last executing test programs:

13m37.086906117s ago: executing program 32 (id=214):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000580), 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000380)={0x6, &(0x7f0000000080)=[{0x59, 0x1, 0x1, 0x200}, {0x9, 0x1, 0x5, 0x2}, {0xfff7, 0x10, 0xff, 0xe5}, {0x401, 0x80, 0xc, 0x40000000}, {0x5, 0x0, 0x61, 0xf}, {0x7, 0x90, 0x6, 0x2}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@ccm_128={{0x303}, "a08d78a244c24d14", "b4e91068bf22767d4a6c56cf4bc745b3", '\x00', "0002b3d353dd00"}, 0x28)

6m23.607843712s ago: executing program 2 (id=1291):
ioperm(0x0, 0x5, 0x9)
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0xffffffffffffffff)
r1 = socket(0x11, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r3=>0x0})
bind$packet(r1, &(0x7f0000000180)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @dev}, 0x14)
writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000480)="57c761f654db5f3098ae64ce385ffcfed0ef110d93cbe7fa1f4f2327602a291192f5fe9863d527e303153f68b04c18db5a48756a583789e9895746c12b9d4e1224c9e17563edff39dd0b7d73fbb4b5a64e7b6db65b84b82f6c938205b2d8560f0da2f775e85175f74ed70033681e96d30fe8a7c2866c59e8f2e2d253ee55115be95aef4a8688989faa6f27db0ea71914ea8150aa35afc828c97af0ec5cc718ca2a58b3", 0xa3}], 0x1)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
sendmsg$netlink(r1, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="020114004f0018000e3580009f0001140000002f0604ac14141de0000003808a8972bd0b72e41082b9a3d206"], 0xdd12}], 0x1}, 0x20040851)
connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x0, 0x0)

6m22.50300463s ago: executing program 2 (id=1295):
syz_io_uring_setup(0xd2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, 0x0, 0x0)
r0 = socket(0xa, 0x1, 0x100)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0xdb4, 0x0, 0x0, 0x0, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="0b00000073790101000000000000000000000000000af7f4f0c55de8ca0000000000000000000000000000000000000000f3c800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000020"], 0x138)
write$UHID_DESTROY(r1, &(0x7f0000000340), 0x4)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4)
ppoll(&(0x7f0000000180)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x44800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSPTLCK(r8, 0x40045431, &(0x7f0000001440))
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES32=0x1], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x48)
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000300)={'ip6gretap0\x00'})

6m20.179386592s ago: executing program 2 (id=1299):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r1}, 0x10)
socketpair(0xa, 0x1, 0x0, &(0x7f0000000000))

6m19.735414689s ago: executing program 2 (id=1300):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x530, 0x65, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x4}, {0xffe0}}, [@filter_kind_options=@f_u32={{0x8}, {0x4fc, 0x2, [@TCA_U32_MARK={0x10, 0xa, {0x3, 0x2}}, @TCA_U32_FLAGS={0x8, 0xb, 0x5}, @TCA_U32_INDEV={0x14, 0x8, 'veth1_to_bridge\x00'}, @TCA_U32_ACT={0x4cc, 0x7, [@m_mpls={0x68, 0x1e, 0x0, 0x0, {{0x9}, {0x4}, {0x39, 0x6, "612d3699db034f8f08430151bfb3f0819c1d44301a821ce1a7e2fcd26a93322f414a08eb783ba01be15256ed15fc2fa03568c8552b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_mirred={0x160, 0x1e, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x8, 0x7, 0x20000000, 0xffff, 0x6}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x7, 0x7, 0x8, 0x401}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3a61, 0x5a68ce02, 0x0, 0x2eca, 0x5}, 0x3}}]}, {0xd1, 0x6, "71558f82c797ed40aa96cae0561caac80e37421fbe6b5847795e9152419bd6e36082801f37e53ccbea50d8b4e7d6d4cd06cec76ec462499bdf122811144a51b56146738d4d25cbd285f2e729dbbe3c6137f7cd123b784cfddefd732ecc306f6cd0dc9c82fffc866125185fd50c16a59b8228811ffa42a3fc06ae6c491841f2d3b022b410d20071f23972ad211e8d088570180a0b72ec30b207b439e9499530f5ed3add294c6979c4716758179993cb396d1a9e8371981dc62a436962aa697442d2123e008f091efa1ef638699b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_police={0x64, 0x20, 0x0, 0x0, {{0xb}, {0x4}, {0x35, 0x6, "becc0dfba237e62806d749b491e4df74a2edaae87448c525c394a1cd2b702d5bf5d0417b2f2d65c8e351d44c338dd81ad3"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_police={0xa4, 0xc, 0x0, 0x0, {{0xb}, {0x10, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE64={0xc, 0x8, 0x8}]]}, {0x69, 0x6, "7f3463bc5002e7ca3c93ae6e3fcb585947a90c04c8e9e0d17a49e34b693e09f9b56b228bfb3c92f03a82d9037a584486580784b83b2e30f090d11a4c9a21e9092f2f192e1e8f6f11f5bd352ec97c7f819cd31ce34b32af808e66c773d47e5dc6e50dbe4e80"}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_ct={0x44, 0xb, 0x0, 0x0, {{0x7}, {0x4}, {0x19, 0x6, "3b8dd99ff628f0e136ea03ee3bb7e4eb97a588c1fa"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ct={0x90, 0x1f, 0x0, 0x0, {{0x7}, {0x68, 0x2, 0x0, 0x1, [@TCA_CT_ACTION={0x6, 0x3, 0x43}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_CT_ACTION={0x6, 0x3, 0x21}, @TCA_CT_LABELS_MASK={0x14, 0x8, "0600be9e48e760ba6779831df0129d79"}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @local}, @TCA_CT_LABELS_MASK={0x14, 0x8, "e7011bcc7a6b8ee870edb3e1d4364f94"}, @TCA_CT_ACTION={0x6}, @TCA_CT_LABELS={0x14, 0x7, "d84f053b22a32e873e2676b45f4a0ad9"}]}, {0x4}, {0xc}, {0xc}}}, @m_ctinfo={0x64, 0xf, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x8}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x9}]}, {0x25, 0x6, "871e4a3093c0e8019f3e85d16b62fbd06858927c4759e03eb68fe380f18d158dfe"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0x30, 0x13, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_ct={0x90, 0x2, 0x0, 0x0, {{0x7}, {0x68, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @empty}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e21}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_ZONE={0x6, 0x4, 0x260d}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @loopback}, @TCA_CT_MARK={0x8, 0x5, 0x8}, @TCA_CT_LABELS_MASK={0x14, 0x8, "0e16c0fbcfd4e59e5f04cfa3cef75f58"}, @TCA_CT_ZONE={0x6, 0x4, 0x40}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}}, @TCA_RATE={0x6}]}, 0x530}, 0x1, 0x0, 0x0, 0x1}, 0x20000810)
sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000340)={0x38, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004001}, 0x10)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

6m17.971125822s ago: executing program 2 (id=1303):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x588, 0x65, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x4}, {0xffe0}}, [@filter_kind_options=@f_u32={{0x8}, {0x544, 0x2, [@TCA_U32_MARK={0x10, 0xa, {0x3, 0x2}}, @TCA_U32_FLAGS={0x8, 0xb, 0x5}, @TCA_U32_INDEV={0x14, 0x8, 'veth1_to_bridge\x00'}, @TCA_U32_ACT={0x514, 0x7, [@m_mpls={0xb0, 0x1e, 0x0, 0x0, {{0x9}, {0x50, 0x2, 0x0, 0x1, [@TCA_MPLS_PROTO={0x6, 0x4, 0x88be}, @TCA_MPLS_LABEL={0x8, 0x5, 0x38993}, @TCA_MPLS_PARMS={0x1c, 0x2, {{0x2, 0x1ff, 0x0, 0x29c2, 0x7f}, 0x4}}, @TCA_MPLS_LABEL={0x8, 0x5, 0xbc27b}, @TCA_MPLS_TC={0x5, 0x6, 0x2}, @TCA_MPLS_TTL={0x5, 0x7, 0x1}, @TCA_MPLS_LABEL={0x8, 0x5, 0xf80e6}]}, {0x36, 0x6, "612d3699db034f8f08430151bfb3f0819c1d44301a821ce1a7e2fcd26a93322f414a08eb783ba01be15256ed15fc2fa03568"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_mirred={0x160, 0x1e, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x8, 0x7, 0x20000000, 0xffff, 0x6}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x7, 0x7, 0x8, 0x401}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3a61, 0x5a68ce02, 0x0, 0x2eca, 0x5}, 0x3}}]}, {0xd1, 0x6, "71558f82c797ed40aa96cae0561caac80e37421fbe6b5847795e9152419bd6e36082801f37e53ccbea50d8b4e7d6d4cd06cec76ec462499bdf122811144a51b56146738d4d25cbd285f2e729dbbe3c6137f7cd123b784cfddefd732ecc306f6cd0dc9c82fffc866125185fd50c16a59b8228811ffa42a3fc06ae6c491841f2d3b022b410d20071f23972ad211e8d088570180a0b72ec30b207b439e9499530f5ed3add294c6979c4716758179993cb396d1a9e8371981dc62a436962aa697442d2123e008f091efa1ef638699b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_police={0x64, 0x20, 0x0, 0x0, {{0xb}, {0x4}, {0x35, 0x6, "becc0dfba237e62806d749b491e4df74a2edaae87448c525c394a1cd2b702d5bf5d0417b2f2d65c8e351d44c338dd81ad3"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_police={0xa4, 0xc, 0x0, 0x0, {{0xb}, {0x10, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE64={0xc, 0x8, 0x8}]]}, {0x69, 0x6, "7f3463bc5002e7ca3c93ae6e3fcb585947a90c04c8e9e0d17a49e34b693e09f9b56b228bfb3c92f03a82d9037a584486580784b83b2e30f090d11a4c9a21e9092f2f192e1e8f6f11f5bd352ec97c7f819cd31ce34b32af808e66c773d47e5dc6e50dbe4e80"}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_ct={0x44, 0xb, 0x0, 0x0, {{0x7}, {0x4}, {0x19, 0x6, "3b8dd99ff628f0e136ea03ee3bb7e4eb97a588c1fa"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ct={0x90, 0x1f, 0x0, 0x0, {{0x7}, {0x68, 0x2, 0x0, 0x1, [@TCA_CT_ACTION={0x6, 0x3, 0x43}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_CT_ACTION={0x6, 0x3, 0x21}, @TCA_CT_LABELS_MASK={0x14, 0x8, "0600be9e48e760ba6779831df0129d79"}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @local}, @TCA_CT_LABELS_MASK={0x14, 0x8, "e7011bcc7a6b8ee870edb3e1d4364f94"}, @TCA_CT_ACTION={0x6}, @TCA_CT_LABELS={0x14, 0x7, "d84f053b22a32e873e2676b45f4a0ad9"}]}, {0x4}, {0xc}, {0xc}}}, @m_ctinfo={0x64, 0xf, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x8}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x9}]}, {0x25, 0x6, "871e4a3093c0e8019f3e85d16b62fbd06858927c4759e03eb68fe380f18d158dfe"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0x30, 0x13, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_ct={0x90, 0x2, 0x0, 0x0, {{0x7}, {0x68, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @empty}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e21}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_ZONE={0x6, 0x4, 0x260d}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @loopback}, @TCA_CT_MARK={0x8, 0x5, 0x8}, @TCA_CT_LABELS_MASK={0x14, 0x8, "0e16c0fbcfd4e59e5f04cfa3cef75f58"}, @TCA_CT_ZONE={0x6, 0x4, 0x40}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x588}, 0x1, 0x0, 0x0, 0x1}, 0x20000810)
sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000340)={0x38, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004001}, 0x10)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

6m17.970131845s ago: executing program 4 (id=1304):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lsm, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000d40)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x8946, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'}) (async)
ioctl$SIOCSIFHWADDR(r2, 0x8946, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xff, 0x1f}, {0x0, 0x0, 0x0, 0x0, 0xf}, {0x0, 0x0, 0x8}], 0x8})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

6m17.445655336s ago: executing program 2 (id=1305):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
writev(r3, &(0x7f0000000440)=[{&(0x7f00000001c0)='\x00\x00\x00\x00\x00\x00', 0x3}, {0x0, 0x5d}], 0x2)
ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000000b2000040ed85643dad"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
r6 = socket(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000080)={'team0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000002340)=@newqdisc={0x8c, 0x24, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4000001, 0x0, 0x80}}}}, @qdisc_kind_options=@q_pie={{0x8}, {0x2c, 0x2, [@TCA_PIE_ALPHA={0x8, 0x4, 0x20}, @TCA_PIE_TARGET={0x8, 0x1, 0x8}, @TCA_PIE_ECN={0x8, 0x6, 0x1}, @TCA_PIE_BETA={0x8}, @TCA_PIE_BYTEMODE={0x8}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
read$FUSE(r5, &(0x7f0000000300)={0x2020, 0x0, <r9=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r5, &(0x7f0000000080)={0x10, 0xffffffffffffffda, r9}, 0x10)
r10 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/4\x00')
mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dno=\x00'/15, @ANYRESHEX=r10, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00'])
bind$tipc(r4, &(0x7f0000000000)=@name={0x1e, 0x2, 0x3, {{}, 0x3}}, 0x10)

6m17.36279162s ago: executing program 4 (id=1306):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r3 = eventfd2(0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
socket$kcm(0x2, 0x2, 0x73)
close_range(r3, 0xffffffffffffffff, 0x0)

6m14.60406387s ago: executing program 4 (id=1310):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r1}, 0x10)
socketpair(0xa, 0x1, 0x0, &(0x7f0000000000))

