724406][ T5881] libceph: connect (1)[c::]:6789 error -101
[  567.779757][ T5881] libceph: mon0 (1)[c::]:6789 connect error
[  567.811705][   T24] libceph: connect (1)[b::]:6789 error -101
[  567.848054][T12345] 8021q: adding VLAN 0 to HW filter on device batadv0
[  567.859746][   T24] libceph: mon0 (1)[b::]:6789 connect error
[  567.938889][T12448] ceph: No mds server is up or the cluster is laggy
[  567.968137][T12453] ceph: No mds server is up or the cluster is laggy
[  568.648370][T12469] vlan2: entered allmulticast mode
[  569.036670][T12345] veth0_vlan: entered promiscuous mode
[  569.074093][T12345] veth1_vlan: entered promiscuous mode
[  569.135539][T12345] veth0_macvtap: entered promiscuous mode
[  569.423268][ T5851] libceph: connect (1)[c::]:6789 error -101
[  569.430415][T12345] veth1_macvtap: entered promiscuous mode
[  569.446740][T12345] batman_adv: batadv0: Interface activated: batadv_slave_0
[  569.454096][ T5851] libceph: mon0 (1)[c::]:6789 connect error
[  569.463997][T12345] batman_adv: batadv0: Interface activated: batadv_slave_1
[  569.619548][ T5915] libceph: connect (1)[b::]:6789 error -101
[  569.710475][   T92] libceph: connect (1)[c::]:6789 error -101
[  569.880057][ T5915] libceph: mon0 (1)[b::]:6789 connect error
[  569.887428][ T8328] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  569.896353][   T92] libceph: mon0 (1)[c::]:6789 connect error
[  569.948785][T12481] ceph: No mds server is up or the cluster is laggy
[  569.987358][ T8328] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  570.134578][ T5915] libceph: connect (1)[b::]:6789 error -101
[  570.140830][ T5915] libceph: mon0 (1)[b::]:6789 connect error
[  570.156918][T12484] ceph: No mds server is up or the cluster is laggy
[  570.185360][ T8328] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  570.302343][T12496] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1542'.
[  570.320079][ T8328] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  570.386565][T12496] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1542'.
[  570.521619][ T6411] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  570.536777][ T6411] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  570.596172][ T8328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  570.645047][ T8328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  570.970646][   T95] block nbd0: Possible stuck request ffff888026d65080: control (read@0,1024B). Runtime 90 seconds
[  570.982236][   T95] block nbd0: Possible stuck request ffff888026d65240: control (read@1024,1024B). Runtime 90 seconds
[  570.993518][   T95] block nbd0: Possible stuck request ffff888026d65400: control (read@2048,1024B). Runtime 90 seconds
[  571.004584][   T95] block nbd0: Possible stuck request ffff888026d655c0: control (read@3072,1024B). Runtime 90 seconds
[  571.169176][T12501] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1541'.
[  571.240222][T12501] veth0_to_team: entered promiscuous mode
[  571.247214][T12501] macvlan2: entered allmulticast mode
[  571.252821][T12501] veth0_to_team: entered allmulticast mode
[  573.247793][ T5851] libceph: connect (1)[b::]:6789 error -101
[  573.448714][T12540] ceph: No mds server is up or the cluster is laggy
[  573.456001][T12543] ceph: No mds server is up or the cluster is laggy
[  573.464965][ T5851] libceph: mon0 (1)[b::]:6789 connect error
[  573.471491][   T92] libceph: connect (1)[c::]:6789 error -101
[  573.483405][   T92] libceph: mon0 (1)[c::]:6789 connect error
[  573.529183][ T5851] libceph: connect (1)[c::]:6789 error -101
[  573.535451][ T5851] libceph: mon0 (1)[c::]:6789 connect error
[  573.594741][    T9] libceph: connect (1)[b::]:6789 error -101
[  573.721956][    T9] libceph: mon0 (1)[b::]:6789 connect error
[  573.737194][ T5851] libceph: connect (1)[c::]:6789 error -101
[  573.743459][ T5851] libceph: mon0 (1)[c::]:6789 connect error
[  573.794450][ T5851] libceph: connect (1)[c::]:6789 error -101
[  574.051763][ T5915] libceph: connect (1)[b::]:6789 error -101
[  574.057765][ T5915] libceph: mon0 (1)[b::]:6789 connect error
[  574.103703][T12555] ceph: No mds server is up or the cluster is laggy
[  574.111413][ T5851] libceph: mon0 (1)[c::]:6789 connect error
[  574.173717][T12556] ceph: No mds server is up or the cluster is laggy
[  576.205476][T12586] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1557'.
[  576.723632][T12586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1557'.
[  576.732702][T12586] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1557'.
[  578.585803][ T5915] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  579.222852][ T5915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  579.252301][ T5915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  579.294200][ T5915] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  579.334543][ T5915] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  579.360177][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  579.391147][ T5915] usb 5-1: config 0 descriptor??
[  579.398448][T12620] netlink: 140 bytes leftover after parsing attributes in process `syz.5.1569'.
[  579.485404][   T30] audit: type=1400 audit(1758281520.159:861): avc:  denied  { append } for  pid=12610 comm="syz.1.1567" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  579.776399][   T30] audit: type=1400 audit(1758281520.264:862): avc:  denied  { mount } for  pid=12610 comm="syz.1.1567" name="/" dev="rpc_pipefs" ino=37385 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  580.362122][T12629] netlink: 220 bytes leftover after parsing attributes in process `syz.1.1570'.
[  581.029541][   T30] audit: type=1400 audit(1758281521.775:863): avc:  denied  { connect } for  pid=12635 comm="syz.7.1572" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  581.466625][T12641] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1573'.
[  581.523271][ T5915] usbhid 5-1:0.0: can't add hid device: -71
[  581.554053][ T5915] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  581.602749][ T5915] usb 5-1: USB disconnect, device number 39
[  581.622145][T12646] libceph: resolve '½@½Ée2²âOAq§¨­cz' (ret=-3): failed
[  581.665221][    T9] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  581.814705][    T9] usb 8-1: Using ep0 maxpacket: 16
[  582.112260][    T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  582.577699][    T9] usb 8-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55
[  582.606941][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  582.624404][    T9] usb 8-1: Product: syz
[  582.633931][    T9] usb 8-1: Manufacturer: syz
[  582.638886][    T9] usb 8-1: SerialNumber: syz
[  582.653145][    T9] usb 8-1: config 0 descriptor??