6m14.546405357s ago: executing program 4 (id=1311):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
getpeername$unix(0xffffffffffffffff, 0x0, 0x0)
ftruncate(r0, 0xc17a)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000300)=""/79, 0x4f}], 0x1, &(0x7f0000000380)=""/172, 0xac}, 0x8}, {{&(0x7f0000000440)=@ax25={{0x3, @null}, [@null, @rose, @null, @default, @bcast, @default, @netrom, @netrom]}, 0x80, &(0x7f0000001880)=[{&(0x7f00000004c0)=""/180, 0xb4}, {&(0x7f0000000580)=""/144, 0x90}, {&(0x7f0000000640)}, {&(0x7f0000000640)}, {&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f0000000680)=""/142, 0x8e}, {&(0x7f0000001780)=""/209, 0xd1}], 0x7}, 0x95}, {{&(0x7f0000001900)=@hci, 0x80, &(0x7f0000001a80)=[{&(0x7f0000001980)=""/232, 0xe8}], 0x1, &(0x7f0000001ac0)=""/238, 0xee}, 0x4}, {{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000001bc0)=""/197, 0xc5}, {&(0x7f0000001cc0)=""/181, 0xb5}, {&(0x7f0000002f00)=""/68, 0x44}], 0x3, &(0x7f0000001e00)=""/212, 0xd4}}, {{&(0x7f0000001f00)=@phonet, 0x80, &(0x7f0000002040)=[{&(0x7f0000001f80)=""/113, 0x71}, {&(0x7f0000002000)=""/12, 0xc}], 0x2, &(0x7f0000002080)=""/1, 0x1}, 0x2}], 0x5, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000c02a512a000000000000000000800000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100"/28], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000240)=ANY=[@ANYRESHEX=r3, @ANYRES32=r4], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
r6 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062c30bc068829afff36b31fa7e358e95cfa"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000200)={r7, 0x2000000, 0x18, 0x0, &(0x7f0000000040)="0990ddc84839db92", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
rt_sigaction(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000003f80)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000003f40)={&(0x7f0000002240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a600b00000c0a010100000000000000000200000220030380100000800c00054000000000000000085c010080040007800900090073797a3000000000040007800c0004400000000000000006fd000640fcbb68a128cf04519a1cfe7566564c94f408648cca9e4b69959a89f66b96f3bf01bc1d3cbfce98fee59b0148e5cdaf19b9392c1de2b112b484b4d4c0ca83bff43d087fc0557b6a907ee74a8bcdcbbc51d23bd0f1e35d44765efb5511076a9cf65f0389874274a3dfc235d5dfd8bc701a35e0b5233490b70b41439c90b6e098aecb2a956ffc64367ae84d4759d71150ceaa01adbf95ead03bad065568749c98792742ff48b15258387392bd9fff771d987f575541bd373c0b87fc7f6f05fe5d35e6d9308d279f9a67c0115da27ff3587c796e5b33e5a98f67b82d213c52b498f870afba271eb896770dfdd80f0ea916db73c17c2479c83cf1b100000008000340000000010c00044000000000000000070c00044000000000000000090c00044000000000000000000c0004400000000000000007480000800900090073797a30000000000400078008000340000000000c0004400000000000000d010c000440000000000000000908000340000000010c000440000000000000005d680100800c0005400000000000000008f4000180f0000100e4a7881586d5f82fcbcc05b254695e6c6b0b9663043718acfc0fa35a86015901d12b5dbe3d6c3177fdaba69acd7bdcf130f1fa38374a9801b7f9587b1a14206a0f36fa411c3bf0622531a6873d1a64fdf7404cb367f728cce934bd8f0052c067332c9d7027d4074a30d6e8337e2fb154441b50ee219e2e32797f8d3a85f5f368d0c879f1bd5c7595438bf6c3d2de4a6349adb67ee0994f5de50ebb4f7d53cb49eb482ca1fe9afc2ccd26968a701349d716481df829d82001bce1a6007009b9d182f7af152879217d53404452600000000000004452b3e2178fbfa7accaba2381c9dbe85689408baf0f6ce3080c000540000000000000007f040002802e0006401fe757bb66fe79b895a756c5939043ce9b5866dddea97e1ac5095f72e06548aca97b4b737d61e096a584000004000780200002801c00028008000180ffffffff080003400000000108000180ffffffff08000440000000010900020073797a300000000018080380100000800900090073797a3200000000cc040080e8020a805800010090d89c50a644799ced4378f1a19401258b2556ee875ce5cfa8d26d80983e57a87861aad0095bfe1dba4c314b32e1b8bbd90ba78612183ae9e8df590070f2b9d99fdef3ad0b2e4aa26872ab5aeade9e7c266ae0e13800028008000180fffffffd0900020073797a30000000000900020073797a31000000000900020073797a32000000000800034000000007580001004cfd3f1337b83fa5709f88e65c0232f3f0e94f0a64b36c85645370638949682a22ebbe8bcbf347d99be38b7d92dd4448ea70926167ef2b3c0e7154b5ef8e2ae0c159809fad90c632380e27b802f9367c88877fdff00001006b06f8b49ed97bb1daf185d4131457545c73dbc1c5e2b1d1d8f3ba2e647be1d7b7e07b0e00cce71fce4996e0ec1fd8e9c8c6daa2c8b7865ab74673027491199285de518d92cdf6bfde35b41bfb78d1c64fafd9b223fcbc10d9aff1dfc28b359d00afe54fae15a717f887604c2b97b37dbdbb1dfe2bc91ee974570d7b97746eafe60ad8b23baa6b92d2e51e66dfaa24f25db7659c3cc69555027307616e9298666bb9d60440bfccd7d84242a914401d556d66aa1726b4c401d24f67ba5e70e5a7722122e1694698367f621f1786cb53d5595dc08db01339b8855c5d76a57a72ab636f17c05a2cf801bb916c2d8e000100781974fcd318d85d568bfe2cda37530922447d16ded0aff5157b18f7ba7c9b293e9b7ec3c81d5cc1f78378572aacf42d732aa1aabdc0be003aec4acc818c108631133c9585e2b2f85e978837abb0c94e7576b3b4b35a3dfa59f6f6fd38ce3e5edb39c7fa0c5b5502575202ff93c6de37ecf930897755eab0961cbbaa3cec4633ee95cc925d74f596edc200007c0001003487543095e98358249c0fba47f77d09be7960e9322d2871e1353bd54d1bb1dc6ac39d1984a659e001b295f3bb4e9b7ff7bb69104deb756a62d86ce4b7e2a6420f02d901ee4aae39dba3e41ed69b9218441292c5799296cfaf21b9176ca8668b24226f41a322da2115a1c50f5d5f81fc971eaea1985e0c430900090073797a3100000000a8000a801400028008000180fffffffc08000340000000002c00028008000340fffffb520900020073797a310000000008000340000000020900020073797a300000000064000280080003400000020008000180fffffffc0900020073797a32000000000900020073797a310000000008000180fffffffd0800034000000006080003400000000108000340000080000900020073797a32000000000900020073797a32000000000c00054000000000000000001c01018036000100b509d5b2c13a8415b8a604bf7a83c0beae13445aeed927f5fa0ed08fdc76b514cf3b2c87829b495c122d6c5b0ee86d3f61850000df000100b6b5328f41be9a8875839e1926a71cceef09ab70e69bc83e8059465387ea227ad9bb9c23a291f67c2eca92780ace798226d21e5bd742dbffd5f535131d46d9a3963944ec8e473cfdae2b6c44cf1f948cc97c9e7d5cfa97a448bda78d079cf10aaf0398edb31f8e10722d43ccf4ec74cce7c152c692e428c903bbed4094e85758f957f2cfb7b82b9a96a4bfc723cb5943ea20619c4d20d2d92f0dabb531fc5febf1b40b3d9b631d4d56be7439a35e9ecdce838617cc2c90b3a67de69835b9b2b17e71b8e40437f396212919f46fbf2c6a43b7a76f1e197394b811660004000280380300800900090073797a31000000009c000b80240001800b0001007470726f7879000014000280080003400000000008000140000000014000018011000100666c6f775f6f66666c6f616400000000280002800900010073797a31000000000900010073797a32000000000900010073797a32000000000c00018008000100647570000c00018008000100666962001c0001800b00010064796e73657400000c000280080002b7768b6fbf40000000038c02028046000100acbaf4936b7b5981df07000000edc6a50cfab337816e3a29c04b665cd9ec7c117b6fa3b7145750c802ab005d8207bde19aa86b9eb8e3ca4290f522176100000000000000d8000100d112dcc1a765b18262168f24f7f40acf9df3924a7781c2384a14a787929e98c58e212afab28e0546dc2e2c682857957f015b4431a2ff1549587c25bb6b2168e7bd38886e8dec4390ba6906f2658d5f460bbe94008b8a2b6b4aa8cc72b0cd29ad0897d2b4cb1c59e4b972adce86076e64a96daae7463d10001fe7a5ee5851b40c64a62616a23507e984f35d07245676c06701f0259888c8e847eff38dadda9e8356c0e81071542ffaa81ff736d7ccc02881e8d9488fed9145e2b453f2374dbf0447851f750ea2a732b45a0f84d89e3769595964a938000100b2a451f074a37bb670be6f65555b7d864976beb081ac0f41d937c556be6ba47ed0a79157f6489105830336b6c8df15227e7b751acc000100b35c70ee1ec533dd7ab5684472fc926018fa08d90476a45b2d108430fb47d3dc792447e94a1322c28952708aeec087ae7459a7856771f0ba747c87b33ff9e5b8e7b4aa08aa61e6c86ca60dd15ff51839c21e5e7360fd0ceb2c9e127dcff7facbb676082cb081d30a861d14f014f1b6c21a218f524aa89cbd808c4eb310bc7a6c567475ed2fb8aad7220f735a2d73926d8074f6fafea4cf858ad3609a0dae79d7fcfbffba3a37447978bcc3cf3c8d78622500caba50479621082a8bbe0e8f384ad18740ffc77dfd0d0c00028008000180fffffffe5800028008000180fffffffd0900020073797a32000000000800034000000400080003400000000908000180fffffffb08000180ffffffff0900020073797a320000000008000180000000010900020073797a31000000002c000000080a010200000000000000000a0000060900010073797a31000000000900020073797a300000000014010000050a010100000000000000000300000a62000c00fd80f6203af7f90fec2770846fb24054d0827c026c15a6744930e063b69b6524ebd519e8f00d15a02b61beb8a98ec50cf175e180070644a3637eb930368f34f181d99ee3f4981d62e2c55f3dae54a5a5849b43d3d23da52a592c2f9bb82f000079000c006607e1bf8cf355beb486fda907279ca13ef6892ce681ea131b910784478760304d2f54333cbc87c012d41790c89b08c94be219026fb4d4105383a5303f37d3993b846613a445961315b2d25ece7106ed5c0366aa0f95999dd2aab132981080e39a2d7de7b0174bff0bc6cfd0446f5a440f88d7ab0d0000000a000700726f757465000000080007006e61740009"], 0xcc8}, 0x1, 0x0, 0x0, 0x20000800}, 0x2200c0c0)

6m13.387434202s ago: executing program 4 (id=1312):
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000040)="0f01c20f20e035000040000f22e03e640f871d0000000f01cbc0222a2e64652ef30f01eac4e17917a6123a000026660f38152b26d70f01c8", 0xffffffffffffff60}], 0xaaaaaaaaaaaadd2, 0x0, 0x0, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0xbc)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000080)={0x0, 0x0})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6m13.116758946s ago: executing program 4 (id=1313):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x530, 0x65, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x4}, {0xffe0}}, [@filter_kind_options=@f_u32={{0x8}, {0x4fc, 0x2, [@TCA_U32_MARK={0x10, 0xa, {0x3, 0x2}}, @TCA_U32_FLAGS={0x8, 0xb, 0x5}, @TCA_U32_INDEV={0x14, 0x8, 'veth1_to_bridge\x00'}, @TCA_U32_ACT={0x4cc, 0x7, [@m_mpls={0x68, 0x1e, 0x0, 0x0, {{0x9}, {0x4}, {0x39, 0x6, "612d3699db034f8f08430151bfb3f0819c1d44301a821ce1a7e2fcd26a93322f414a08eb783ba01be15256ed15fc2fa03568c8552b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_mirred={0x160, 0x1e, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x8, 0x7, 0x20000000, 0xffff, 0x6}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x7, 0x7, 0x8, 0x401}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3a61, 0x5a68ce02, 0x0, 0x2eca, 0x5}, 0x3}}]}, {0xd1, 0x6, "71558f82c797ed40aa96cae0561caac80e37421fbe6b5847795e9152419bd6e36082801f37e53ccbea50d8b4e7d6d4cd06cec76ec462499bdf122811144a51b56146738d4d25cbd285f2e729dbbe3c6137f7cd123b784cfddefd732ecc306f6cd0dc9c82fffc866125185fd50c16a59b8228811ffa42a3fc06ae6c491841f2d3b022b410d20071f23972ad211e8d088570180a0b72ec30b207b439e9499530f5ed3add294c6979c4716758179993cb396d1a9e8371981dc62a436962aa697442d2123e008f091efa1ef638699b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_police={0x64, 0x20, 0x0, 0x0, {{0xb}, {0x4}, {0x35, 0x6, "becc0dfba237e62806d749b491e4df74a2edaae87448c525c394a1cd2b702d5bf5d0417b2f2d65c8e351d44c338dd81ad3"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_police={0xa4, 0xc, 0x0, 0x0, {{0xb}, {0x10, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE64={0xc, 0x8, 0x8}]]}, {0x69, 0x6, "7f3463bc5002e7ca3c93ae6e3fcb585947a90c04c8e9e0d17a49e34b693e09f9b56b228bfb3c92f03a82d9037a584486580784b83b2e30f090d11a4c9a21e9092f2f192e1e8f6f11f5bd352ec97c7f819cd31ce34b32af808e66c773d47e5dc6e50dbe4e80"}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_ct={0x44, 0xb, 0x0, 0x0, {{0x7}, {0x4}, {0x19, 0x6, "3b8dd99ff628f0e136ea03ee3bb7e4eb97a588c1fa"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ct={0x90, 0x1f, 0x0, 0x0, {{0x7}, {0x68, 0x2, 0x0, 0x1, [@TCA_CT_ACTION={0x6, 0x3, 0x43}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_CT_ACTION={0x6, 0x3, 0x21}, @TCA_CT_LABELS_MASK={0x14, 0x8, "0600be9e48e760ba6779831df0129d79"}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @local}, @TCA_CT_LABELS_MASK={0x14, 0x8, "e7011bcc7a6b8ee870edb3e1d4364f94"}, @TCA_CT_ACTION={0x6}, @TCA_CT_LABELS={0x14, 0x7, "d84f053b22a32e873e2676b45f4a0ad9"}]}, {0x4}, {0xc}, {0xc}}}, @m_ctinfo={0x64, 0xf, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x8}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x9}]}, {0x25, 0x6, "871e4a3093c0e8019f3e85d16b62fbd06858927c4759e03eb68fe380f18d158dfe"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0x30, 0x13, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_ct={0x90, 0x2, 0x0, 0x0, {{0x7}, {0x68, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @empty}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e21}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_ZONE={0x6, 0x4, 0x260d}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @loopback}, @TCA_CT_MARK={0x8, 0x5, 0x8}, @TCA_CT_LABELS_MASK={0x14, 0x8, "0e16c0fbcfd4e59e5f04cfa3cef75f58"}, @TCA_CT_ZONE={0x6, 0x4, 0x40}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}}, @TCA_RATE={0x6}]}, 0x530}, 0x1, 0x0, 0x0, 0x1}, 0x20000810)
sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000340)={0x38, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004001}, 0x10)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

6m7.405878018s ago: executing program 33 (id=1294):
r0 = memfd_create(&(0x7f0000000740)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c\xfa\xb4q\xbb\x7fN\xd1\r%;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\x12?\xc7zL\x01\r-\x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc\xbe\xb6\xa7w\x9d\xf1\xe5V\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca', 0x4)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000003, 0x97052, r0, 0x0)
syz_clone3(&(0x7f0000000480)={0x66000080, 0x0, 0x0, 0x0, {0x3e}, 0x0, 0x0, &(0x7f00000003c0)=""/97, 0x0}, 0x58)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)

6m2.399502858s ago: executing program 34 (id=1305):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
writev(r3, &(0x7f0000000440)=[{&(0x7f00000001c0)='\x00\x00\x00\x00\x00\x00', 0x3}, {0x0, 0x5d}], 0x2)
ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000000b2000040ed85643dad"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
r6 = socket(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000080)={'team0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000002340)=@newqdisc={0x8c, 0x24, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4000001, 0x0, 0x80}}}}, @qdisc_kind_options=@q_pie={{0x8}, {0x2c, 0x2, [@TCA_PIE_ALPHA={0x8, 0x4, 0x20}, @TCA_PIE_TARGET={0x8, 0x1, 0x8}, @TCA_PIE_ECN={0x8, 0x6, 0x1}, @TCA_PIE_BETA={0x8}, @TCA_PIE_BYTEMODE={0x8}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
read$FUSE(r5, &(0x7f0000000300)={0x2020, 0x0, <r9=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r5, &(0x7f0000000080)={0x10, 0xffffffffffffffda, r9}, 0x10)
r10 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/4\x00')
mount$9p_fd(0x0, &(0x7f0000000180)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dno=\x00'/15, @ANYRESHEX=r10, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00'])
bind$tipc(r4, &(0x7f0000000000)=@name={0x1e, 0x2, 0x3, {{}, 0x3}}, 0x10)

5m57.895132616s ago: executing program 35 (id=1313):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x530, 0x65, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x4}, {0xffe0}}, [@filter_kind_options=@f_u32={{0x8}, {0x4fc, 0x2, [@TCA_U32_MARK={0x10, 0xa, {0x3, 0x2}}, @TCA_U32_FLAGS={0x8, 0xb, 0x5}, @TCA_U32_INDEV={0x14, 0x8, 'veth1_to_bridge\x00'}, @TCA_U32_ACT={0x4cc, 0x7, [@m_mpls={0x68, 0x1e, 0x0, 0x0, {{0x9}, {0x4}, {0x39, 0x6, "612d3699db034f8f08430151bfb3f0819c1d44301a821ce1a7e2fcd26a93322f414a08eb783ba01be15256ed15fc2fa03568c8552b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_mirred={0x160, 0x1e, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x8, 0x7, 0x20000000, 0xffff, 0x6}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x7, 0x7, 0x8, 0x401}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3a61, 0x5a68ce02, 0x0, 0x2eca, 0x5}, 0x3}}]}, {0xd1, 0x6, "71558f82c797ed40aa96cae0561caac80e37421fbe6b5847795e9152419bd6e36082801f37e53ccbea50d8b4e7d6d4cd06cec76ec462499bdf122811144a51b56146738d4d25cbd285f2e729dbbe3c6137f7cd123b784cfddefd732ecc306f6cd0dc9c82fffc866125185fd50c16a59b8228811ffa42a3fc06ae6c491841f2d3b022b410d20071f23972ad211e8d088570180a0b72ec30b207b439e9499530f5ed3add294c6979c4716758179993cb396d1a9e8371981dc62a436962aa697442d2123e008f091efa1ef638699b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_police={0x64, 0x20, 0x0, 0x0, {{0xb}, {0x4}, {0x35, 0x6, "becc0dfba237e62806d749b491e4df74a2edaae87448c525c394a1cd2b702d5bf5d0417b2f2d65c8e351d44c338dd81ad3"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_police={0xa4, 0xc, 0x0, 0x0, {{0xb}, {0x10, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE64={0xc, 0x8, 0x8}]]}, {0x69, 0x6, "7f3463bc5002e7ca3c93ae6e3fcb585947a90c04c8e9e0d17a49e34b693e09f9b56b228bfb3c92f03a82d9037a584486580784b83b2e30f090d11a4c9a21e9092f2f192e1e8f6f11f5bd352ec97c7f819cd31ce34b32af808e66c773d47e5dc6e50dbe4e80"}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_ct={0x44, 0xb, 0x0, 0x0, {{0x7}, {0x4}, {0x19, 0x6, "3b8dd99ff628f0e136ea03ee3bb7e4eb97a588c1fa"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ct={0x90, 0x1f, 0x0, 0x0, {{0x7}, {0x68, 0x2, 0x0, 0x1, [@TCA_CT_ACTION={0x6, 0x3, 0x43}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_CT_ACTION={0x6, 0x3, 0x21}, @TCA_CT_LABELS_MASK={0x14, 0x8, "0600be9e48e760ba6779831df0129d79"}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @local}, @TCA_CT_LABELS_MASK={0x14, 0x8, "e7011bcc7a6b8ee870edb3e1d4364f94"}, @TCA_CT_ACTION={0x6}, @TCA_CT_LABELS={0x14, 0x7, "d84f053b22a32e873e2676b45f4a0ad9"}]}, {0x4}, {0xc}, {0xc}}}, @m_ctinfo={0x64, 0xf, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x8}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x9}]}, {0x25, 0x6, "871e4a3093c0e8019f3e85d16b62fbd06858927c4759e03eb68fe380f18d158dfe"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_pedit={0x30, 0x13, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_ct={0x90, 0x2, 0x0, 0x0, {{0x7}, {0x68, 0x2, 0x0, 0x1, [@TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @empty}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e21}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_ZONE={0x6, 0x4, 0x260d}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @loopback}, @TCA_CT_MARK={0x8, 0x5, 0x8}, @TCA_CT_LABELS_MASK={0x14, 0x8, "0e16c0fbcfd4e59e5f04cfa3cef75f58"}, @TCA_CT_ZONE={0x6, 0x4, 0x40}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}}, @TCA_RATE={0x6}]}, 0x530}, 0x1, 0x0, 0x0, 0x1}, 0x20000810)
sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000340)={0x38, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004001}, 0x10)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

2m39.238801845s ago: executing program 5 (id=1988):
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000300)={'lo\x00', &(0x7f00000001c0)=@ethtool_rxfh_indir={0x39, 0x9, [0x9aa, 0x9, 0xffff, 0xe, 0xaf, 0x8000, 0x7, 0x7, 0xfffffffe]}})
connect$unix(r5, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRESOCT=r0, @ANYRESOCT=r0, @ANYBLOB="00000000000000002800128009000100626f6e640000000018000280140008800800030001"], 0x48}}, 0x800)
sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)

2m37.766912767s ago: executing program 5 (id=1990):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000001540)=[{&(0x7f0000001280)="db2808", 0x3}, {&(0x7f0000001380)='/', 0x1}, {&(0x7f0000001480)="9537", 0x2}], 0x3, 0x4)
r2 = memfd_create(&(0x7f0000000080), 0x0)
splice(r0, 0x0, r2, 0x0, 0x408cd, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={&(0x7f0000000040)="2eb1c25f80c5e6", 0x0, 0x0, 0x0, 0x6, 0x1}, 0x38)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1}, &(0x7f0000000240), &(0x7f00000002c0)=r0}, 0x20)
sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000038000000030a01020000000000000000010000000900030073797a32000000000a00070072527574650000000900010073797a300000000094000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000005800048054000180090001007866726d0000000044000280050003000100000005000300020000000500030000000000080001400000000a08000440000000000800024000000002"], 0x114}}, 0x0)

2m33.523346004s ago: executing program 8 (id=2001):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000001540)=[{&(0x7f0000001280)="db2808", 0x3}, {&(0x7f0000001380)='/', 0x1}, {&(0x7f0000001480)="9537", 0x2}], 0x3, 0x4)
r2 = memfd_create(&(0x7f0000000080), 0x0)
splice(r0, 0x0, r2, 0x0, 0x408cd, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={&(0x7f0000000040)="2eb1c25f80c5e6", 0x0, 0x0, 0x0, 0x6, 0x1}, 0x38)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x14, 0x16, 0xa01, 0x70bd29, 0x0, {0x2}}, 0x14}}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1, <r5=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f00000002c0)=r0}, 0x20)
vmsplice(r5, &(0x7f0000000680)=[{&(0x7f0000000340)="fdda8549ec8bdc956a502145b0a60829f9534d6cc96b89025362cece334e11abcb8d7f5919beb968bbcddf981f5749a94b57f257d959b839b8bc8cb7d91108c957930583f851c5a2827be347f99e89cf772dee326a497a55649162bab5d3494af463ea2164fbcdab841fd7c206b7ac8b5bf7deb3b2b957c01754e1e4b4603f5abe0512b485fbc9a044ab37b991c454a905e2093fcfb54cf3ec24e1f7ce919aeb134175c5e618923c3aec448064af00ff22ec8ab88ade3f6e8668801f877cc835c441cdb34a65fcbbb61e245df8ad097be69a38d10cd178c73773cc70c3117d87280cd63c3e7be72cea089dcc0f18b6f87b3704894acc95", 0xf7}, {&(0x7f0000000440)="0b43aedb6e1816349f7ffd866438ff8c7dad78485d776ee7ad8cde9d850a4a1265a767fe8f5a9d24e380cac774df51c1f0975e52a1c89d9736b340065f0ff02c6c9666c2a28584587dc6e6031da55b797833f60652a6d40a7c56c9baaf08c195633d1040f574752a633b0ed1d29e15c2f42c5c042d5df47060b07edd65d21272da46a207", 0x84}, {&(0x7f0000000500)}, {&(0x7f0000000540)="e000539cfed81911f197a26c629e5e2a31fa3c463954ac", 0x17}, {&(0x7f0000000580)="18579a37c5953e14c311f2d852f187ce6f2afd1807728ccc1f7a999ab0131a560e6676fd13ddf5d13c5723adee7176761adc2fc5a9f30052d4b0d4d12c91dccd3821c34380d3f4", 0x47}, {&(0x7f0000000600)="77cf409cbe5d850ac914f040b16ab71a3d67b09328c98a170889f754dcddaf04dd8b6aea4da3c90589aef075db00a2e344909c829b6dea814a73d5941622fd3fbc10908790c0097cc331ae8764a528c4795e4cf34f25a63d6c6b58b0c08e12b12935e73c4c8878279e5383cf", 0x6c}], 0x6, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000038000000030a01020000000000000000010000000900030073797a32000000000a00070072527574650000000900010073797a300000000094000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000005800048054000180090001007866726d0000000044000280050003000100000005000300020000000500030000000000080001400000000a08000440000000000800024000000002"], 0x114}}, 0x0)

2m32.265501209s ago: executing program 8 (id=2004):
socket$inet6(0xa, 0x6, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200ff11000000000e1208000f0100810401a80016ea1f0008400304000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x8000)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r8, 0x40345410, &(0x7f00000083c0)={{0x1}})
socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = openat$cgroup_pressure(r2, &(0x7f0000000040)='cpu.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r9, &(0x7f00000000c0)={'some', 0x20, 0x6}, 0x2f)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000ec0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000e80), 0x13f}}, 0x20)

2m30.774429574s ago: executing program 8 (id=2007):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x0, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x4, 0x200008, 0x8, 0x20000}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r0], 0x4c}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2m30.02179192s ago: executing program 8 (id=2008):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x3, 0x0, r0, 0xfff, '\x00', 0x0, r0, 0x3, 0x2, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bond_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001100050000000000feffffff07000000", @ANYRES32=r4], 0x44}, 0x1, 0x0, 0x0, 0x4008040}, 0x1040)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r0, 0x1e, &(0x7f0000000140)={r1}, 0x1)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='ufs\x00', 0x0, &(0x7f0000000080)='\fL\x00\xe7DW\xa0t\a\xb5\xf4\x0fS\xd6TF\x19\x9cQ)\x84R\x00\xa1\xb1\x0f\xee')

2m29.834181202s ago: executing program 5 (id=2011):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffe3}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x14, 0x2, [@TCA_CODEL_TARGET={0x8}, @TCA_CODEL_LIMIT={0x8}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0) (async)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) (async)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}) (async, rerun: 64)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 32)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r6 = add_key$user(&(0x7f0000000a40), &(0x7f0000000080)={'syz', 0x2}, &(0x7f0000000a80)='X', 0x1, 0xfffffffffffffffe) (async, rerun: 32)
r7 = add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000480)='.', 0x1, 0xfffffffffffffffd) (rerun: 32)
r8 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xf1, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f00000000c0)={r6, r8, r7}, &(0x7f00000001c0)=""/241, 0xf1, &(0x7f0000000000)={&(0x7f0000000140)={'rmd160\x00'}}) (async, rerun: 32)
ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) (async, rerun: 32)
socket$nl_route(0x10, 0x3, 0x0) (async)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

2m29.812199344s ago: executing program 8 (id=2012):
io_uring_setup(0x1729, &(0x7f0000000280)={0x0, 0xeac5, 0x800, 0x400003, 0xc9})
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x1, 0x1, @thr={&(0x7f0000000000)="124308ed468d03eea9f828fec57deb1c780d5bd7bfb4b575eb1d7b94f5ee44c3b39ae5585c5c", &(0x7f0000000300)="a631dfda608e4c84fc7f56d692127ace5ba9c8da0453eb6ddfe3935847305394ed960b4fc366126485ff3d1ce72dc891898fe7c5c4117f921876d1338f56183f965b30a04a2c32b6581fafec7a9a6f"}}, &(0x7f0000000200))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="58010000100011050000000000000000fe8000000000000000000000000000bb0000000000000000000000000000000100"/62, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000320000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000069a484107a148a814eaaf052426b848400000000000025bd7000000000000a000000af0000000000000048000200656362286369706865725f6e756c6c2900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200017000100000000000000000000008beca5d471f56a19d7c940fd8c3054aa005cf70bbe0c618dbbb6c060ddc8026554312f611f63be7d7f84b25abb988730994d213fd89b117378272039912a68202881d4dd66f5de1f2985c4374d4c84abdd76e712526e53d25ed577186890f6ff557f0b504d414696e6ea0cfded1c2291280b517da9051f8d44b33aeac1f2c4cea45ecf2346ea8f7f9436081fdc2291f52de7182708caae63bac0ef49e47d6ca941e09f072cc98341666a8bbd"], 0x158}}, 0x0)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r4, 0x29, 0x4b, &(0x7f00000001c0)=0x9, 0x4)
connect$inet6(r4, &(0x7f0000000300)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
setsockopt$inet6_int(r4, 0x29, 0xd1, &(0x7f0000000080), 0x4)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
r5 = syz_io_uring_setup(0x3aec, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86})
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
ioctl$TIOCPKT(r8, 0x5420, &(0x7f00000004c0)=0xcf5)
ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
r9 = syz_open_pts(r8, 0x0)
r10 = dup3(r9, r8, 0x80000)
ioctl$TCSETSW2(r10, 0x5437, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='vnet_tx_trigger\x00', r10, 0x0, 0xe2}, 0x18)
socket$inet6_sctp(0xa, 0x1, 0x84)
io_uring_enter(r5, 0x7a98, 0x0, 0x0, 0x0, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000170000004800068008000600030000003c00040067636d286165732900000000000000000000000000000000040000000000000014000026c055975ef026ebafa517906c590a3b577eefd465"], 0x5c}}, 0x4000004)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="a00000000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c000180140003000000000000000000000200000000000014000400fe8000000000000000000000000000aa0c0002800500010000000000080007400000000004000e80080008"], 0xa0}, 0x1, 0xfffff000}, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x111080, 0x0)
syz_io_uring_setup(0x36b, &(0x7f0000000140)={0x0, 0x0, 0x2, 0x0, 0x1}, &(0x7f0000000480), &(0x7f0000000500))

2m29.059274277s ago: executing program 5 (id=2017):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
socket$packet(0x11, 0x2, 0x300)
socket$inet(0x2, 0x3, 0x5)
openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/smackfs/cipso\x00', 0x2, 0x0)
socket(0x2, 0x80805, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xd, 0x37, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sock_ops=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380))
creat(&(0x7f00000056c0)='./file0\x00', 0x0)
socket$inet6(0x10, 0x2, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x21, 0x2, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
userfaultfd(0x1)
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0], 0x20)

2m28.898930644s ago: executing program 5 (id=2018):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
process_mrelease(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000038c0), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000001440)={'\x00', 0x2})
ioctl$TUNSETOFFLOAD(r3, 0x400454c9, 0x9)
ioctl$KVM_CREATE_IRQCHIP(r3, 0x800454dd)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r4 = signalfd4(0xffffffffffffffff, &(0x7f00000004c0), 0x8, 0x0)
r5 = io_uring_setup(0x3e76, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2000004})
dup2(r4, r5)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x2, 0x80000)
fanotify_mark(r7, 0x105, 0x8001022, r6, 0x0)
read$FUSE(r7, &(0x7f00000002c0)={0x2020}, 0x2020)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r8, 0x8914, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x100)

2m28.063471626s ago: executing program 8 (id=2022):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001580)={0x14, 0x25, 0x1, 0x70bd2c, 0x25dfdbff, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x40080c0}, 0x24000100)

2m27.088375294s ago: executing program 5 (id=2026):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x20000400)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001580)={0x14, 0x25, 0x1, 0x70bd2c, 0x25dfdbff, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x40080c0}, 0x24000100)

2m12.78939798s ago: executing program 36 (id=2022):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001580)={0x14, 0x25, 0x1, 0x70bd2c, 0x25dfdbff, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x40080c0}, 0x24000100)

2m11.959557632s ago: executing program 37 (id=2026):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x20000400)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001580)={0x14, 0x25, 0x1, 0x70bd2c, 0x25dfdbff, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x40080c0}, 0x24000100)

2m4.083258423s ago: executing program 7 (id=2117):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$MSR(0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f00000000c0)=0x2000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0)
syz_io_uring_complete(0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[@ANYRES64=r1], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r2}, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0))
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0xfffffffffffffcea)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x208, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020}, 0x2020)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x400c0)
setreuid(0x0, 0xee00)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f00000005c0)="58000000140019234083598082e59a49e8aefc0b45ff810500000000070058000b480400945f640094272d7061d328b92d000000004c8537db9600f854c8a4487c752f", 0x43}], 0x1)

2m3.109993109s ago: executing program 7 (id=2120):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x3)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, 0x0, 0x5000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x3}, 0x6e)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$GIO_UNIMAP(r5, 0x4b66, &(0x7f00000000c0)={0x0, &(0x7f0000000080)})

2m1.88021849s ago: executing program 7 (id=2126):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r3=>0x0})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
getpeername(r2, &(0x7f0000000340)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, &(0x7f00000001c0)=0x80)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000480)={0x0, <r6=>0x0})
prlimit64(r6, 0xc, &(0x7f0000000140)={0x3, 0x83d8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r10 = syz_io_uring_setup(0x117, &(0x7f0000000100), &(0x7f0000000280)=<r11=>0x0, &(0x7f0000000200))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
io_uring_enter(r10, 0x47f6, 0x0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(r5, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)=ANY=[], 0x34}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_POWER_SAVE(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)={0x48, r4, 0x300, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x2f}}}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x41)
r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x1, 0x7, 0x2261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r12, &(0x7f0000000400), 0x0}, 0x20)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000900)=ANY=[@ANYBLOB="e00100000d0a010400000000000000000a000007900103808c01008004000180280102800c00028008000180fffffffbff000100dcda4a889f5dc662c2709e7725be9904a0ca60486725c7a904f37925e2f54c4c06e9656ffe66c794cb3b1d9d2d284864176bf1e724021b5828670187a9a6b4e8eefdd8f49a35c4ceddd4b439461c1189ad169a0d131355febad46c659bb3cf6783454e53ad6abb085710ed436c6e6f3806d9a30f6c5eb9e3ca7ae83e99d90266c3fab75769d3a3b47481facb16b4ae7380782d07926444c6a4905e0b46c73c3327ef5eba8c07dd15330ed79107f2fba34806d443c6a98c41ebb6daacc65a0d4ba4868aa529ec3634d829e1c1d53e5f92af17d90e06ee8cb974ba36cc04ffb42437aa31dfe00288b6ac36395fd8bcc7e617c51a346768de914d3c4200180002800900020073797a3000000000080003400000000214000a800c00028108000180fffffffe04000100140007800a000100696e6e657200000004000280140007800a000100696e6e6572000000040002800c0004400000000000005f2e08000340000000000900090073797a32000000000900010073797a31000000000900020073797a30000000000900010073797a31000000000900020073797a31000000000900020073797a3100000000"], 0x1e0}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)