[  582.988053][    T9] usb 8-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  582.990514][   T36] usb 8-1: Failed to submit usb control message: -71
[  583.012536][   T36] usb 8-1: unable to send the bmi data to the device: -71
[  583.013474][    T9] usb 8-1: USB disconnect, device number 2
[  583.089738][T12672] netlink: 'syz.1.1580': attribute type 1 has an invalid length.
[  583.451323][   T36] usb 8-1: unable to get target info from device
[  583.458662][   T36] usb 8-1: could not get target info (-71)
[  583.617247][   T36] usb 8-1: could not probe fw (-71)
[  584.225560][   T92] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  584.359737][   T30] audit: type=1400 audit(1758281525.271:864): avc:  denied  { map } for  pid=12678 comm="syz.4.1584" path="socket:[38569]" dev="sockfs" ino=38569 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  584.415880][   T92] usb 2-1: Using ep0 maxpacket: 32
[  584.898566][   T30] audit: type=1400 audit(1758281525.481:865): avc:  denied  { accept } for  pid=12681 comm="syz.6.1585" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  584.902944][   T92] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  584.936338][   T92] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  584.946207][   T92] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  584.981288][   T92] usb 2-1: config 0 descriptor??
[  584.991471][   T92] hub 2-1:0.0: bad descriptor, ignoring hub
[  584.999694][   T92] hub 2-1:0.0: probe with driver hub failed with error -5
[  585.008113][   T92] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  585.706234][    T9] libceph: connect (1)[b::]:6789 error -101
[  585.712342][    T9] libceph: mon0 (1)[b::]:6789 connect error
[  585.732758][   T92] libceph: connect (1)[c::]:6789 error -101
[  585.747339][T12689] ceph: No mds server is up or the cluster is laggy
[  585.747488][T12688] ceph: No mds server is up or the cluster is laggy
[  585.767939][   T92] libceph: mon0 (1)[c::]:6789 connect error
[  586.340317][   T48] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  586.636616][   T48] usb 5-1: Using ep0 maxpacket: 32
[  586.750380][   T48] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  586.764778][   T48] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  586.778457][   T48] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  586.797291][   T48] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.864211][T12720] netlink: 'syz.7.1592': attribute type 1 has an invalid length.
[  587.259579][   T48] usb 5-1: config 0 descriptor??
[  587.749773][    T9] usb 2-1: USB disconnect, device number 38
[  587.781810][   T48] kone 0003:1E7D:2CED.000C: unknown main item tag 0x0
[  587.864860][   T48] kone 0003:1E7D:2CED.000C: unknown main item tag 0x0
[  587.893831][   T48] kone 0003:1E7D:2CED.000C: unknown main item tag 0x0
[  587.923875][   T48] kone 0003:1E7D:2CED.000C: unknown main item tag 0x0
[  587.968271][   T48] kone 0003:1E7D:2CED.000C: unknown main item tag 0x0
[  588.212802][   T48] kone 0003:1E7D:2CED.000C: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.4-1/input0
[  588.302042][   T48] kone 0003:1E7D:2CED.000C: couldn't init struct kone_device
[  588.330200][   T48] kone 0003:1E7D:2CED.000C: couldn't install mouse
[  588.360563][   T48] kone 0003:1E7D:2CED.000C: probe with driver kone failed with error -5
[  588.578224][T12740] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1596'.
[  588.777304][T12740] macvlan3: entered allmulticast mode
[  588.815498][ T5958] libceph: connect (1)[b::]:6789 error -101
[  588.822318][ T5958] libceph: mon0 (1)[b::]:6789 connect error
[  588.829944][T12730] ceph: No mds server is up or the cluster is laggy
[  588.940253][T12728] ceph: No mds server is up or the cluster is laggy
[  588.947766][ T5958] libceph: connect (1)[c::]:6789 error -101
[  588.955120][ T5958] libceph: mon0 (1)[c::]:6789 connect error
[  588.990055][   T48] usb 5-1: USB disconnect, device number 40
[  589.088117][ T5958] libceph: connect (1)[b::]:6789 error -101
[  589.169528][ T5958] libceph: mon0 (1)[b::]:6789 connect error
[  589.660750][T12754] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  589.676861][T12754] openvswitch: netlink: IP tunnel dst address not specified
[  592.892755][    T9] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  592.963006][T12779] netlink: 'syz.4.1607': attribute type 2 has an invalid length.
[  592.973080][T12779] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check.
[  593.549101][    T9] usb 6-1: config index 0 descriptor too short (expected 39, got 27)
[  593.559872][    T9] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  593.577220][    T9] usb 6-1: config 0 interface 0 has no altsetting 0
[  593.618301][    T9] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  593.628489][    T9] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  593.636980][    T9] usb 6-1: Product: syz
[  593.643748][    T9] usb 6-1: Manufacturer: syz
[  593.660978][    T9] usb 6-1: SerialNumber: syz
[  593.685304][    T9] usb 6-1: config 0 descriptor??
[  593.714493][    T9] hub 6-1:0.0: bad descriptor, ignoring hub
[  593.760452][    T9] hub 6-1:0.0: probe with driver hub failed with error -5
[  594.025972][T12789] netlink: 'syz.7.1609': attribute type 13 has an invalid length.
[  594.034950][    T9] usb 6-1: selecting invalid altsetting 0
[  594.045761][T12789] netlink: 940 bytes leftover after parsing attributes in process `syz.7.1609'.
[  594.581847][    T9] usb 6-1: reset high-speed USB device number 8 using dummy_hcd
[  594.631095][   T92] libceph: connect (1)[c::]:6789 error -101
[  594.659178][   T92] libceph: mon0 (1)[c::]:6789 connect error
[  594.676205][ T5851] libceph: connect (1)[b::]:6789 error -101
[  594.732050][ T5851] libceph: mon0 (1)[b::]:6789 connect error
[  594.732820][T12804] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1610'.
[  594.756972][T12797] ceph: No mds server is up or the cluster is laggy
[  594.770447][T12799] ceph: No mds server is up or the cluster is laggy
[  594.801036][T12804] bridge_slave_1: left allmulticast mode
[  594.808214][T12804] bridge_slave_1: left promiscuous mode
[  594.814008][T12804] bridge0: port 2(bridge_slave_1) entered disabled state
[  594.857616][T12804] bridge_slave_0: left allmulticast mode
[  594.867178][T12804] bridge_slave_0: left promiscuous mode
[  594.885969][T12804] bridge0: port 1(bridge_slave_0) entered disabled state
[  594.906668][T12801] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12801 comm=syz.6.1610
[  595.403765][    T9] usb 6-1: USB disconnect, device number 8
[  596.544940][T12825] vlan2: entered allmulticast mode
[  596.550151][T12825] bridge_slave_0: entered allmulticast mode
[  598.784261][T12841] block nbd4: shutting down sockets
[  599.814250][T12863] ªªªªªª: renamed from wg2 (while UP)
[  600.088170][   T95] block nbd0: Possible stuck request ffff888026d65080: control (read@0,1024B). Runtime 120 seconds
[  600.101448][   T95] block nbd0: Possible stuck request ffff888026d65240: control (read@1024,1024B). Runtime 120 seconds
[  600.113420][   T95] block nbd0: Possible stuck request ffff888026d65400: control (read@2048,1024B). Runtime 120 seconds
[  600.124827][   T95] block nbd0: Possible stuck request ffff888026d655c0: control (read@3072,1024B). Runtime 120 seconds
[  600.139706][T12865] openvswitch: netlink: Unknown key attributes 1
[  600.769221][T12873] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1627'.
[  600.821769][T12873] netlink: zone id is out of range
[  600.827361][T12873] netlink: del zone limit has 4 unknown bytes
[  603.996827][T12908] FAULT_INJECTION: forcing a failure.
[  603.996827][T12908] name failslab, interval 1, probability 0, space 0, times 0
[  604.010323][T12908] CPU: 1 UID: 0 PID: 12908 Comm: syz.4.1636 Not tainted syzkaller #0 PREEMPT(full) 
[  604.010346][T12908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  604.010356][T12908] Call Trace:
[  604.010362][T12908]  <TASK>
[  604.010369][T12908]  dump_stack_lvl+0x16c/0x1f0
[  604.010397][T12908]  should_fail_ex+0x512/0x640
[  604.010419][T12908]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  604.010448][T12908]  should_failslab+0xc2/0x120
[  604.010469][T12908]  __kmalloc_cache_noprof+0x6a/0x3e0
[  604.010496][T12908]  ? irqentry_exit+0x3b/0x90
[  604.010517][T12908]  ? shrinker_alloc+0xf5/0xbf0
[  604.010540][T12908]  shrinker_alloc+0xf5/0xbf0
[  604.010562][T12908]  ? pcpu_alloc_noprof+0xd7c/0x14c0
[  604.010583][T12908]  ? pcpu_memcg_post_alloc_hook+0x1e/0x690
[  604.010606][T12908]  ? __pfx_shrinker_alloc+0x10/0x10
[  604.010630][T12908]  ? lockdep_init_map_type+0x5c/0x280
[  604.010649][T12908]  ? __raw_spin_lock_init+0x3a/0x110
[  604.010673][T12908]  ? __init_rwsem+0x12d/0x1b0
[  604.010694][T12908]  alloc_super+0x7c8/0xbd0
[  604.010716][T12908]  ? __pfx_super_s_dev_test+0x10/0x10
[  604.010742][T12908]  sget_fc+0x116/0xc20
[  604.010760][T12908]  ? __pfx_super_s_dev_set+0x10/0x10
[  604.010787][T12908]  get_tree_bdev_flags+0x1ba/0x620
[  604.010805][T12908]  ? __pfx_exfat_fill_super+0x10/0x10
[  604.010829][T12908]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  604.010853][T12908]  ? bpf_lsm_capable+0x9/0x10
[  604.010877][T12908]  ? security_capable+0x7e/0x260
[  604.010900][T12908]  vfs_get_tree+0x8e/0x340
[  604.010925][T12908]  path_mount+0x1513/0x2000
[  604.010952][T12908]  ? __pfx_path_mount+0x10/0x10
[  604.010976][T12908]  ? kmem_cache_free+0x2d1/0x4d0
[  604.010992][T12908]  ? putname+0x154/0x1a0
[  604.011019][T12908]  ? putname+0x154/0x1a0
[  604.011045][T12908]  ? __x64_sys_mount+0x28d/0x310
[  604.011065][T12908]  __x64_sys_mount+0x28d/0x310
[  604.011088][T12908]  ? __pfx___x64_sys_mount+0x10/0x10
[  604.011118][T12908]  do_syscall_64+0xcd/0x4e0
[  604.011143][T12908]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  604.011160][T12908] RIP: 0033:0x7f029058eba9
[  604.011175][T12908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  604.011191][T12908] RSP: 002b:00007f0291384038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  604.011208][T12908] RAX: ffffffffffffffda RBX: 00007f02907d6180 RCX: 00007f029058eba9
[  604.011219][T12908] RDX: 0000200000000000 RSI: 00002000000001c0 RDI: 0000200000000080
[  604.011230][T12908] RBP: 00007f0291384090 R08: 0000000000000000 R09: 0000000000000000
[  604.011240][T12908] R10: 0000000000000401 R11: 0000000000000246 R12: 0000000000000002
[  604.011250][T12908] R13: 00007f02907d6218 R14: 00007f02907d6180 R15: 00007ffebf670458
[  604.011275][T12908]  </TASK>
[  604.286004][    C1] vkms_vblank_simulate: vblank timer overrun
[  604.585008][T12904] syzkaller0: entered promiscuous mode
[  604.721182][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  604.727859][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  605.012363][    T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  605.270971][    T9] usb 6-1: Using ep0 maxpacket: 8
[  605.285274][    T9] usb 6-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  605.299296][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  605.350339][    T9] usb 6-1: Product: syz
[  605.355690][    T9] usb 6-1: Manufacturer: syz
[  605.360470][    T9] usb 6-1: SerialNumber: syz
[  605.379188][    T9] usb 6-1: config 0 descriptor??