2m0.103281741s ago: executing program 7 (id=2130):
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) (async)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x8099, &(0x7f00000006c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@default_permissions}]}})
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r0, 0x0, 0x0)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB='/'], 0x2)
mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0xa6d214, 0x0) (async)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8801)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
read$FUSE(r1, &(0x7f00000021c0)={0x2020}, 0x2020)

1m59.859161939s ago: executing program 7 (id=2133):
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000300)={'lo\x00', &(0x7f00000001c0)=@ethtool_rxfh_indir={0x39, 0x9, [0x9aa, 0x9, 0xffff, 0xe, 0xaf, 0x8000, 0x7, 0x7, 0xfffffffe]}})
connect$unix(r4, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRESOCT, @ANYBLOB="00000000000000002800128009000100626f6e640000000018000280140008800800030001"], 0x48}}, 0x800)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)

1m55.795395292s ago: executing program 7 (id=2145):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x80000400000bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/wireless\x00')
preadv(r1, &(0x7f0000000100)=[{&(0x7f0000000280)=""/254, 0xfe}], 0x1, 0x1fc, 0x0)
renameat2(r1, &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1)
futex(&(0x7f0000000000), 0x8c, 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xc, &(0x7f0000000080), 0x4)
r3 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
sendmsg$key(r2, 0x0, 0x20000000)
syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
pselect6(0x40, &(0x7f0000000000)={0x9}, 0x0, 0x0, 0x0, 0x0)

1m55.238912327s ago: executing program 38 (id=2145):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x80000400000bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/wireless\x00')
preadv(r1, &(0x7f0000000100)=[{&(0x7f0000000280)=""/254, 0xfe}], 0x1, 0x1fc, 0x0)
renameat2(r1, &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1)
futex(&(0x7f0000000000), 0x8c, 0x1, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xc, &(0x7f0000000080), 0x4)
r3 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
sendmsg$key(r2, 0x0, 0x20000000)
syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
pselect6(0x40, &(0x7f0000000000)={0x9}, 0x0, 0x0, 0x0, 0x0)

21.035730274s ago: executing program 9 (id=2440):
capset(0x0, &(0x7f0000000280))
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x181041, 0x0)
fchown(r0, 0xee01, 0x0)

20.89567469s ago: executing program 9 (id=2442):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000001200)={0x1d, r1}, 0x18)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000000)={0x28, 0x3, r3, 0x0, &(0x7f0000fb3000/0xf000)=nil, 0xf000})
r4 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_ADD_RULE(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[@ANYBLOB="20040000f303000127bd7000ffdbdf25060000000100000005000000020000004df4ffff00020000c896b5200700000003000000050000000700000004000000f80400000600000003000000fbffffff5f0e170f060000000400000006000000ff0000000900000006000000000000000800000004000000080000005b0000000000000000000000ac6f000008000000010000009c5e415c04000000050000000400000006000000070000008bc10000040000008100000005000000080000000000000000000000810000000000a9000f00000008000000030000004000000000000000050000000500000002000000060000000600000000000000090000000600000001000000080000000900000003000000faffffff0100000006000000020000000600000004000000050000009900000008000000fa0100000002000001000000008000000c000000030000000300000002000000040000000300000006000000020000000c000000000000000000000008490000700d000009000000ef070000090000000800000006000000090000000b00000000000080010000000d000000020000000b0000000080ffff0a0000000e0000000000000006000000090000006a5cffff000000000004000002000000ef06000005000000f8ffffff0200000006000000ff0700003e000000ffffffff8100000004000000000000800100000002000000cf0000000600000003000000030000000700000009000000050000000104000009000000090000000600000000000080080000000900000019000000040000005200000008150000030000000500000006000000010000800e000000020000000200000002000000020000000800000007000000ff0900000300000000000000050000004000000002000000050000008100000009000000030000000f00000001000000b00800003d8f00008f670000ff0700000d000000000000006407000003000000010400000df200000007000000040000000800000003000000040000000100000029aa0000ffffffff020000008070000002000000300000000900000004000000ff01000001000000b86dcf9bd9f9812374fe0d070000000000000002000000b1a50000ff0700000300000009000000040000000b0000000c0000000d000000070000000100000001008000030000000200000007000000a2010000000000000d00000000000000ccb900000500000009000000080000000700000003000000de0000003500000000000000a800000004000000010000000f0000000f00000088480000080000000f00000009000000370d00000000000015193a280300000000000000070000000000000004000000a60600000900000003000000ea0900000100000003000000030000000900000005000000580000000900000004000000fbffffff000000000d000000000000000900000007"], 0x420}, 0x1, 0x0, 0x0, 0x44000}, 0x80)
r5 = syz_io_uring_setup(0x5026, &(0x7f0000000240)={0x0, 0xaba5, 0x8, 0x1, 0x24f}, 0x0, &(0x7f0000000140))
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x20004050, &(0x7f0000000440)={0x11, 0x18, 0x0, 0x1, 0xfc, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x14}}, 0x14)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f00000001c0)={&(0x7f0000001000)={[{0x0, 0x0, 0x1}]}, 0x1, 0x1}, 0x1)
syz_io_uring_setup(0x48fb, &(0x7f0000000080)={0x0, 0x8cf9, 0x400, 0x2, 0x11c, 0x0, r5}, &(0x7f0000000000), &(0x7f0000000100))
r6 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r6, 0xc0045516, &(0x7f0000000000)=0xffb)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea", @ANYRES8], 0x0)
read$char_usb(0xffffffffffffffff, 0x0, 0x0)
ioctl$IOMMU_IOAS_COPY(r2, 0x3b83, &(0x7f00000015c0)={0x28, 0x5, r3, r3, 0xa92, 0x910a0000, 0x3fff})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000240)={0x48, 0x5, r3})
futex(&(0x7f0000000340), 0x4, 0x2, &(0x7f0000000380)={0x77359400}, &(0x7f00000003c0)=0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x76}, [@call={0x27}]}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f)
bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close(r7)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000004008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

17.309819662s ago: executing program 9 (id=2455):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendmmsg$inet6(r0, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="8252", 0x2}], 0x1}}], 0x1, 0x4400c800)
sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x0, 0x0, 0xfffffffffffffdfd)
syz_clone(0x6a02f080, 0x0, 0xfffffffffffffda4, 0x0, 0x0, 0x0)
syz_clone(0x50004880, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000000))
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
close_range(0xffffffffffffffff, r3, 0x0)

8.377716237s ago: executing program 9 (id=2475):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
setxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)=@known='security.apparmor\x00', &(0x7f0000000240)='/dev/ttyS3\x00', 0xb, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x400280, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000900)=ANY=[@ANYRES8=r1, @ANYRES32=r1], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r5}, 0x10)
r6 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00')
preadv(r6, &(0x7f0000000280)=[{&(0x7f0000000000)=""/142, 0x8e}], 0x1, 0x0, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x5453, 0x0)
sendto(0xffffffffffffffff, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)=0x40000)

8.255116063s ago: executing program 3 (id=2476):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
timer_create(0x5, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
pwritev(r3, &(0x7f0000000600)=[{&(0x7f0000000240)="02000000", 0x4}, {0x0}], 0x2, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
mlock2(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x0)
syz_open_procfs$pagemap(0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x11, &(0x7f0000000280)=ANY=[@ANYBLOB="dd3cfcff04000000db895000f0ffff0400120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000850000006c000000af3af0fff0ffffff773320000800000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000183200000300"/48], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x1f, 0x19, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x81}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, @void, @value}, 0x94)

7.267026342s ago: executing program 9 (id=2479):
socket$inet6(0xa, 0x6, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200ff11000000000e1208000f0100810401a80016ea1f0008400304000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000083c0)={{0x1}})
readv(0xffffffffffffffff, &(0x7f0000000200), 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = openat$cgroup_pressure(r2, &(0x7f0000000040)='cpu.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r6, &(0x7f00000000c0)={'some', 0x20, 0x6}, 0x2f)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000ec0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000e80), 0x13f}}, 0x20)

7.169069116s ago: executing program 6 (id=2481):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000600)="18607651149d7b07b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda92df39ed4b4")
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x300, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="20010000", @ANYRES16=r1, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r4, @ANYBLOB="47000e00800000000802110000000802110000015050505050500000000000000000000064000000000602020202020204060000000000000602000025030034003c040106b80400080026006c09000008000c006400000008000d0000000000a2000f00019c"], 0x120}, 0x1, 0x0, 0x0, 0x90}, 0x0)

6.698440296s ago: executing program 0 (id=2483):
setreuid(0xee01, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x2, 0x0)
r1 = geteuid()
quotactl_fd$Q_GETQUOTA(r0, 0xffffffff80000702, r1, &(0x7f0000000000))
r2 = syz_io_uring_setup(0x24f8, &(0x7f0000000380)={0x0, 0xc3ef, 0x2, 0x0, 0x2fc}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
r5 = socket$inet6_dccp(0xa, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000280)={0x1, 0x66c, 0x0, 'queue1\x00'})
write$sndseq(0xffffffffffffffff, &(0x7f0000000000), 0x0)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0xfffffffc, @local, 0x1}, 0x1c)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x822065e4d3672b66, 0x0, r5, 0x0, 0x0})
io_uring_enter(r2, 0x5b43, 0x0, 0x0, 0x0, 0x0)
setsockopt$sock_int(r5, 0x1, 0x7, &(0x7f0000000740), 0x4)
chdir(&(0x7f0000001d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r7 = socket$nl_route(0x10, 0x3, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x20000010}, 0x0)
r8 = getuid()
setfsuid(r8)
faccessat2(0xffffffffffffffff, 0x0, 0x0, 0x0)

4.916915793s ago: executing program 3 (id=2484):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r1)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0)
r3 = getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000940)={0x0, 0xa, &(0x7f0000000100)=[{&(0x7f0000000200)="d800000010008104687da3aa7143a0b8c81d080b25000000e8fe55a118001500060014000000001208000a0043000000a80016000400014006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4260000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c0aaa16b8ddc64193071e9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd", 0xd8}], 0x1}, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)

4.387618187s ago: executing program 6 (id=2485):
syz_emit_ethernet(0x2a, &(0x7f00000002c0)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x22}}, @address_request={0x11, 0x0, 0x0, 0x1}}}}}, 0x0) (fail_nth: 4)

4.119884322s ago: executing program 1 (id=2486):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x6, 0x40)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000400)={0x43f, 0x0, 0x2, 0x2, &(0x7f0000000240)})
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0600008000005c00000000000081", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/28], 0x48)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00'})
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000001a1401"], 0x20}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
iopl(0x3)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000080)="00faff0f0001eeff7f6faf9a1e4d", 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.612562399s ago: executing program 0 (id=2487):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x14, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x1}, {0x8, 0x2}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x5}}}]}, 0x48}}, 0x0)