[  605.390216][    T9] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  605.819635][T12935] netlink: 'syz.7.1643': attribute type 1 has an invalid length.
[  606.410937][    T9] gspca_sonixj: reg_r err -32
[  606.416348][    T9] sonixj 6-1:0.0: probe with driver sonixj failed with error -32
[  607.650833][ T5851] usb 6-1: USB disconnect, device number 9
[  608.523489][   T30] audit: type=1400 audit(1758281550.634:866): avc:  denied  { append } for  pid=12954 comm="syz.6.1650" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  608.986381][T12967] netlink: 802 bytes leftover after parsing attributes in process `syz.4.1653'.
[  609.006369][T12965] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5137 sclass=netlink_route_socket pid=12965 comm=syz.4.1653
[  611.468293][T12997] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  612.596548][ T8324] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  612.596890][T13010] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1662'.
[  613.193039][ T5923] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  613.543012][ T5915] usb 2-1: new full-speed USB device number 39 using dummy_hcd
[  613.936685][ T5923] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  613.950236][ T5923] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  614.083181][ T5923] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  614.207125][   T30] audit: type=1400 audit(1758281556.566:867): avc:  denied  { read } for  pid=13027 comm="syz.5.1668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  614.567001][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  614.583094][ T5923] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  614.610430][ T5923] usb 7-1: Product: syz
[  614.623780][ T5923] usb 7-1: Manufacturer: syz
[  614.638054][ T5923] usb 7-1: SerialNumber: syz
[  614.678298][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 10
[  614.702268][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 255, setting to 64
[  614.777399][T13039] netlink: 'syz.4.1670': attribute type 4 has an invalid length.
[  614.792371][ T5851] usb 8-1: new full-speed USB device number 3 using dummy_hcd
[  614.910904][ T5915] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  615.033458][ T5851] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  615.043397][ T5851] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 10
[  615.055038][ T5851] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 255, setting to 64
[  615.057770][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  615.089826][ T5851] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  615.114087][ T5851] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  615.143159][ T5851] usb 8-1: config 0 descriptor??
[  615.162852][T13029] raw-gadget.3 gadget.7: fail, usb_ep_enable returned -22
[  615.208855][ T5915] usb 2-1: config 0 descriptor??
[  615.373882][T13018] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  615.482824][T13049] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  616.021531][ T5923] usb 7-1: 0:2 : does not exist
[  616.085763][ T5923] usb 7-1: 5:0: failed to get current value for ch 0 (-22)
[  616.221737][ T5851] ath6kl: Failed to submit usb control message: -110
[  616.229720][ T5851] ath6kl: unable to send the bmi data to the device: -110
[  616.288457][ T5851] ath6kl: Unable to send get target info: -110
[  616.317439][ T5923] usb 7-1: USB disconnect, device number 4
[  616.344121][T13054] netlink: 'syz.5.1675': attribute type 3 has an invalid length.
[  616.345839][ T5851] ath6kl: Failed to init ath6kl core: -110
[  616.389581][ T6037] udevd[6037]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  616.410456][ T5851] ath6kl_usb 8-1:0.0: probe with driver ath6kl_usb failed with error -110
[  616.831167][ T5915] ath6kl: Failed to submit usb control message: -110
[  616.844572][ T5915] ath6kl: unable to send the bmi data to the device: -110
[  616.866056][ T5915] ath6kl: Unable to send get target info: -110
[  616.880461][T13063] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1677'.
[  616.916273][ T5915] ath6kl: Failed to init ath6kl core: -110
[  616.976173][ T5915] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -110
[  617.116340][ T5923] usb 2-1: USB disconnect, device number 39
[  617.162124][T13067] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=13067 comm=syz.5.1677
[  617.441120][ T5915] usb 8-1: USB disconnect, device number 3
[  619.085487][T13094] vlan2: entered allmulticast mode
[  619.777446][T13105] FAULT_INJECTION: forcing a failure.
[  619.777446][T13105] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  619.791082][T13105] CPU: 0 UID: 0 PID: 13105 Comm: syz.4.1685 Not tainted syzkaller #0 PREEMPT(full) 
[  619.791106][T13105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  619.791117][T13105] Call Trace:
[  619.791123][T13105]  <TASK>
[  619.791130][T13105]  dump_stack_lvl+0x16c/0x1f0
[  619.791157][T13105]  should_fail_ex+0x512/0x640
[  619.791183][T13105]  strncpy_from_user+0x3b/0x2e0
[  619.791207][T13105]  getname_flags.part.0+0x8f/0x550
[  619.791237][T13105]  getname_flags+0x93/0xf0
[  619.791255][T13105]  io_unlinkat_prep+0x21d/0x320
[  619.791284][T13105]  io_submit_sqes+0x850/0x25c0
[  619.791319][T13105]  __do_sys_io_uring_enter+0xd6a/0x1630
[  619.791345][T13105]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  619.791364][T13105]  ? __pfx___schedule+0x10/0x10
[  619.791390][T13105]  ? ksys_write+0x1ac/0x250
[  619.791413][T13105]  ? __pfx_ksys_write+0x10/0x10
[  619.791439][T13105]  do_syscall_64+0xcd/0x4e0
[  619.791464][T13105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  619.791482][T13105] RIP: 0033:0x7f029058eba9
[  619.791497][T13105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  619.791513][T13105] RSP: 002b:00007f0291384038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  619.791531][T13105] RAX: ffffffffffffffda RBX: 00007f02907d6180 RCX: 00007f029058eba9
[  619.791543][T13105] RDX: 0000000000000483 RSI: 000000000000351e RDI: 0000000000000007
[  619.791553][T13105] RBP: 00007f0291384090 R08: 0000000000000000 R09: 0000000000000000
[  619.791564][T13105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  619.791573][T13105] R13: 00007f02907d6218 R14: 00007f02907d6180 R15: 00007ffebf670458
[  619.791598][T13105]  </TASK>
[  620.021372][ T5958] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  620.203540][ T5958] usb 7-1: Using ep0 maxpacket: 32
[  620.256162][T13109] Context (ID=0x0) not attached to queue pair (handle=0x1:0xfffffffa)
[  620.634937][ T5958] usb 7-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  620.650934][ T5958] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.665021][ T5958] usb 7-1: config 0 descriptor??
[  620.761474][ T5958] as10x_usb: device has been detected
[  620.790316][ T5958] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  621.151457][ T5958] usb 7-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  621.201828][ T5958] as10x_usb: error during firmware upload part1
[  621.220808][ T5958] Registered device nBox DVB-T Dongle
[  621.237688][ T5958] usb 7-1: USB disconnect, device number 5
[  621.352630][ T5958] Unregistered device nBox DVB-T Dongle
[  621.376496][ T5958] as10x_usb: device has been disconnected
[  621.410890][T13096] Bluetooth: hci6: command 0x0406 tx timeout
[  621.420005][ T5846] Bluetooth: hci5: command 0x0406 tx timeout
[  621.584229][   T92] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  621.879283][   T92] usb 8-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  622.026020][   T92] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  622.034985][   T92] usb 8-1: Product: syz
[  622.039171][   T92] usb 8-1: Manufacturer: syz
[  622.063843][   T92] usb 8-1: SerialNumber: syz
[  622.175023][ T5958] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  622.336906][T13133] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1696'.
[  622.874382][   T92] rtl8150 8-1:1.0: couldn't reset the device
[  622.884854][   T92] rtl8150 8-1:1.0: probe with driver rtl8150 failed with error -5
[  622.910852][ T5958] usb 7-1: device descriptor read/all, error -71
[  622.932828][   T92] usb 8-1: USB disconnect, device number 4
[  622.960305][T13139] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  623.331176][T13138] IPVS: stopping master sync thread 13139 ...
[  623.880010][T13156] vlan2: entered allmulticast mode
[  624.847590][ T5851] libceph: connect (1)[c::]:6789 error -101
[  624.968957][ T5851] libceph: mon0 (1)[c::]:6789 connect error
[  625.007792][T13158] ceph: No mds server is up or the cluster is laggy
[  626.339010][T13176] kAFS: unparsable volume name
[  626.343986][T13162] kAFS: unparsable volume name
[  627.650964][T13197] netlink: 'syz.6.1711': attribute type 1 has an invalid length.
[  628.552444][T13201] FAULT_INJECTION: forcing a failure.
[  628.552444][T13201] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  628.565774][T13201] CPU: 0 UID: 0 PID: 13201 Comm: syz.6.1712 Not tainted syzkaller #0 PREEMPT(full) 
[  628.565797][T13201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  628.565808][T13201] Call Trace:
[  628.565814][T13201]  <TASK>
[  628.565821][T13201]  dump_stack_lvl+0x16c/0x1f0
[  628.565849][T13201]  should_fail_ex+0x512/0x640
[  628.565875][T13201]  _copy_from_user+0x2e/0xd0
[  628.565903][T13201]  copy_msghdr_from_user+0x98/0x160
[  628.565926][T13201]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  628.565951][T13201]  ? __lock_acquire+0xb97/0x1ce0
[  628.565985][T13201]  ___sys_sendmsg+0xfe/0x1d0
[  628.566008][T13201]  ? __pfx____sys_sendmsg+0x10/0x10
[  628.566061][T13201]  __sys_sendmsg+0x16d/0x220
[  628.566083][T13201]  ? __pfx___sys_sendmsg+0x10/0x10
[  628.566122][T13201]  do_syscall_64+0xcd/0x4e0
[  628.566147][T13201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.566165][T13201] RIP: 0033:0x7fee4b58eba9
[  628.566180][T13201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  628.566196][T13201] RSP: 002b:00007fee4c3f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  628.566214][T13201] RAX: ffffffffffffffda RBX: 00007fee4b7d6180 RCX: 00007fee4b58eba9
[  628.566226][T13201] RDX: 000000000000c000 RSI: 0000200000000500 RDI: 0000000000000005
[  628.566237][T13201] RBP: 00007fee4c3f4090 R08: 0000000000000000 R09: 0000000000000000
[  628.566247][T13201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  628.566257][T13201] R13: 00007fee4b7d6218 R14: 00007fee4b7d6180 R15: 00007ffe5c7ba8a8
[  628.566281][T13201]  </TASK>
[  629.195442][   T95] block nbd0: Possible stuck request ffff888026d65080: control (read@0,1024B). Runtime 150 seconds
[  629.208145][   T95] block nbd0: Possible stuck request ffff888026d65240: control (read@1024,1024B). Runtime 150 seconds
[  629.219532][   T95] block nbd0: Possible stuck request ffff888026d65400: control (read@2048,1024B). Runtime 150 seconds
[  629.230602][   T95] block nbd0: Possible stuck request ffff888026d655c0: control (read@3072,1024B). Runtime 150 seconds
[  629.329722][ T5915] libceph: connect (1)[c::]:6789 error -101
[  629.493408][ T5846] Bluetooth: hci5: unexpected event for opcode 0x0000
[  629.509806][T13213] ceph: No mds server is up or the cluster is laggy
[  629.516856][T13216] ceph: No mds server is up or the cluster is laggy
[  629.639330][ T5915] libceph: mon0 (1)[c::]:6789 connect error
[  629.667741][    T9] libceph: connect (1)[b::]:6789 error -101
[  629.682210][    T9] libceph: mon0 (1)[b::]:6789 connect error
[  629.942006][T13233] openvswitch: netlink: IP tunnel dst address not specified
[  630.792609][ T5915] libceph: connect (1)[c::]:6789 error -101
[  630.813970][ T5915] libceph: mon0 (1)[c::]:6789 connect error
[  631.693863][    T9] libceph: connect (1)[c::]:6789 error -101
[  631.753541][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  631.797528][ T5915] libceph: connect (1)[b::]:6789 error -101
[  631.818772][ T5915] libceph: mon0 (1)[b::]:6789 connect error
[  632.148571][T13243] ceph: No mds server is up or the cluster is laggy
[  632.176013][T13242] ceph: No mds server is up or the cluster is laggy
[  632.300867][T13257] mkiss: ax0: crc mode is auto.