3.419291777s ago: executing program 6 (id=2488):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r2, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
recvmsg(r4, 0x0, 0x1f00)
sendmsg$tipc(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r5)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003cc0)=[{0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0, 0x240480c5}, {0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000580)="b24f69bbd30a2781b4f87d6e82aad2449467b8d6bbf069d7e50783eee51f6a5eb8ba4b15b376805d1e31de013d9ed50b6406e6b642", 0x35}, {&(0x7f00000005c0)="dec05b93efadac5bb25d42474ab797cba58860270cd3a4ddd05f576c1f67391b90fef76aacb4e28fa3afcfd7eaaa2523c2f1995149c7d6e37059d6c1239abdbf873ea454756e9321f8294f09eb5ca2eb7cc6efbc28b8fe561e676b8adf8d8f4f945f6a1a004b7eacccee883356c6632efd2cfd4be54d2564081c84962dac63430e6d0682a7eb50eb4e2a5a7b6f928b38cd", 0x91}], 0x2, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}, @iv={0x28, 0x117, 0x2, 0xf, "e1355fff445fb67ebc8b2b8cdab8bb"}, @assoc={0x18, 0x117, 0x4, 0x1}], 0x58}, {0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000740)="345acf23a24c3341d9b2b03fd50f51b4ea417cdad1a9d3317d111baa91d053102a755edf1d44c217ce3ab9752b43dfb6cd4caae51d1322c6228b1022fda35eee3077059e760b8ebfe04dce1706ce375bf960bcbf2e2735afbb8974fc56e48ee1a11dec01a775263ab9a43f5d0d16e925a851da50934c16be2b0269729e4e6367fd9a2689b4bb5aa8fef9549976035f136100ce3dc471988b9955fed100d0a57b966bb67d844f930af3819c2f1e0ee8f3d22cdaaf3d07c7f05c5e2a8b0872c63838ff59d65a718c2389255560a88e9ed47ad6dc4c0824c8d614ceaa5cb0cb17", 0xdf}, {&(0x7f0000000840)="b541e2eabc141b2203f01ed98d888c8919f467bbd33cd9dd2bde94f83840d496889bdeeefb298fc60cbe8dc1b4787a096cf24950a55365298b790d93a12c9431c79aa7cca7ad50604a2a1a7d3e7b1b427737225e788cc71db2ff988da9233c2ba3eca76813636d513e20c2829abb8cc95d6419840504fcef40d7e40efbcb93821ac6a9bc876b620af32fd0610c0f969a9b5a8352", 0x94}, {&(0x7f0000001a40)="205c1519fd80c10aafd5c835b3b77477e64e7e2514cec1862f7928c75291660d04e00bdbc638f2f2225c622c721ef43df797451bb76770211ecbde8958f371db53d9094f86470483d124455bf2ea57940c2d0175b298e9fa2998aa2022477093e2fb1684434b5d5bb97a30c176b8eacf3d1eb3480c6e0233728371699be81232828d8dcfab69dc1decf334f5b2397f09c8665e355a5b663e0194d4812b136032ab4ba3eb3a25f786e710ee9935a090a18f8407e89f1fd9fa358c65c8eb49ea2ca02b628c2f5f74da1a87d7eda01a", 0xce}, {&(0x7f0000000900)="f76abba2a40c8f79bb5f2d0b1c340596c9279e7d61ce165cecffb04dc5deb7ad2e15e635c3e60c105deb6f7cee057c7eb5840023713685f579b89f466a16a588958859f9b44d0eb595f2db5779d90087084c2284", 0x54}, {&(0x7f0000000980)}, {&(0x7f0000001bc0)="50d919968420b34d667aca4669e87c7219e357ad5e2af63fa15a02513fcd0e1e84ed88046eeaef08c0fda5dc94cfb1ac9cb89e3c08f89c313bbca396dd33536ed1fb93936597d7ef450e4f9d86870cf431890ea0ce62341813620bb55f4ceb34d3ff56cb6eaf766f5084ff650d2f904a3c19b7ecfdf40eee92c0dcf4e1e3328b62f3e378a318149a4d2935acfb125457e953f6dcd8824e355056a02a0842263ca988625817d4ab05b8172a3e65c7a8d0023f9e8c79fc2c9b1617d3323357882e15021df079b2a13c5beebbe6", 0xcc}, {&(0x7f0000001cc0)="cbcebc408fc895f0e774395b0e61f4b300f4d5deb5b56d748b4711ce84e471e1c34f36b92fa32867a3c69c1b62cd7130cae4a0fab6a02b26566b49e628fca87ca4e01f9aa0c5fd487aa0f7e0d84a49f4573852d649cfbb8c23b1bf4e4048d7132ad6eb5daa223ac87961b36e812f6dd80033e4bc220d2d3ef723261337a20b35c92069e48dbdfe41f7118d7ee37f829e90377ce769594892f58fcb4cdbf27d00344141028a3df220", 0xa8}, {&(0x7f0000001b40)="9731e79bbd60f6a6f5d4d8f12803a1cb40e5bc474267e6be5a217a37ec95c66189675846b53f910e4b7cc4e870e86bf1e742b98c49", 0x35}, {&(0x7f0000001d80)}, {&(0x7f0000001e40)="42ae1c2af460849cdf54f939dfd412802fe5d069d43c6d3520d886a23aff69ae704ca772dcd3e8ccfbf4b8748e2a46944f883450921d8ca8019c8421c94670752dfbe1ddb0142b019948591995e2fecd742264c045621d190fb513627952c0b8512632a415fe0fef653ae7c99fae19dff801844b76a6468ea5c01c0d3394d00c03148af8f0670f8670db664fb64db16eb6ef65da1825fd6fb9b72437b432b2c57e", 0xa1}], 0xa, &(0x7f0000001fc0)=[@assoc={0x18, 0x117, 0x4, 0xf}, @op={0x18}, @iv={0xd0, 0x117, 0x2, 0xbb, "0d7179f169cb4e2559d0c35a6974e6681c7b61b62bc1c988686724a3490f39966c3d8e2854577e3dd40015738d9f98131fe675b845562df5cdaa39993496753da686501950fd3816b1c4b8a53cdac566f7eaec9f53b41e32c0532c0a4ad8fa02217339f49fd36664bb2b72707f7369ab3da75c944b314399da9a7b3ed6b7f02b0b6c458ad47d04294ed9d57c47070fbffa4937bf22f97e918df57264b009086272ee914f985199c48fd9015e10bdd2c22de31fc290224fab43d0d1"}, @iv={0xa0, 0x117, 0x2, 0x89, "26a296b990311bfde145b1219de392d6aceab21495c181e47d668811dd5ee6bcd04b492355d7de181dac9ef0a87d84f49c78fae40814fe89540d3cdf695ad500f4e60f6bf4283b48e912dab662c99c8ef49ccedcb9f1152a48438ba11af3e4bf609bfdbcb09bce3d7e5992029ddb5f35d54cef5046c53f9f591833b6e7d5e0ccc4b6f427d0a66c0640"}, @iv={0xe8, 0x117, 0x2, 0xd2, "873e02aa5ba935353c37ad3e0c4fed9cc40f06595474bb9f07e76985618ebe868e73cfac4938f90c8d6bc5a22af900e1656a2bac5a5ad150f5cfcd23eed3d45b12e8372011dbd61ac642b22501d57b0f7bb0b6800ca2bb13930bc57a86456a018ef69e58eaa63e246d24fa9a6013fbcba4813300bd0ec0cfd7bc23e8f39ce966ef43599ac4fa7ad6933916f1fac4841735528ffe10e4b8abc091d3e2a170da7d0dff9bc84ccd6ecc7d24a7c36dbbfedb115401a08c84ddf87b0e0fc4e9a32f20a7876eaad675460c4e38b8a3c9ffed17fc4e"}], 0x288, 0x490d5}, {0x0, 0x0, &(0x7f0000003500)=[{&(0x7f0000002280)="3abbb103832cd86e22c707156eeb468d09531fb322ffe4505deffa0f1cd59a9e008b5c070ecfaa5710aa7722d5b62ae661d16fd1ec85310896c8093be9d8604e630ca999a23f6c8e81fe7d4b92cf1317a722c59ace286d08f28726dea662f52617ff5964e9ba7ab7ea4117ad6bf8410ec8b13d86ceb250b4d9", 0x79}, {&(0x7f0000002300)="cb239addf7d389b6c6d2837a3f0d2c70a719a30c011b56fd826fdbc01edf6f64070a854e53986265cbd040cb1e4512894748a3dba43f2361d813d48b8715620eb6de1d061e16e8369d6e190f99e4162e83ab476d1bcbb95295bbb074accd29046467a6610a307d69c467e27feea938068701ef551c939a862b6c392216cf92e1bedbba919e1d9a3051cec2a82a87aaef2b6d144b028ec9eee3ed86ae6e17ae1781631481d6f366f96985c880df518cc8ecd6c6afc949cee8a829c38e167146", 0xbf}, {&(0x7f00000023c0)="51f824df2a02d48a61913d6b14f88c309da0eebc24dc508a144d5a45b4727263757f1ee8b3b5f23dfaf446f5328287db97325dc53d65b3d7573ec7f09a6b21269849f631369e148d39df28a83441f7c5302849bc76b3afc7b3e9e46aba86cb796a98dbcf3f44d156cbeda856ff8140dd244c9105bd643a46e0bc7cd5c61e2b035c36e66ab9a9a742146382256d4cb5f5028a2b18b14949983abe90cce4d33c447b1f2a3eb3adef7f21a0b70568eeffde3d3a9a2021782d487e17d27da749eb40acafe7ef753cf706ea4722b298dfaf2da738b645e007eb50a9d4fc2b273774086690591253b292120d2e36dcc1848cc76f62ba8e962ff8579cc5cf33c4f8f6c00ddde4c7635dc3e483c3d5af0ccc59930c50e6b6405048f8bf4cc332b178f9d9a9d75b9fc0a70829f93714625a235db8f17fd33d9bd5b4d68d57e441054e57227a98bdbacc4c345e2e68e93e136f224c0dfa1a660323244695cfa731e41e1958149334f25619f21c5535e862b64d56de9012bba16a0d6c3e5fbd75cf34a6e336033b4bea69a71fb5fecafd948231176d1224e823f0885cf7f7edec7be439704fd3f95eb4cf781bcd1379ccbd3d8beddf507c3b803c361cca3f407f276a6ff8842d90d3fd86ed486e149d5de507ef918f1b50ee0a514d4fcb92715c84c14ebdcc34c54e9f7c7e76055f43b81359abe3bc76815b1265e86d4287bafc60e126eb33297a9238f85a97dad68b6e083a4cf9e51529707f4d8fc9fd079a926790cba71324ab6d81e7921e0ba1e9d36e22dce50e24ac65248ea4948fd8674fc279dc86723ac8723937055a7d576ca97009f1241ed143e28ba27576f8ec45d930b4f2f5734431da4568d7ad86d7d23abb2a704fb7f8024f59cfa7a40769af7a9cd428b0cb5eaefa6f565c4b6733a6b2a852bc817b686100894f1d7f76f4c5bb9800a458b0b608561fc2041596d71f9621bddcfea0781cb6d4687e3fcfb7f8e48643080558782c4c7ac40e8de7b8e8967fa8ab4c1dd1be969061c033292b9172230332f3edc601baa8b4f890642f1497cad07644c0575fde00e8c617b0c4f0109de696ef5edba1bf0fc055678fe23ebf644ee004286dc39bb4b125a316f2a9081651268ca595fc19e6bb4496b444294d2b473ff84f4bdbf14e89d2e2c8df9e14faa597e54b9e7dbfb8d720b6a2bd0f43104705a3f6d4f45609692f5cf74227a06d68ffb132fbb60a45e86559f9bbc2f5e5fc0d8502c32be81b95b0d06dd29b05ec34234af88e54a11000d8d19d3f7d12d5c032e1a24b31ec96440a33d8bf17e7b7f7a9defb13261bcdd6847baededd04ce0722f066aad06f5942e74baa657e507b3fd6341233ac0f0cee5a9a94049f5a9ad39ae7956a33cdb688314ceca52eb7ca258ce150581da9ff38807631f32925f5551ba00612ae25aa3010f087521b8f7c0340c617b9b514ad7803932a2a90ad4d29d4753fdb1621fc45dc1fa6cf62662ad4476532b940c121a1f994b7b34f8e0f06e2b5a7f684076a340b102826a1ad0e7a040c2d159a7a6dccffd8420b98b16da588535cccfa9024a144633e5cb96f25363239cd70662d4f64000a3382b12fdbb961e5c65b6c3558d5b26261944e2a85b1a321aaad31adcfadb4bb7256a50928c819326ea5f47830b49567aa048e408cb146a41b6abe6a239b9f888b456888f0a91bc7b03ff5b2bd424c7c68f3b70eb8c1fc9535978516d731f06d227da03a7bec8f8e2c148305dfb4926203447e3c2ec38465454465a22412d398809358d60987a7074ab159a6f81db7f76af7aec12599adcb560e68cde7af45a6c8a6e93c4d5802e13e346f8a7d2cb8d24b220f16f1562e2cee6c2791e50ad3c4d88f65e20fd5216436f14fd122e2d423c04926739142fad07ba9b02cbb63c4703f3dbd6b7e84bec4638df39a6233e3b09c321c35980395e72ffd8c09507908d3467d1c1ebd063b5ba6900b1ade740716fcdc8bc7800146077ac37552f19d6c67a78be17971c5aaf26c859f8036a28f7d9b106aa0afbfad65d1eb64ac4f506b3824b9489e8791553d7810c1c7d353f897cab2e5d6f1f05a4ec3674a3b9a229c45382be89d0ac547ff596180a0ac87015d3fbd828c6e9f36871c80b69406b7852fa1815653fc60a426b17731fbe72f46ac58987a10cdb366a31a70cc267c7d9865d548fb7dc9488a1376277dc210cefaf00c46f7647c248c1415ea447c78d8c64cd7ea7ca9ea8b3ec496213ade191756bf6a074630089bb671bd539a4f0aa3580616e96e1cc8ace200e22ace5b5dcb544cc25bcd396fbf4ad67e18a1a11366c70edb2cdf695f6c79d5c3461e884f2d99afa2a9e346f2056b6e15e7512dbcd809bfca4c6a9bce63b6edfdfecadf87fcad958d4938f0f376d2d70707000d4c367ad28933c2d84637130931cb7b894e94b4a994de286dd5baca22addf3d102bd35d2b1a7ce1c09053d521a92f9ca2114d85fdda86566e4faee6f1ad8b0e4f4e604373b4e5c7aa5488d1a42d10f9e6489c1e2f342fc2e2054304bf916fe2549787b7d1f1c0206bb9e97b16e310228968c8fa01598d56b33ec6dec0abfb3e55f3013c1d6dac8172500bb2b92998f023300b3aca915527ab6d6ef18408fbc45ef1edb0d753c2de50b7afa2002217fa936cc19ac3fdc5ab94b57678390f4bf7b60ba3721cf2ab981a9171a0890aeea31ecdcb391230ea43d0c08d996741ead8049222f1713e088bf21b136aa25f64b9741091fbca08f1c0fcddc8333197ae2b85434b6cedd24ab4b775b23b3564fba2624030e71704a5695bdcdc1f4206bdd5cc025667fa26b1fce573111571b3b9fa1c8533ea5a07a54461c1d65a4fe41e818e3f7db52d88bc00c734f9a153774c0b45f1dedede841e86766a02eda28f91bd4937b3d443e87dce4a745a807dcf5236b5a88f1e8283d697115b13373e7d2d4cbdac050e322d422b607985c537212b9ceaddf45e7cdbf038ef128693ce3adf2df7dab63bdc4ce7a9230c1194a2fb39f7ac8e3799086fcdd3ab041d53bd71ef3e77100527700bf94374dd408aee618d0d088506947e63ea10143e1e85b5734f6b1bf7941810fdad942d5bff5130897cc9f11be9e25c798538938dd28528f6f9b3c318689712b3770d89a9c0c8165c650a885197982f48a0842476c088ba4e069cb6c9083fc344e40fc8c856b1e289254625f99c060aa409f7eeebdf7f2b5905e7b6f48ff3b4a7724012c478c4574eaffe098aed124276c1acf33e07d0a95b7759587c6cb0671247f7ccad7d0c1f6e0b1a0bddeb5d692111eaa4043f7d2e5c0d63628905bb38fe649728643034e16d1ad05d0b3202e9b983b17a0e5f7772c3307beb4b20681261a29b8d78e32ac0de34c67593f9e66f0b0fcaae6611d02611dd8e8e3345098ac990398c957f3436cd9379a73f0a0681fd61ad813abb0036ea9fe20009c123012ae45d6020f0d8af4e64729c27315eaa652459019c4c835a2b4edabadfcbc0351f57d6f04330d2a73ff08d1f85b22b95d85f0cc3ff21fad761531c162cc4b48adbe1bb1695174993a8f1256a82021b6fad87b4cf5661bdf3cd6129d848eb0e45122ffc12025582df8f1379f747f059fba5676f1edbf8aa5b0679354255f7dae58d2b7822a67a3c35a4fdda9a896484b40c7ca3d3a8cdbf13dd43d71d6245e6831a1df75eb51ab130e75629e8957460c3de43c658ffbf801900efa80fdac05f8ba5b94be673afb2eebece766dc929ffed31e818058f6585ba529c7dfd29683ccfecda593f09e78ea0784893361e51c88c6160a295a0cdbdb2631a5126ac4e3d33c429c22607fff321628789bff5683dfef263d46fe6b4bf128e7b5b4d52620dab920f48661230ef7f9423fa69f178d32f03f202da0e96ed44977d679e25ad23378f1bd4e9038a105b646e5ca11cc0421775ebf5fa341bccbde2140d1cfe9a12191d42b510cfa791476f965344c12a4787ca4bc38ae4877d78d843d6925fdf020d73b3f118dfa30e06c1110287d9ed272385114fefe22f348a3b41b3a3a3c827c8981b456b2a5aaf49382368d1ba694f8a8d110ce23e35450b35cf0c1e78892807351f558bd1c317cec9fff833fded02d64c52ad89ed44580d661827f2d97990123429b4c6839b84f3c66da75be986d15de0d77e5d7f8615ebaddcaa1d3cda8ac7f1f88906c6d4af2bcd33775c58ae38f6b775a3d1857e72b652dd72d5e05e7b9fa08df04d5211759e4655f1ef4638d119ba5cbeae77e356005d23b22daefa039cbf3d7e985a43cdbad81024a7a92c2f21983c9c0ea403c0fbfb476f65633fc26dfcd24b16ea0ccb1b2155b0344e5d45783d7744515d5202bd964a503210816066dea13b07bab72fbd6966635c448b74da6c7f76f03ad97b705add272e4b8e7702044027e5062bc2dd7c60ac36a5be38d5504deb9bcde74d7caa61fbb1bcc8ae61ba89240e37c014d51eafc6540ed184ce6fa53e30837b1f1d48fe414d2bd7d28f01c57453032a79fd0b40b2b1565e2e9c8ed7fd5d9343ae61379e8b0aa0d009eb7bd736347830b7fd42d7c540919c9d690ab75188c646eeaf1a7643521db83addaf025c1781386d3085c84a3bfee04bac87b9927fb2d8ccc83ac4531a578207bef3139cc8960683cf48f159d07f778764fd61d21f6618f530d52937d1f6e660f34a5b62a40e97252282850665cea03eb4d0d14132caaa1f59977da202965b09d78785dd57824cd296e090b342abe4b16459e17c499ea7fcc73ad104880a68c203f640687a7b4a35dfdeb67e43ef8da6ededfa3a5c01d3e8a5f1897daad1b7d75517055eba435e2fbc13fda6bcdb034f79ac7e140996b539ed18f541263311def88260bd1dd49281e02e4a861a3a52fb57a151b5578238b5b53fbfe456797d26c6b8d44327b7438ce685a06f4573ef5b97fd87b97569bd3beccc4ef53dc9baa4d3886042224cdd15b7ae13a9403f1f8e87305c8b495cda45d349acba24b48ff280d63c7f161b37cc9236e21f3da029e0e79672711b4eabf131abf30e96ab0a3e785d866898f31543c3644c868f802edc1769ee2ce723814d77fff55ae7c34940df41c01e9444404865af886de83b6875c3344634543ad94d2fb992be623dae8171a1d879d68d6b62d4d85f79adb439895b3f934f0d7d3b4630264e1ce183b1fba2bf39112568ccef0afba1bdcb08162f15cd5c57bb0d461cc506632fb73e3c6a2d1ae885cec1c572a3537b5186b2a8ec4b77f851f8f74f02dbbd5579d1a9b2550098c936bb8245153116ebf58914b1537614a370100f05bf364880512b0d215116212296f1357d92599c92a3040e4e891478c690c69d6bfb5db6ef60d41811af8f4ca4af8f73d5d75114fc5e1182e22c8158d39a1359c9990431c1edbf0daa155bbfcca6e94b05a933087133a03348734930ae0f2edee2c45e39a89ea348ba0c8c19c505ad1f90b1d33f4a3059c80ff6c898d440d16d1008832a02a2c56b432768d7d00ecb5bbea9962113633ed9c5137ed273f7e0ef829c37fe0f307093142cd3b6a1375ea4a35dc8b52db3ea82c165cb74016cdcd0872686889da4542711edb79baab3d908dfdcfd56b9a6db9b", 0xf74}, {&(0x7f00000033c0)="5bd71cfca973d15b0cf49a7371e2e8dec3d6413ce9a50f61876564fb80fa6fe5e8bb8fcc0418ea5b093aa33e65493f42ee4b2bbdda49eb5c764df0548930aa0f48183e70053b0cebf533460083849eb09e702b96c1e2895adff21b5dbd10157733c3a0a68c9396b01c18edd50ef686e0bd9cd521fdd0ffeeb3560f9690151ce48a1c61429c886dbf8fd891650dee04b79577d0eb75dcedf008895d552fad1e1c195af15f7c0df98d047e76e5a8785e9edc7101d4c7d32e6cfa8b04c83663a67c699a8ab5e61a03ecf21912bd26a1646b7e0339bd04c62edbb45bfa0980200eb34d7c14021a17bd7e77de5aa10206", 0xee}, {&(0x7f00000034c0)="82017f62347969778c3ae18e082603bd4be5eb94c3", 0x15}], 0x5, &(0x7f0000003580)=[@op={0x18}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18}, @op={0x18}], 0x78, 0x4000}, {0x0, 0x0, &(0x7f0000003c00)=[{&(0x7f0000003600)="0052094ded03a7ea8a813337621f80f8c5bdd0dd57bc616e1f156aebcdba927fa92228e76babfd455bc790a9eb91c55ba8ee69dd872a8b387bcd6403c1249b17d7b0bbf223e404acf10b9b5aad5cec30aaf453f5a99d9b34b693685c422c0f90743e5e98ccc24b868dad", 0x6a}, {&(0x7f0000003800)="5f5374a74de21fb38e588d97fdd2e62f9b4d992afab50bd1d02c7b1de550f627f98253ee881cb21a9c20bb5b295bde5e4c5c42dc066378cdf2b03e7cbb30815930a5499844cf60d9421c35ba36914b04cc431d15a0e49d29fa310712a1087b451c5f377e31b990d61a92f05e233ac97f", 0x70}, {&(0x7f0000003880)="76c5c78424620a9b66d6fe97307ca94e107d3963546b64e0ade5392b602814cb312896773431315b586f572eb6daad4c182208d6b63cfa5aa8073db4d4f9c0f3ab4a0b6cfe8c75e2f6f0b6a1805dfa5a2b7d1ad8c4b0fc516f2632dd", 0x5c}, {0x0}, {&(0x7f00000039c0)="d1505f2614dc990301d323e4afed4ab02a47fd44f8a74a226ac9a74b1d9a22ed8d38cddafca60d5f69823221fed224d260ae6b07251b0fc4709cf7f103d320c62c8eebf05ee7cf107a391e27518db446266a67b728b70690ed281ffd11cf4238906184d1dd0ef9ed810706a8cb39bf8e7f7cefb75b3aa0100628ba9a1980b56df0ed6c1060a154769b71c50de9a6a327f4e16c02d0bca5ae23a0ba11f7a2adc45c9a53ab9e6b9146a153a3be0c7be67fe455d509e5396d5e845e63f97e23fab94a1a02bfbb2e92e5f1bad6d83c6533fdc7f6e51662eebdbc5e4e79d65665ef6f974fc70145d117f5565701eb0165a7ec50a92a4843eb5935dec7", 0xfa}, {&(0x7f0000003ac0)="f33c44a04646968bd68c25a079c4f8430824ca06a3218ba231c2e9fa29cda6389e75666244e31e0054d1a601c816038df9a086655b2b7e1979613de0c3b2d76b9616f3333af1873ddf", 0x49}, {&(0x7f0000003b40)="75693a0f1874046456891df77088", 0xe}], 0x7, 0x0, 0x0, 0x4000}], 0x5, 0x40000)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r6, 0x0, 0x0}, 0x20)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x9, 0x0, r7, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r8, &(0x7f0000000300), 0x20000000}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000300)={r8, &(0x7f0000000240), 0x0}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.events\x00', 0x26e1, 0x0)