[  632.976906][ T5851] libceph: connect (1)[c::]:6789 error -101
[  632.983429][ T5851] libceph: mon0 (1)[c::]:6789 connect error
[  633.253133][ T5923] libceph: connect (1)[c::]:6789 error -101
[  633.262792][ T5923] libceph: mon0 (1)[c::]:6789 connect error
[  633.378482][ T5846] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  633.387431][ T5846] Bluetooth: hci5: Injecting HCI hardware error event
[  633.396710][ T5846] Bluetooth: hci5: hardware error 0x00
[  633.438551][T13268] ceph: No mds server is up or the cluster is laggy
[  633.453120][   T31] INFO: task syz.3.1282:11401 blocked for more than 143 seconds.
[  633.470533][T13274] ceph: No mds server is up or the cluster is laggy
[  633.477537][ T5958] libceph: connect (1)[b::]:6789 error -101
[  633.488044][ T5958] libceph: mon0 (1)[b::]:6789 connect error
[  633.501038][   T31]       Not tainted syzkaller #0
[  633.506047][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  633.719707][   T31] task:syz.3.1282      state:D stack:25608 pid:11401 tgid:11395 ppid:5854   task_flags:0x400140 flags:0x00004006
[  633.748640][ T5915] libceph: connect (1)[b::]:6789 error -101
[  633.754651][ T5915] libceph: mon0 (1)[b::]:6789 connect error
[  633.796310][   T31] Call Trace:
[  633.819147][   T31]  <TASK>
[  633.836311][   T31]  __schedule+0x1190/0x5de0
[  633.843205][   T31]  ? __pfx___schedule+0x10/0x10
[  633.850406][   T31]  ? find_held_lock+0x2b/0x80
[  633.859300][   T31]  ? schedule+0x2d7/0x3a0
[  633.868160][   T31]  schedule+0xe7/0x3a0
[  633.874555][   T31]  io_schedule+0xbf/0x130
[  633.880865][   T31]  folio_wait_bit_common+0x3d6/0x9e0
[  633.887354][   T31]  ? folio_wait_bit_common+0x13a/0x9e0
[  633.894103][   T31]  ? __pfx_folio_wait_bit_common+0x10/0x10
[  633.900044][   T31]  ? __pfx_wake_page_function+0x10/0x10
[  633.906968][   T31]  ? __pfx___might_resched+0x10/0x10
[  633.913438][   T31]  ? compaction_free+0x148/0x3c0
[  633.918521][   T31]  migrate_pages_batch+0x147d/0x3bd0
[  633.925052][   T31]  ? __pfx_compaction_alloc+0x10/0x10
[  633.933818][   T31]  ? __pfx_compaction_free+0x10/0x10
[  633.941419][   T31]  ? __pfx_migrate_pages_batch+0x10/0x10
[  633.951233][   T31]  migrate_pages_sync+0x4c5/0x8a0
[  633.963764][   T31]  ? __pfx_compaction_alloc+0x10/0x10
[  633.989285][   T31]  ? __pfx_compaction_free+0x10/0x10
[  633.995420][   T31]  ? __pfx_migrate_pages_sync+0x10/0x10
[  634.005080][   T31]  migrate_pages+0x1b67/0x23b0
[  634.015155][   T31]  ? __pfx_compaction_alloc+0x10/0x10
[  634.025386][   T31]  ? __pfx_compaction_free+0x10/0x10
[  634.044507][   T31]  ? __pfx_migrate_pages+0x10/0x10
[  634.054398][   T31]  ? __pfx_isolate_migratepages_block+0x10/0x10
[  634.072565][   T31]  ? pfn_to_online_page+0x1de/0x560
[  634.082635][   T31]  compact_zone+0x2018/0x4760
[  634.113225][   T31]  ? __pfx_compact_zone+0x10/0x10
[  634.118714][   T31]  ? __flush_work+0xa48/0xcc0
[  634.126138][   T31]  compact_node+0x1a4/0x2d0
[  634.131360][   T31]  ? __pfx_compact_node+0x10/0x10
[  634.136486][   T31]  ? __lru_add_drain_all+0xe7/0x6f0
[  634.142118][   T31]  sysctl_compaction_handler+0x141/0x210
[  634.147861][   T31]  proc_sys_call_handler+0x43d/0x570
[  634.159982][   T31]  ? __pfx_proc_sys_call_handler+0x10/0x10
[  634.168327][   T31]  ? splice_from_pipe_next+0x1f8/0x5d0
[  634.174248][   T31]  iter_file_splice_write+0xa21/0x12e0
[  634.179959][   T31]  ? irqentry_exit+0x3b/0x90
[  634.184580][   T31]  ? __pfx_iter_file_splice_write+0x10/0x10
[  634.190589][   T31]  ? __pfx_iter_file_splice_write+0x10/0x10
[  634.196695][   T31]  direct_splice_actor+0x192/0x6c0
[  634.201852][   T31]  splice_direct_to_actor+0x342/0xa30
[  634.207347][   T31]  ? __pfx_direct_splice_actor+0x10/0x10
[  634.213020][   T31]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  634.219027][   T31]  ? rcu_is_watching+0x12/0xc0
[  634.223851][   T31]  do_splice_direct+0x174/0x240
[  634.228805][   T31]  ? __pfx_do_splice_direct+0x10/0x10
[  634.234255][   T31]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  634.240206][   T31]  ? rw_verify_area+0xcf/0x6c0
[  634.245025][   T31]  do_sendfile+0xb06/0xe50
[  634.250186][   T31]  ? __pfx_do_sendfile+0x10/0x10
[  634.255227][   T31]  __x64_sys_sendfile64+0x154/0x220
[  634.260449][   T31]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  634.266233][   T31]  do_syscall_64+0xcd/0x4e0
[  634.271180][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.272655][ T5915] libceph: connect (1)[b::]:6789 error -101
[  634.279653][   T31] RIP: 0033:0x7fbe9658eba9
[  634.283823][ T5915] libceph: mon0 (1)[b::]:6789 connect error
[  634.288559][   T31] RSP: 002b:00007fbe9747f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  634.304549][   T31] RAX: ffffffffffffffda RBX: 00007fbe967d6270 RCX: 00007fbe9658eba9
[  634.312787][   T31] RDX: 00002000000000c0 RSI: 000000000000000b RDI: 000000000000000c
[  634.320857][   T31] RBP: 00007fbe96611e19 R08: 0000000000000000 R09: 0000000000000000
[  634.328816][   T31] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000
[  634.336824][   T31] R13: 00007fbe967d6308 R14: 00007fbe967d6270 R15: 00007ffc9a178e98
[  634.345637][   T31]  </TASK>
[  634.348777][   T31] INFO: task syz.0.1290:11436 blocked for more than 144 seconds.