3.4191318s ago: executing program 0 (id=2489):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x79, 0x8, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r0, &(0x7f00000004c0), &(0x7f0000000400)=@udp6=r1}, 0x3f)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000140)={r0}, 0x20)
r2 = msgget$private(0x0, 0x442)
msgsnd(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="01000000001b"], 0x4, 0x800)
msgsnd(r2, &(0x7f0000003540)=ANY=[@ANYBLOB="01"], 0xe8, 0x800)
msgrcv(r2, 0x0, 0x0, 0x1, 0x0)
r3 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000100)='/sys/fs/smackfs/mapped\x00', 0x2, 0x0)
writev(r3, &(0x7f0000000580)=[{&(0x7f00000000c0)='8', 0x1}, {&(0x7f00000004c0)='Af', 0x2}], 0x2)

3.260936968s ago: executing program 0 (id=2490):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0x1}, {0x8, 0x2}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0xff}}]}, 0x40}}, 0x0)

3.159671324s ago: executing program 3 (id=2491):
sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20044006}, 0x30000080)
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4800)
vmsplice(r1, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
write$binfmt_misc(r1, &(0x7f0000000280)="717f40b3d74f", 0x6)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000000), r2)
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
read$FUSE(r0, &(0x7f0000001080)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_WRITE(r0, &(0x7f0000000040)={0x18, 0x0, r5, {0x9}}, 0x18)
ioctl$SG_IO(r4, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffffffffffd, 0x0, 0x1, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0xfffffffd, 0x0, 0x2, 0x0})
sendmsg$NLBL_MGMT_C_ADDDEF(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000180)={0x44, r3, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @remote}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @ipv4={'\x00', '\xff\xff', @local}}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040014}, 0x4004000)

3.149950646s ago: executing program 1 (id=2492):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
socket$packet(0x11, 0x2, 0x300)
socket$inet(0x2, 0x3, 0x5)
openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/smackfs/cipso\x00', 0x2, 0x0)
socket(0x2, 0x80805, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xd, 0x37, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000400000000000000ff00000007426003080000008510000001000000950000000000000018400000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffffffff7b8af0ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sock_ops=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380))
creat(&(0x7f00000056c0)='./file0\x00', 0x0)
socket$inet6(0x10, 0x2, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x21, 0x2, 0x2)
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES64=r0], 0x20)

3.03544025s ago: executing program 0 (id=2493):
setreuid(0xee01, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x0, 0x2, 0x0)
r1 = geteuid()
quotactl_fd$Q_GETQUOTA(r0, 0xffffffff80000702, r1, &(0x7f0000000000))
syz_io_uring_setup(0x24f8, &(0x7f0000000380)={0x0, 0xc3ef, 0x2, 0x0, 0x2fc}, &(0x7f0000000340), &(0x7f0000000080))
r2 = socket$inet6_dccp(0xa, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000280)={0x1, 0x66c, 0x0, 'queue1\x00'})
write$sndseq(0xffffffffffffffff, &(0x7f0000000000), 0x0)
setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000000740), 0x4)
setfsuid(0x0)

2.940480292s ago: executing program 1 (id=2494):
r0 = open(&(0x7f0000000140)='./file1\x00', 0x60142, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}})
read$FUSE(r1, &(0x7f0000000200)={0x2020, 0x0, <r2=>0x0}, 0x2020)
r3 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)=@generic={&(0x7f0000000080)='./file1\x00', 0x0, 0x8}, 0x18)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x4, 0xc, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x10001, 0x7ff, 0x4, r5, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x3, 0xf7, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000000040)=0x18, &(0x7f0000000140)}, 0x20)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x7, 0x10001, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x9, 0xd, &(0x7f0000000340)=ANY=[@ANYRESOCT=r4, @ANYRESOCT=r9, @ANYRES64=r4, @ANYRES16=r7], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffb7, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', <r10=>0x0})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r11=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r10}, @IFLA_HSR_SLAVE1={0x8, 0x1, r11}]}}}]}, 0x40}}, 0x0)
r12 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r12, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r13, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r14=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=r14, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000024c0)={0x11, 0x18, &(0x7f0000002240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}, [@cb_func={0x18, 0x7, 0x4, 0x0, 0x6}, @func={0x85, 0x0, 0x1, 0x0, 0x2}, @tail_call={{0x18, 0x2, 0x1, 0x0, r3}}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x23}, @func={0x85, 0x0, 0x1, 0x0, 0x6}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000180)='syzkaller\x00', 0x7fff, 0x3, &(0x7f0000002400)=""/3, 0x41100, 0x6a, '\x00', r11, @fallback=0x1a, r0, 0x8, &(0x7f0000002440)={0x6, 0x2}, 0x8, 0x10, 0x0, 0x0, r14, r0, 0x1, 0x0, &(0x7f0000002480)=[{0x2, 0x1, 0x9, 0xa}], 0x10, 0x7, @void, @value}, 0x94)
write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, r2, {0x7, 0x9, 0x0, 0x1030002}}, 0x50)
utime(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)={0x6, 0x7fff})
dup3(0xffffffffffffffff, r1, 0x0)

2.474841054s ago: executing program 3 (id=2495):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
sendmsg$nl_route_sched(r3, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {}, {0x5, 0xffe0}}}, 0x24}}, 0x0) (fail_nth: 4)

2.167253558s ago: executing program 6 (id=2496):
socket$inet_sctp(0x2, 0x1, 0x84)
ioperm(0x2, 0xb8b8, 0x7fffffffffffffff)
ioperm(0x2, 0x8144, 0xcb)
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
bpf$MAP_DELETE_BATCH(0x1b, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
userfaultfd(0x801)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$inet(0xa, 0x801, 0x84)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000240)={0xc})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r4, 0x0, <r5=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000680)={0x48, 0x7, r5, 0x0, 0x0, 0x0, 0xfffffffe, 0xffffffff, 0x749bc, 0x2})
accept4(r1, 0x0, 0x0, 0x0)
personality(0xeaffffffffffffff)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x4, 'sh\x00', 0x1, 0x4, 0x72}, 0x2c)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9)
syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[], 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x2, 0x0}, 0x4e21, 0x3, 'lc\x00', 0x4, 0xb, 0x5}, {@rand_addr=0x64010102, 0x4e2a, 0x0, 0xcb, 0x12d5c, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_FLUSH(r6, 0x0, 0x485, 0x0, 0x0)
r7 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
ioctl$VIDIOC_G_OUTPUT(r7, 0x8004562e, &(0x7f00000004c0))

2.109026473s ago: executing program 0 (id=2497):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000b000000850000001500000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x63, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRESDEC, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000b000000850000001500000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x63, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000040)={'syztnl1\x00', &(0x7f0000000480)={'syztnl2\x00', <r2=>0x0, 0x2f, 0x2, 0x87, 0x7, 0x1, @dev={0xfe, 0x80, '\x00', 0x2b}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x7860, 0x8, 0xca}})
socket$nl_route(0x10, 0x3, 0x0) (async)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)=ANY=[@ANYBLOB="280000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000083197184f0bf198f1f5ab5b35595a2b02730a67b14e832b7b9542013e4f1c108d7a1ff3aa96f0008000000"], 0x28}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', r2, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', r2, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close(r4)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000440), 0x40401, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000740)=0x80000)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000d00)=@filter={'filter\x00', 0xe, 0x4, 0x388, 0xffffffff, 0x108, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x2f0, 0x2f0, 0x2f0, 0xffffffff, 0x4, &(0x7f00000002c0), {[{{@uncond, 0x0, 0xa8, 0x108, 0x0, {}, [@common=@unspec=@statistic={{0x38}, {0x1, 0x1, 0x0, 0xa, 0xfffffff7, {0x3}}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x1, 0x0, 0xf, 0x1, 0x3], 0x2, 0x1}, {0x0, [0x4, 0x4, 0x4, 0x4, 0x2, 0x1], 0x4, 0x2}}}}, {{@uncond, 0x0, 0xe8, 0x128, 0x0, {}, [@common=@osf={{0x50}, {'syz0\x00', 0x0, 0xa, 0x0, 0x2}}, @common=@icmp={{0x28}, {0xf, "c2d4", 0x1}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0xe34e8408, 0x6, 0x4, 0xef57, 0x9ec, 0x6, 0xa25, 0x9]}}}, {{@ip={@broadcast, @multicast1, 0xff000000, 0xff000000, '\x00', 'tunl0\x00', {}, {0xff}, 0x32, 0x0, 0x10}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@ttl={{0x28}, {0x0, 0x8}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3e8)
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1200000004000000040000001200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000001ee84ababd97566d6782eec720a2ccf2c87d7f31efd0766b4c73c589a1fe8cdad310a8e3d705768f52bd05664ffb48d419dd7e5a407277a43a3d114b307746c59f4d0f0d4bd22a6494e9f238f1"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r8, @ANYRES32=r7, @ANYBLOB="05"], 0x10)
r9 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000055200010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r9, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000340)={0x1c, &(0x7f0000000380)=ANY=[@ANYBLOB="200b98000000c96a6401cba6760d815fc0bc7719039576f54c397a725b0bad1019a058c108d3bfaf784d70d159fdd8bf0b69bf7adc21dbd01e25f976d2d72b9ff5af28071c7e9b3fd15cb04bc1f565a92e9bb5225a88503e204d8a36b11a07d18b06a733e0e74bed06fb60220d568063e3a03d2022bc51789235883a09bd5073072cba5301b7611831e7a59f", @ANYRES32=r9], 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r9, 0x82, 0xc38, &(0x7f00000001c0)=ANY=[]) (async)
syz_usb_ep_write$ath9k_ep1(r9, 0x82, 0xc38, &(0x7f00000001c0)=ANY=[])
close(r7) (async)
close(r7)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x4000)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r8}, &(0x7f0000000500), &(0x7f0000000540)=r7}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r8}, &(0x7f0000000500), &(0x7f0000000540)=r7}, 0x20)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="0f000000040000000000000012000000000000008e7ccf5cc10b311b3b1a8fd3f42149809ae8de3e4864f9e4b7f4767e2889ff4d4c8a37a8f2b50c5bcca3f95dabc595c402b47c4573094bf84872ec2f14e677e7fada82e9a4194c73984960c911970a1e939f66c05b2210a23628bc0ffd58534137e6cca267f49b550e9789466d56e892c95767a67957040f78439d11abf7c211b88dad7ec06dd204b092c28bb751e9d8231ae9bb13cdec46f65f889f533dd0c55afae956ca4b70fb8a331822bc7b4a52d9ee9698273863276093df3e613c7d8fef", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r10, <r11=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20)
accept4$nfc_llcp(r0, &(0x7f0000000780), &(0x7f0000000800)=0x60, 0x80000)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r10}, &(0x7f0000000100), &(0x7f0000000180)=r4}, 0x20)
close(r4) (async)
close(r4)
socketpair(0x1, 0x1, 0x4, &(0x7f0000000380))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r11}, &(0x7f0000000140), &(0x7f0000000280)=r4}, 0x20) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r11}, &(0x7f0000000140), &(0x7f0000000280)=r4}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0xfeff, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0xfeff, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.123391491s ago: executing program 1 (id=2498):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vlan1\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1c17}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MTU={0x8, 0x4, 0x4c5}]}, 0x44}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) (fail_nth: 4)

1.046160196s ago: executing program 3 (id=2499):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000380)=0xffffffffffffffff, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "00001000", "4e67cb72f328ac2f"}, 0x28)
writev(r0, &(0x7f0000000180)=[{&(0x7f0000000100)="321eca41caa4a101a0cdf522da48be5e149975365e3ea753dc37549a4ac200", 0x1f}], 0x1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

889.375905ms ago: executing program 6 (id=2500):
r0 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000100)='/sys/fs/smackfs/mapped\x00', 0x2, 0x0)
writev(r0, &(0x7f0000000580)=[{&(0x7f00000000c0)='8', 0x1}, {&(0x7f00000004c0)='Af', 0x2}], 0x2)

724.199024ms ago: executing program 9 (id=2501):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r3, 0x0, 0x2040000)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x2b, 0x64, 0x79, 0x10, 0x586, 0x1500, 0x2e97, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xa, 0xbf, 0x40, 0x0, [], [{{0x9, 0x5, 0xb, 0x2}}, {{0x9, 0x5, 0xa, 0x2}}]}}]}}]}}, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000005140), r3)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r4, &(0x7f00000052c0)={0x0, 0x0, &(0x7f0000005280)={&(0x7f0000005200)=ANY=[@ANYBLOB="93a5d96c", @ANYRES8=r1, @ANYBLOB="010025bd7000ffdbdf252e0000000c0005000201aaaaaaaaaaaa0c002d000202aaaaaaaaaaaa0a0001007770616e30000000"], 0x38}}, 0x8014)
r5 = socket$key(0xf, 0x3, 0x2)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x2a0, 0xffffffff, 0xa0, 0xa0, 0x3, 0xffffffff, 0xffffffff, 0x258, 0x258, 0x258, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xa0, 0x0, {0x100000000000000}}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0xffffffffffffffff, 0x7}, {0xffffffffffffffff}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @random="3232b3c71587"}}}, {{@ip={@remote, @dev, 0x0, 0x0, 'wlan1\x00', 'pim6reg1\x00'}, 0x0, 0x70, 0x98}, @REJECT={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x0, 0xfffffffd}}}}, 0x300)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000100)={0x1f, 0xffff}, 0x6)
setsockopt$bt_hci_HCI_FILTER(r7, 0x0, 0x2, &(0x7f0000000080)={0xfffc, [0x201]}, 0x10)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r8, 0x400455c8, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a000000000000d74619edc70000", @ANYRESOCT], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0)
sendmmsg(r5, &(0x7f0000000180), 0x3ef, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x1}, {0x8, 0x2}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x5}}}]}, 0x48}}, 0x0)