[  634.356490][   T31]       Not tainted syzkaller #0
[  634.361499][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  634.371022][   T31] task:syz.0.1290      state:D stack:25608 pid:11436 tgid:11430 ppid:5853   task_flags:0x400140 flags:0x00004004
[  634.382985][   T31] Call Trace:
[  634.386251][   T31]  <TASK>
[  634.389207][   T31]  __schedule+0x1190/0x5de0
[  634.393715][   T31]  ? __pfx___schedule+0x10/0x10
[  634.398975][   T31]  ? find_held_lock+0x2b/0x80
[  634.403650][   T31]  ? schedule+0x2d7/0x3a0
[  634.408064][   T31]  ? bdev_open+0xa2/0xe40
[  634.412383][   T31]  schedule+0xe7/0x3a0
[  634.416497][   T31]  schedule_preempt_disabled+0x13/0x30
[  634.421949][   T31]  __mutex_lock+0x81b/0x1060
[  634.426786][   T31]  ? bdev_open+0xa2/0xe40
[  634.431103][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  634.436183][   T31]  ? __pfx_bd_prepare_to_claim+0x10/0x10
[  634.442369][   T31]  ? bdev_open+0xa2/0xe40
[  634.446745][   T31]  bdev_open+0xa2/0xe40
[  634.450901][   T31]  bdev_file_open_by_dev+0x182/0x210
[  634.456546][   T31]  swsusp_check+0x72/0x440
[  634.460963][   T31]  software_resume+0x6f/0x4e0
[  634.466206][   T31]  resume_store+0x247/0x460
[  634.470709][   T31]  ? __pfx_resume_store+0x10/0x10
[  634.475752][   T31]  ? find_held_lock+0x2b/0x80
[  634.480423][   T31]  ? __pfx_resume_store+0x10/0x10
[  634.485657][   T31]  kobj_attr_store+0x55/0x80
[  634.490235][   T31]  ? __pfx_kobj_attr_store+0x10/0x10
[  634.495541][   T31]  sysfs_kf_write+0xf2/0x150
[  634.500124][   T31]  kernfs_fop_write_iter+0x3af/0x570
[  634.505539][   T31]  ? __pfx_sysfs_kf_write+0x10/0x10
[  634.511057][   T31]  vfs_write+0x7d3/0x11d0
[  634.515378][   T31]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  634.521228][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  634.526249][   T31]  ? __pfx_vfs_write+0x10/0x10
[  634.531055][   T31]  ksys_write+0x12a/0x250
[  634.535372][   T31]  ? __pfx_ksys_write+0x10/0x10
[  634.541074][   T31]  do_syscall_64+0xcd/0x4e0
[  634.545579][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.551502][   T31] RIP: 0033:0x7fc140d8eba9
[  634.555907][   T31] RSP: 002b:00007fc141b3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  634.564828][   T31] RAX: ffffffffffffffda RBX: 00007fc140fd6180 RCX: 00007fc140d8eba9
[  634.573120][   T31] RDX: 0000000000000012 RSI: 0000200000000000 RDI: 0000000000000007
[  634.581119][   T31] RBP: 00007fc140e11e19 R08: 0000000000000000 R09: 0000000000000000
[  634.590757][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  634.599160][   T31] R13: 00007fc140fd6218 R14: 00007fc140fd6180 R15: 00007ffc8b3cd248
[  634.607301][   T31]  </TASK>
[  634.610354][   T31] 
[  634.610354][   T31] Showing all locks held in the system:
[  634.649962][   T31] 1 lock held by pool_workqueue_/3:
[  634.661513][   T31]  #0: ffffffff8e5ccb38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[  634.676607][   T31] 1 lock held by khungtaskd/31:
[  634.681471][   T31]  #0: ffffffff8e5c15a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  634.693349][   T31] 1 lock held by udevd/5218:
[  634.697936][   T31] 2 locks held by getty/5605:
[  634.702639][   T31]  #0: ffff8880360b90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  634.716209][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  634.726494][   T31] 3 locks held by kworker/u9:2/5846:
[  634.732041][   T31]  #0: ffff88803444a148 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  634.758096][   T31]  #1: ffffc90003057d10 ((work_completion)(&hdev->error_reset)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  634.770093][   T31]  #2: ffff88807975cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_open+0x22/0x90
[  634.779721][   T31] 1 lock held by udevd/5847:
[  634.784296][   T31]  #0: ffff888026cfa358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  634.793714][   T31] 1 lock held by syz.3.1282/11401:
[  634.799038][   T31]  #0: ffff888063ee6428 (sb_writers#3){.+.+}-{0:0}, at: splice_direct_to_actor+0x342/0xa30
[  634.809058][   T31] 6 locks held by syz.0.1290/11436:
[  634.814238][   T31]  #0: ffff8880300a15f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370
[  634.823395][   T31]  #1: ffff88807af4c428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  634.833172][   T31]  #2: ffff8880616ad488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570
[  634.842958][   T31]  #3: ffff88801eae6878 (kn->active#61){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570
[  634.853018][   T31]  #4: ffffffff8e484d08 (system_transition_mutex){+.+.}-{4:4}, at: software_resume+0x65/0x4e0
[  634.866036][   T31]  #5: ffff888026cfa358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xa2/0xe40
[  634.875505][   T31] 1 lock held by syz-executor/11571:
[  634.880798][   T31]  #0: ffffffff8e5ccb38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  634.890920][   T31] 5 locks held by syz.2.1462/12145:
[  634.896182][   T31]  #0: ffff88803534c478 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370
[  634.905551][   T31]  #1: ffff88807af4c428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  634.914674][   T31]  #2: ffff8880568a2488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570