403.219329ms ago: executing program 3 (id=2502):
syz_usb_connect(0x2, 0x2d, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x70, 0x85, 0x1d, 0x40, 0x6cd, 0x112, 0x3e18, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x5933f92e5ea6556f, 0x90, [{{0x9, 0x4, 0xeb, 0x10, 0x1, 0x61, 0x7c, 0x7d, 0x0, [], [{{0x9, 0x5, 0x5, 0x2, 0x8, 0x6, 0xf4, 0x82}}]}}]}}]}}, 0x0)
syz_usb_connect(0x0, 0x4f, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x5}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0xbb}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000080000000300000000000000", @ANYRES32=0x1, @ANYBLOB="00000200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000080500"/17], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x331242, 0x122)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000002100010000000000000000000a0000000000000000000000050019"], 0x24}}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="9000000020", 0x5, 0x0, 0x0, 0x0)
r1 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r1, &(0x7f0000000000)='.', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
ioctl$SYNC_IOC_FILE_INFO(r0, 0xc0383e04, &(0x7f0000000040)={""/32, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000400)=[{}, {}, {}, {}, {}]})
write$tcp_mem(r0, &(0x7f0000000100)={0x0, 0x2d, 0x9, 0xa, 0x0, 0x2c}, 0x48)
bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58)
syz_usb_connect(0x2, 0x2d, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x70, 0x85, 0x1d, 0x40, 0x6cd, 0x112, 0x3e18, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x5933f92e5ea6556f, 0x90, [{{0x9, 0x4, 0xeb, 0x10, 0x1, 0x61, 0x7c, 0x7d, 0x0, [], [{{0x9, 0x5, 0x5, 0x2, 0x8, 0x6, 0xf4, 0x82}}]}}]}}]}}, 0x0) (async)
syz_usb_connect(0x0, 0x4f, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x5}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0xbb}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000080000000300000000000000", @ANYRES32=0x1, @ANYBLOB="00000200"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000080500"/17], 0x48) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) (async)
open(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x331242, 0x122) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000002100010000000000000000000a0000000000000000000000050019"], 0x24}}, 0x0) (async)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="9000000020", 0x5, 0x0, 0x0, 0x0) (async)
socket$inet6(0x10, 0x3, 0x0) (async)
sendto$inet6(r1, &(0x7f0000000000)='.', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) (async)
ioctl$SYNC_IOC_FILE_INFO(r0, 0xc0383e04, &(0x7f0000000040)={""/32, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000400)=[{}, {}, {}, {}, {}]}) (async)
write$tcp_mem(r0, &(0x7f0000000100)={0x0, 0x2d, 0x9, 0xa, 0x0, 0x2c}, 0x48) (async)
bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58) (async)

171.305777ms ago: executing program 6 (id=2503):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x6, 0x40)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000400)={0x43f, 0x0, 0x2, 0x2, &(0x7f0000000240)})
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0600008000005c00000000000081", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000200"/28], 0x48)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00'})
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000001a1401"], 0x20}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
iopl(0x3)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000080)="00faff0f0001eeff7f6faf9a1e4d", 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

171.049104ms ago: executing program 1 (id=2504):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
socket$packet(0x11, 0x2, 0x300)
socket$inet(0x2, 0x3, 0x5)
openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/smackfs/cipso\x00', 0x2, 0x0)
socket(0x2, 0x80805, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xd, 0x37, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000400000000000000ff00000007426003080000008510000001000000950000000000000018400000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffffffff7b8af0ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sock_ops=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380))
creat(&(0x7f00000056c0)='./file0\x00', 0x0)
socket$inet6(0x10, 0x2, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x21, 0x2, 0x2)
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES64=r0], 0x20)

0s ago: executing program 1 (id=2505):
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/fib_trie\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x5f, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
unshare(0x60020c80)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f000000000000000000000000000039d1c723d667ee8b42bce1f54f7559"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000000214010028bd7000fddbdf250900020073797a3100000000080001000000000008004400", @ANYRES32, @ANYBLOB="050054000100b2ac08000100000000000900020073"], 0x48}, 0x1, 0x0, 0x0, 0x4000801}, 0x0)
lseek(r4, 0x7fffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