[  634.924711][   T31]  #3: ffff88801eae6878 (kn->active#61){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570
[  634.935236][   T31]  #4: ffffffff8e484d08 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0
[  634.945696][   T31] 
[  634.948061][   T31] =============================================
[  634.948061][   T31] 
[  634.957077][   T31] NMI backtrace for cpu 1
[  634.957091][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  634.957112][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  634.957122][   T31] Call Trace:
[  634.957128][   T31]  <TASK>
[  634.957134][   T31]  dump_stack_lvl+0x116/0x1f0
[  634.957159][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  634.957176][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  634.957199][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  634.957226][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  634.957246][   T31]  watchdog+0xf0e/0x1260
[  634.957271][   T31]  ? __pfx_watchdog+0x10/0x10
[  634.957287][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  634.957310][   T31]  ? __kthread_parkme+0x19e/0x250
[  634.957336][   T31]  ? __pfx_watchdog+0x10/0x10
[  634.957354][   T31]  kthread+0x3c2/0x780
[  634.957372][   T31]  ? __pfx_kthread+0x10/0x10
[  634.957400][   T31]  ? rcu_is_watching+0x12/0xc0
[  634.957422][   T31]  ? __pfx_kthread+0x10/0x10
[  634.957440][   T31]  ret_from_fork+0x56a/0x730
[  634.957455][   T31]  ? __pfx_kthread+0x10/0x10
[  634.957473][   T31]  ret_from_fork_asm+0x1a/0x30
[  634.957506][   T31]  </TASK>
[  634.957536][   T31] Sending NMI from CPU 1 to CPUs 0:
[  635.081494][    C0] NMI backtrace for cpu 0
[  635.081507][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  635.081522][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  635.081529][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  635.081549][    C0] Code: 6d 61 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 46 15 00 fb f4 <e9> cc 09 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  635.081561][    C0] RSP: 0018:ffffffff8e207e08 EFLAGS: 000002c2
[  635.081573][    C0] RAX: 000000000347c0bb RBX: 0000000000000000 RCX: ffffffff8b94cb49
[  635.081581][    C0] RDX: 0000000000000000 RSI: ffffffff8de52d31 RDI: ffffffff8c163380
[  635.081589][    C0] RBP: fffffbfff1c52ef8 R08: 0000000000000001 R09: ffffed1017086655
[  635.081597][    C0] R10: ffff8880b84332ab R11: 0000000000000000 R12: 0000000000000000
[  635.081605][    C0] R13: ffffffff8e2977c0 R14: ffffffff90ab7490 R15: 0000000000000000
[  635.081613][    C0] FS:  0000000000000000(0000) GS:ffff8881246b2000(0000) knlGS:0000000000000000
[  635.081626][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  635.081634][    C0] CR2: 0000555563f6a608 CR3: 000000007df03000 CR4: 00000000003526f0
[  635.081643][    C0] Call Trace:
[  635.081647][    C0]  <TASK>
[  635.081651][    C0]  default_idle+0x13/0x20
[  635.081668][    C0]  default_idle_call+0x6d/0xb0
[  635.081685][    C0]  do_idle+0x391/0x510
[  635.081701][    C0]  ? __pfx_do_idle+0x10/0x10
[  635.081714][    C0]  ? trace_sched_exit_tp+0x2f/0x120
[  635.081728][    C0]  ? do_idle+0x2e8/0x510
[  635.081744][    C0]  cpu_startup_entry+0x4f/0x60
[  635.081758][    C0]  rest_init+0x16b/0x2b0
[  635.081768][    C0]  ? acpi_subsystem_init+0x133/0x180
[  635.081782][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  635.081799][    C0]  start_kernel+0x3ee/0x4d0
[  635.081814][    C0]  x86_64_start_reservations+0x18/0x30
[  635.081834][    C0]  x86_64_start_kernel+0x130/0x190
[  635.081849][    C0]  common_startup_64+0x13e/0x148
[  635.081868][    C0]  </TASK>
[  635.082531][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  635.082543][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  635.082561][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  635.082570][   T31] Call Trace:
[  635.082576][   T31]  <TASK>
[  635.082582][   T31]  dump_stack_lvl+0x3d/0x1f0
[  635.082604][   T31]  vpanic+0x6e8/0x7a0
[  635.082627][   T31]  ? __pfx_vpanic+0x10/0x10
[  635.082653][   T31]  ? __pfx___irq_work_queue_local+0x10/0x10
[  635.082674][   T31]  panic+0xca/0xd0
[  635.082687][   T31]  ? __pfx_panic+0x10/0x10
[  635.082710][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  635.082734][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[  635.082752][   T31]  ? watchdog+0xd78/0x1260
[  635.082769][   T31]  ? watchdog+0xd6b/0x1260
[  635.082786][   T31]  watchdog+0xd89/0x1260
[  635.082807][   T31]  ? __pfx_watchdog+0x10/0x10
[  635.082823][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  635.082843][   T31]  ? __kthread_parkme+0x19e/0x250
[  635.082867][   T31]  ? __pfx_watchdog+0x10/0x10
[  635.082883][   T31]  kthread+0x3c2/0x780
[  635.082899][   T31]  ? __pfx_kthread+0x10/0x10
[  635.082916][   T31]  ? rcu_is_watching+0x12/0xc0
[  635.082936][   T31]  ? __pfx_kthread+0x10/0x10
[  635.082952][   T31]  ret_from_fork+0x56a/0x730
[  635.082967][   T31]  ? __pfx_kthread+0x10/0x10
[  635.082983][   T31]  ret_from_fork_asm+0x1a/0x30
[  635.083010][   T31]  </TASK>
[  635.412275][   T31] Kernel Offset: disabled
[  635.416570][   T31] Rebooting in 86400 seconds..