03][T14026] RAX: ffffffffffffffda RBX: 00007fbe3f945fa0 RCX: 00007fbe3f77ff19
[  831.422371][T14026] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040
[  831.430354][T14026] RBP: 00007fbe405990a0 R08: 0000000000000000 R09: 0000000000000000
[  831.438320][T14026] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001
[  831.446285][T14026] R13: 0000000000000000 R14: 00007fbe3f945fa0 R15: 00007ffd523ed468
[  831.454260][T14026]  </TASK>
[  831.540407][T14051] FAULT_INJECTION: forcing a failure.
[  831.540407][T14051] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  831.570107][T14051] CPU: 1 UID: 0 PID: 14051 Comm: syz.6.2021 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  831.580925][T14051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  831.590984][T14051] Call Trace:
[  831.594259][T14051]  <TASK>
[  831.597189][T14051]  dump_stack_lvl+0x241/0x360
[  831.601880][T14051]  ? __pfx_dump_stack_lvl+0x10/0x10
[  831.607085][T14051]  ? __pfx__printk+0x10/0x10
[  831.611677][T14051]  ? snprintf+0xda/0x120
[  831.615919][T14051]  should_fail_ex+0x3b0/0x4e0
[  831.620601][T14051]  _copy_to_user+0x31/0xb0
[  831.625020][T14051]  simple_read_from_buffer+0xca/0x150
[  831.630393][T14051]  proc_fail_nth_read+0x1e9/0x250
[  831.635415][T14051]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  831.640959][T14051]  ? rw_verify_area+0x55e/0x6f0
[  831.645808][T14051]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  831.651353][T14051]  vfs_read+0x1fc/0xb70
[  831.655507][T14051]  ? __pfx___mutex_lock+0x10/0x10
[  831.660570][T14051]  ? __pfx_vfs_read+0x10/0x10
[  831.665244][T14051]  ? __fget_files+0x2a/0x410
[  831.669828][T14051]  ? __fget_files+0x395/0x410
[  831.674501][T14051]  ? __fget_files+0x2a/0x410
[  831.679099][T14051]  ksys_read+0x18f/0x2b0
[  831.683343][T14051]  ? __pfx_ksys_read+0x10/0x10
[  831.688105][T14051]  ? do_syscall_64+0x100/0x230
[  831.692876][T14051]  ? do_syscall_64+0xb6/0x230
[  831.697901][T14051]  do_syscall_64+0xf3/0x230
[  831.702400][T14051]  ? clear_bhb_loop+0x35/0x90
[  831.707075][T14051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  831.712965][T14051] RIP: 0033:0x7f379ed7e92c
[  831.717374][T14051] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  831.736975][T14051] RSP: 002b:00007f379fae0050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  831.745388][T14051] RAX: ffffffffffffffda RBX: 00007f379ef45fa0 RCX: 00007f379ed7e92c
[  831.753353][T14051] RDX: 000000000000000f RSI: 00007f379fae00b0 RDI: 0000000000000005
[  831.761322][T14051] RBP: 00007f379fae00a0 R08: 0000000000000000 R09: 0000000000000000
[  831.769287][T14051] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000001
[  831.777347][T14051] R13: 0000000000000000 R14: 00007f379ef45fa0 R15: 00007ffee2c80a08
[  831.785336][T14051]  </TASK>
[  831.970436][T14055] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2024'.
[  832.357817][ T5911] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  832.497906][ T5911] usb 7-1: device descriptor read/64, error -71
[  832.748469][ T5911] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  832.887458][ T5911] usb 7-1: device descriptor read/64, error -71
[  833.020626][ T5911] usb usb7-port1: attempt power cycle
[  833.117439][ T5869] usb 8-1: new full-speed USB device number 16 using dummy_hcd
[  833.278538][ T5869] usb 8-1: not running at top speed; connect to a high speed hub
[  833.295620][ T5869] usb 8-1: config 1 has an invalid interface number: 35 but max is 0
[  833.303862][ T5869] usb 8-1: config 1 has no interface number 0
[  833.312037][ T5869] usb 8-1: config 1 interface 35 has no altsetting 0
[  833.321264][ T5869] usb 8-1: New USB device found, idVendor=1a0a, idProduct=0104, bcdDevice=bf.ea
[  833.331416][ T5869] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  833.357321][ T5869] usb 8-1: Product: syz
[  833.361539][ T5869] usb 8-1: Manufacturer: syz
[  833.366172][ T5869] usb 8-1: SerialNumber: syz
[  833.367793][ T5911] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[  833.408823][ T5911] usb 7-1: device descriptor read/8, error -71
[  833.625357][ T5869] usb_ehset_test 8-1:1.35: probe with driver usb_ehset_test failed with error -32
[  833.647381][ T5911] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[  833.657396][ T5869] usb 8-1: USB disconnect, device number 16
[  833.678089][ T5911] usb 7-1: device descriptor read/8, error -71
[  833.795615][ T5911] usb usb7-port1: unable to enumerate USB device
[  834.277047][T14162] ªªªªª» speed is unknown, defaulting to 1000
[  834.980972][T14179] FAULT_INJECTION: forcing a failure.
[  834.980972][T14179] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  834.994183][T14179] CPU: 1 UID: 0 PID: 14179 Comm: syz.3.2041 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  835.004946][T14179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  835.015004][T14179] Call Trace:
[  835.018294][T14179]  <TASK>
[  835.021220][T14179]  dump_stack_lvl+0x241/0x360
[  835.025903][T14179]  ? __pfx_dump_stack_lvl+0x10/0x10
[  835.031099][T14179]  ? __pfx__printk+0x10/0x10
[  835.035689][T14179]  ? snprintf+0xda/0x120
[  835.039929][T14179]  should_fail_ex+0x3b0/0x4e0
[  835.044614][T14179]  _copy_to_user+0x31/0xb0
[  835.049033][T14179]  simple_read_from_buffer+0xca/0x150
[  835.054408][T14179]  proc_fail_nth_read+0x1e9/0x250
[  835.059443][T14179]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  835.064992][T14179]  ? rw_verify_area+0x568/0x6f0
[  835.069837][T14179]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  835.075383][T14179]  vfs_read+0x1fc/0xb70
[  835.079535][T14179]  ? __pfx___mutex_lock+0x10/0x10
[  835.084559][T14179]  ? __pfx_vfs_read+0x10/0x10
[  835.089233][T14179]  ? __fget_files+0x2a/0x410
[  835.093817][T14179]  ? __fget_files+0x395/0x410
[  835.098484][T14179]  ? __fget_files+0x2a/0x410
[  835.103071][T14179]  ksys_read+0x18f/0x2b0
[  835.107310][T14179]  ? __pfx_ksys_read+0x10/0x10
[  835.112070][T14179]  ? do_syscall_64+0x100/0x230
[  835.116831][T14179]  ? do_syscall_64+0xb6/0x230
[  835.121510][T14179]  do_syscall_64+0xf3/0x230
[  835.126012][T14179]  ? clear_bhb_loop+0x35/0x90
[  835.130687][T14179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  835.136574][T14179] RIP: 0033:0x7fbe3f77e92c
[  835.140982][T14179] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  835.160583][T14179] RSP: 002b:00007fbe40599050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  835.168995][T14179] RAX: ffffffffffffffda RBX: 00007fbe3f945fa0 RCX: 00007fbe3f77e92c
[  835.176958][T14179] RDX: 000000000000000f RSI: 00007fbe405990b0 RDI: 0000000000000004
[  835.184931][T14179] RBP: 00007fbe405990a0 R08: 0000000000000000 R09: 0000000000000000
[  835.192894][T14179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  835.200864][T14179] R13: 0000000000000000 R14: 00007fbe3f945fa0 R15: 00007ffd523ed468
[  835.208841][T14179]  </TASK>
[  836.115292][T14183] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  836.122026][T14183] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  836.141868][T14183] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  836.148244][T14183] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  836.154242][T14183] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  836.162802][T14183] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  836.170192][T14183] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  836.180069][T14183] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[  836.186066][T14183] Bluetooth: hci7: Opcode 0x0406 failed: -4
[  836.510864][T14203] netlink: 132 bytes leftover after parsing attributes in process `syz.6.2046'.
[  837.356007][T14202] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2047'.
[  837.473168][T12930] Bluetooth: hci3: command 0x0406 tx timeout
[  838.158883][T10236] Bluetooth: hci5: command 0x0406 tx timeout
[  838.158898][T12930] Bluetooth: hci0: command 0x0406 tx timeout
[  838.275750][T10236] Bluetooth: hci6: command 0x0406 tx timeout
[  838.275770][T12930] Bluetooth: hci7: command 0x0406 tx timeout
[  838.349054][T14216] FAULT_INJECTION: forcing a failure.
[  838.349054][T14216] name failslab, interval 1, probability 0, space 0, times 0
[  838.349857][T14216] CPU: 0 UID: 0 PID: 14216 Comm: syz.3.2053 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  838.349884][T14216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  838.349898][T14216] Call Trace:
[  838.349905][T14216]  <TASK>
[  838.349913][T14216]  dump_stack_lvl+0x241/0x360
[  838.349943][T14216]  ? __pfx_dump_stack_lvl+0x10/0x10
[  838.349965][T14216]  ? __pfx__printk+0x10/0x10
[  838.349990][T14216]  ? __kmalloc_cache_noprof+0x48/0x390
[  838.350010][T14216]  ? __pfx___might_resched+0x10/0x10
[  838.350034][T14216]  ? lockdep_init_map_type+0xa1/0x910
[  838.350059][T14216]  should_fail_ex+0x3b0/0x4e0
[  838.350100][T14216]  should_failslab+0xac/0x100
[  838.350129][T14216]  __kmalloc_cache_noprof+0x70/0x390
[  838.350148][T14216]  ? drm_atomic_state_alloc+0xa6/0x100
[  838.350179][T14216]  drm_atomic_state_alloc+0xa6/0x100
[  838.350204][T14216]  drm_client_modeset_commit_atomic+0xda/0x7d0
[  838.350231][T14216]  ? __mutex_lock+0x37f/0xee0
[  838.350254][T14216]  ? __pfx_lock_release+0x10/0x10
[  838.350274][T14216]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  838.350292][T14216]  ? __mutex_lock+0xd5f/0xee0
[  838.350334][T14216]  ? __pfx___mutex_lock+0x10/0x10
[  838.350358][T14216]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  838.350390][T14216]  drm_client_modeset_commit_locked+0xe0/0x520
[  838.350418][T14216]  drm_fb_helper_pan_display+0x379/0xc10
[  838.350459][T14216]  fb_pan_display+0x3a3/0x680
[  838.350479][T14216]  ? __pfx_drm_fb_helper_pan_display+0x10/0x10
[  838.350511][T14216]  bit_update_start+0x4d/0x1c0
[  838.350537][T14216]  fbcon_switch+0x144b/0x2250
[  838.350574][T14216]  ? __pfx_fbcon_switch+0x10/0x10
[  838.350601][T14216]  ? __pfx_hide_cursor+0x10/0x10
[  838.350619][T14216]  ? is_console_locked+0x9/0x20
[  838.350633][T14216]  ? set_origin+0x344/0x480
[  838.350649][T14216]  csi_J+0x6f8/0xeb0
[  838.350663][T14216]  ? atomic_notifier_call_chain+0x26/0x180
[  838.350678][T14216]  do_con_write+0x3b5b/0x4c30
[  838.350727][T14216]  ? __pfx_do_con_write+0x10/0x10
[  838.350737][T14216]  ? trace_contention_end+0x3c/0x120
[  838.350753][T14216]  ? __mutex_lock+0x37f/0xee0
[  838.350769][T14216]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  838.350788][T14216]  ? __pfx___mutex_lock+0x10/0x10
[  838.350807][T14216]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  838.350828][T14216]  con_write+0x26/0x40
[  838.350844][T14216]  n_tty_write+0x640/0x1230
[  838.350859][T14216]  ? __virt_addr_valid+0x183/0x530
[  838.350881][T14216]  ? __pfx_n_tty_write+0x10/0x10
[  838.350894][T14216]  ? __pfx_woken_wake_function+0x10/0x10
[  838.350907][T14216]  ? __virt_addr_valid+0x183/0x530
[  838.350919][T14216]  ? __virt_addr_valid+0x183/0x530
[  838.350931][T14216]  ? __virt_addr_valid+0x45f/0x530
[  838.350944][T14216]  ? __check_object_size+0x47a/0x730
[  838.350963][T14216]  ? __pfx_n_tty_write+0x10/0x10
[  838.350974][T14216]  file_tty_write+0x546/0x9b0
[  838.350996][T14216]  vfs_write+0xaeb/0xd30
[  838.351012][T14216]  ? __pfx_tty_write+0x10/0x10
[  838.351027][T14216]  ? __pfx_vfs_write+0x10/0x10
[  838.351043][T14216]  ? __fget_files+0x2a/0x410
[  838.351057][T14216]  ? __fget_files+0x2a/0x410
[  838.351083][T14216]  ksys_write+0x18f/0x2b0
[  838.351099][T14216]  ? __pfx_ksys_write+0x10/0x10
[  838.351113][T14216]  ? do_syscall_64+0x100/0x230
[  838.351130][T14216]  ? do_syscall_64+0xb6/0x230
[  838.351147][T14216]  do_syscall_64+0xf3/0x230
[  838.351162][T14216]  ? clear_bhb_loop+0x35/0x90
[  838.351180][T14216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  838.351194][T14216] RIP: 0033:0x7fbe3f77ff19
[  838.351207][T14216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  838.351216][T14216] RSP: 002b:00007fbe40578058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  838.351230][T14216] RAX: ffffffffffffffda RBX: 00007fbe3f946080 RCX: 00007fbe3f77ff19
[  838.351239][T14216] RDX: 0000000000001006 RSI: 0000000020002080 RDI: 0000000000000009
[  838.351247][T14216] RBP: 00007fbe405780a0 R08: 0000000000000000 R09: 0000000000000000
[  838.351254][T14216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  838.351262][T14216] R13: 0000000000000000 R14: 00007fbe3f946080 R15: 00007ffd523ed468
[  838.351281][T14216]  </TASK>
[  839.010301][T14222] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2054'.
[  839.433856][   T29] kauditd_printk_skb: 10 callbacks suppressed
[  839.433874][   T29] audit: type=1326 audit(1733910371.503:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14217 comm="syz.6.2052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f379ed7ff19 code=0x7fc00000
[  839.517987][T10236] Bluetooth: hci3: command 0x0406 tx timeout
[  839.562009][T14239] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2058'.
[  840.237310][T10236] Bluetooth: hci0: command 0x0406 tx timeout
[  840.317335][T12930] Bluetooth: hci7: command 0x0406 tx timeout
[  840.323563][T10236] Bluetooth: hci6: command 0x0406 tx timeout
[  840.410371][T14260] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2065'.
[  840.685710][   T29] audit: type=1804 audit(1733910372.753:108): pid=14263 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.2066" name="/newroot/430/bus/file1" dev="overlay" ino=2311 res=1 errno=0
[  841.936028][T14284] FAULT_INJECTION: forcing a failure.
[  841.936028][T14284] name failslab, interval 1, probability 0, space 0, times 0
[  841.953570][T14284] CPU: 0 UID: 0 PID: 14284 Comm: syz.6.2074 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  841.964375][T14284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  841.974456][T14284] Call Trace:
[  841.977753][T14284]  <TASK>
[  841.980696][T14284]  dump_stack_lvl+0x241/0x360
[  841.985409][T14284]  ? __pfx_dump_stack_lvl+0x10/0x10
[  841.990649][T14284]  ? __pfx__printk+0x10/0x10
[  841.995271][T14284]  ? __kmalloc_cache_noprof+0x48/0x390
[  842.000748][T14284]  ? __pfx___might_resched+0x10/0x10
[  842.006070][T14284]  should_fail_ex+0x3b0/0x4e0
[  842.010787][T14284]  should_failslab+0xac/0x100
[  842.015500][T14284]  __kmalloc_cache_noprof+0x70/0x390
[  842.020809][T14284]  ? __se_sys_mount+0x15a/0x3c0
[  842.025670][T14284]  ? memdup_user+0x9f/0xc0
[  842.030084][T14284]  __se_sys_mount+0x15a/0x3c0
[  842.034750][T14284]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  842.040985][T14284]  ? __pfx___se_sys_mount+0x10/0x10
[  842.046167][T14284]  ? do_syscall_64+0x100/0x230
[  842.050929][T14284]  ? __x64_sys_mount+0x20/0xc0
[  842.055714][T14284]  do_syscall_64+0xf3/0x230
[  842.060230][T14284]  ? clear_bhb_loop+0x35/0x90
[  842.064923][T14284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  842.070872][T14284] RIP: 0033:0x7f379ed7ff19
[  842.075290][T14284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  842.094899][T14284] RSP: 002b:00007f379fae0058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  842.103323][T14284] RAX: ffffffffffffffda RBX: 00007f379ef45fa0 RCX: 00007f379ed7ff19
[  842.111287][T14284] RDX: 0000000020000180 RSI: 0000000020000000 RDI: 0000000000000000
[  842.119251][T14284] RBP: 00007f379fae00a0 R08: 0000000020000280 R09: 0000000000000000
[  842.127223][T14284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  842.135195][T14284] R13: 0000000000000000 R14: 00007f379ef45fa0 R15: 00007ffee2c80a08
[  842.143175][T14284]  </TASK>
[  842.263821][T14288] FAULT_INJECTION: forcing a failure.
[  842.263821][T14288] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  842.277022][T14288] CPU: 1 UID: 0 PID: 14288 Comm: syz.3.2072 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  842.287803][T14288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  842.297871][T14288] Call Trace:
[  842.301160][T14288]  <TASK>
[  842.304108][T14288]  dump_stack_lvl+0x241/0x360
[  842.308810][T14288]  ? __pfx_dump_stack_lvl+0x10/0x10
[  842.314021][T14288]  ? __pfx__printk+0x10/0x10
[  842.318635][T14288]  should_fail_ex+0x3b0/0x4e0
[  842.323346][T14288]  _copy_to_user+0x31/0xb0
[  842.327788][T14288]  simple_read_from_buffer+0xca/0x150
[  842.333186][T14288]  proc_fail_nth_read+0x1e9/0x250
[  842.338234][T14288]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  842.343803][T14288]  ? rw_verify_area+0x568/0x6f0
[  842.348672][T14288]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  842.354235][T14288]  vfs_read+0x1fc/0xb70
[  842.358428][T14288]  ? __pfx___mutex_lock+0x10/0x10
[  842.363477][T14288]  ? __pfx_vfs_read+0x10/0x10
[  842.368169][T14288]  ? __fget_files+0x2a/0x410
[  842.372772][T14288]  ? __fget_files+0x395/0x410
[  842.377461][T14288]  ? __fget_files+0x2a/0x410
[  842.382074][T14288]  ksys_read+0x18f/0x2b0
[  842.386336][T14288]  ? __pfx_ksys_read+0x10/0x10
[  842.391122][T14288]  ? do_syscall_64+0x100/0x230
[  842.395907][T14288]  ? do_syscall_64+0xb6/0x230
[  842.400605][T14288]  do_syscall_64+0xf3/0x230
[  842.405127][T14288]  ? clear_bhb_loop+0x35/0x90
[  842.409833][T14288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  842.415742][T14288] RIP: 0033:0x7fbe3f77e92c
[  842.420169][T14288] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  842.440066][T14288] RSP: 002b:00007fbe40557050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  842.448532][T14288] RAX: ffffffffffffffda RBX: 00007fbe3f946160 RCX: 00007fbe3f77e92c
[  842.456529][T14288] RDX: 000000000000000f RSI: 00007fbe405570b0 RDI: 0000000000000009
[  842.464528][T14288] RBP: 00007fbe405570a0 R08: 0000000000000000 R09: 0000000000000000
[  842.472528][T14288] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000001
[  842.480520][T14288] R13: 0000000000000000 R14: 00007fbe3f946160 R15: 00007ffd523ed468
[  842.488534][T14288]  </TASK>
[  844.588349][   T29] audit: type=1804 audit(1733910376.643:109): pid=14327 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.2079" name="/newroot/146/bus/file1" dev="overlay" ino=820 res=1 errno=0
[  845.347939][  T968] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  845.509264][  T968] usb 4-1: Using ep0 maxpacket: 16
[  845.522812][  T968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  845.536303][  T968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  845.548299][  T968] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  845.563019][  T968] usb 4-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00
[  845.575936][  T968] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  845.601517][  T968] usb 4-1: config 0 descriptor??
[  846.022232][  T968] usbhid 4-1:0.0: can't add hid device: -71
[  846.034398][  T968] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  846.049748][  T968] usb 4-1: USB disconnect, device number 25
[  846.794437][T14426] FAULT_INJECTION: forcing a failure.
[  846.794437][T14426] name failslab, interval 1, probability 0, space 0, times 0
[  846.835854][T14426] CPU: 0 UID: 0 PID: 14426 Comm: syz.6.2097 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  846.846678][T14426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  846.856763][T14426] Call Trace:
[  846.860068][T14426]  <TASK>
[  846.863015][T14426]  dump_stack_lvl+0x241/0x360
[  846.867724][T14426]  ? __pfx_dump_stack_lvl+0x10/0x10
[  846.872958][T14426]  ? __pfx__printk+0x10/0x10
[  846.877581][T14426]  ? fs_reclaim_acquire+0x93/0x130
[  846.882725][T14426]  ? __pfx___might_resched+0x10/0x10
[  846.888040][T14426]  ? dynamic_dname+0x141/0x1b0
[  846.892832][T14426]  should_fail_ex+0x3b0/0x4e0
[  846.897547][T14426]  should_failslab+0xac/0x100
[  846.902247][T14426]  __kmalloc_noprof+0xdd/0x4c0
[  846.907006][T14426]  ? tomoyo_encode+0x26f/0x540
[  846.911771][T14426]  tomoyo_encode+0x26f/0x540
[  846.916362][T14426]  ? __pfx_sockfs_dname+0x10/0x10
[  846.921392][T14426]  tomoyo_realpath_from_path+0x59e/0x5e0
[  846.927035][T14426]  tomoyo_path_number_perm+0x236/0x860
[  846.932496][T14426]  ? __lock_acquire+0x1397/0x2100
[  846.937537][T14426]  ? tomoyo_path_number_perm+0x206/0x860
[  846.943179][T14426]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  846.949205][T14426]  ? __fget_files+0x2a/0x410
[  846.953812][T14426]  ? __fget_files+0x2a/0x410
[  846.958411][T14426]  security_file_ioctl+0xc6/0x2a0
[  846.963441][T14426]  __se_sys_ioctl+0x46/0x170
[  846.968037][T14426]  do_syscall_64+0xf3/0x230
[  846.972548][T14426]  ? clear_bhb_loop+0x35/0x90
[  846.977237][T14426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  846.983135][T14426] RIP: 0033:0x7f379ed7ff19
[  846.987549][T14426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  847.007152][T14426] RSP: 002b:00007f379fae0058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  847.015709][T14426] RAX: ffffffffffffffda RBX: 00007f379ef45fa0 RCX: 00007f379ed7ff19
[  847.023691][T14426] RDX: 0000000020000580 RSI: 00000000000089f0 RDI: 0000000000000004
[  847.031664][T14426] RBP: 00007f379fae00a0 R08: 0000000000000000 R09: 0000000000000000
[  847.039642][T14426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  847.047612][T14426] R13: 0000000000000000 R14: 00007f379ef45fa0 R15: 00007ffee2c80a08
[  847.055594][T14426]  </TASK>
[  847.069859][T14426] ERROR: Out of memory at tomoyo_realpath_from_path.
[  847.156986][T12930] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  847.179084][T12930] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  847.193744][T12930] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  847.202598][T12930] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  847.216118][T12930] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  847.658691][T12930] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  847.666369][   T29] audit: type=1804 audit(1733910379.453:110): pid=14439 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.2098" name="/newroot/161/bus/file1" dev="overlay" ino=872 res=1 errno=0
[  847.717643][T14441] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2101'.
[  847.770196][T14441] bond2: entered promiscuous mode
[  847.829818][T14431] ªªªªª» speed is unknown, defaulting to 1000
[  847.839126][T14441] team_slave_1: entered promiscuous mode
[  847.845107][T14441] bond2: (slave team_slave_1): Enslaving as an active interface with an up link
[  848.325541][T12930] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  848.338168][T12930] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  848.357136][T14452] 9pnet_fd: Insufficient options for proto=fd
[  848.377850][T12930] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  848.389558][T12930] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  848.398011][T12930] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  848.405732][T12930] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  848.502238][T14450] ªªªªª» speed is unknown, defaulting to 1000
[  848.591879][T14431] chnl_net:caif_netlink_parms(): no params data found
[  849.001270][T14431] bridge0: port 1(bridge_slave_0) entered blocking state
[  849.022544][T14431] bridge0: port 1(bridge_slave_0) entered disabled state
[  849.069856][T14431] bridge_slave_0: entered allmulticast mode
[  849.141707][T14475] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2105'.
[  849.147781][T14431] bridge_slave_0: entered promiscuous mode
[  849.265584][T14431] bridge0: port 2(bridge_slave_1) entered blocking state
[  849.273270][T14431] bridge0: port 2(bridge_slave_1) entered disabled state
[  849.287414][T14431] bridge_slave_1: entered allmulticast mode
[  849.467034][T14431] bridge_slave_1: entered promiscuous mode
[  849.759104][T12930] Bluetooth: hci1: command tx timeout
[  850.332013][T14431] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  850.366159][T14431] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  850.477362][T12930] Bluetooth: hci2: command tx timeout
[  850.578113][T14431] team0: Port device team_slave_0 added
[  850.673685][T14431] team0: Port device team_slave_1 added
[  851.165022][T14499] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  851.767526][T14431] batman_adv: batadv0: Adding interface: batadv_slave_0
[  851.780962][   T29] audit: type=1804 audit(1733910383.813:111): pid=14501 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.2110" name="/newroot/440/bus/file1" dev="overlay" ino=2373 res=1 errno=0
[  851.826816][T14431] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  851.853813][T12930] Bluetooth: hci1: command tx timeout
[  851.955236][T14431] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  852.177997][T14431] batman_adv: batadv0: Adding interface: batadv_slave_1
[  852.185172][T14431] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  852.219765][T14431] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  852.557781][T12930] Bluetooth: hci2: command tx timeout
[  852.568979][T14431] hsr_slave_0: entered promiscuous mode
[  852.730474][T14431] hsr_slave_1: entered promiscuous mode
[  853.267273][ T5866] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  853.336672][T14517] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2113'.
[  853.428852][ T5866] usb 7-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0
[  853.444267][ T5866] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  853.470605][ T5866] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  853.533529][ T5866] usb 7-1: Product: syz
[  853.570886][ T5866] usb 7-1: Manufacturer: syz
[  853.575979][ T5866] usb 7-1: SerialNumber: syz
[  853.889728][T14504] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  853.927440][T12930] Bluetooth: hci1: command tx timeout
[  853.949715][T14450] chnl_net:caif_netlink_parms(): no params data found
[  854.091742][T14533] loop2: detected capacity change from 0 to 7
[  854.124276][ T5866] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22
[  854.135723][T14533] Dev loop2: unable to read RDB block 7
[  854.148700][ T5866] usb 7-1: USB disconnect, device number 11
[  854.149638][T14533]  loop2: unable to read partition table
[  854.192510][T14533] loop2: partition table beyond EOD, truncated
[  854.200287][T14533] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  854.296566][T14450] bridge0: port 1(bridge_slave_0) entered blocking state
[  854.318645][T14450] bridge0: port 1(bridge_slave_0) entered disabled state
[  854.385018][T14450] bridge_slave_0: entered allmulticast mode
[  854.400698][T14450] bridge_slave_0: entered promiscuous mode
[  854.631758][T14450] bridge0: port 2(bridge_slave_1) entered blocking state
[  854.638957][T12930] Bluetooth: hci2: command tx timeout
[  854.670006][T14450] bridge0: port 2(bridge_slave_1) entered disabled state
[  854.715520][T14450] bridge_slave_1: entered allmulticast mode
[  854.788204][T14450] bridge_slave_1: entered promiscuous mode
[  854.793183][ T5866] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  855.003133][T14450] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  855.031456][T14450] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  855.057628][ T5866] usb 7-1: Using ep0 maxpacket: 8
[  855.078803][ T5866] usb 7-1: config index 0 descriptor too short (expected 301, got 72)
[  855.184940][ T5866] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  855.240410][ T5866] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  855.300474][ T5866] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  855.317429][ T5866] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  855.338958][ T5866] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2007, setting to 1024
[  855.377402][ T5866] usb 7-1: config 16 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 3
[  855.390826][ T5866] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  855.400105][ T5866] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  855.410303][T14504] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  855.458490][ T5866] usb 7-1: usb_control_msg returned -71
[  855.492527][ T5866] usbtmc 7-1:16.0: can't read capabilities
[  855.503472][T14450] team0: Port device team_slave_0 added
[  855.574840][T14431] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  855.656125][ T5866] usb 7-1: USB disconnect, device number 12
[  855.906010][T14450] team0: Port device team_slave_1 added
[  855.956149][T14431] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  855.970974][T14553] binder: 14552:14553 ioctl 3b81 20000000 returned -22
[  855.977471][T14431] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  855.997564][T12930] Bluetooth: hci1: command tx timeout
[  856.005075][T14553] binder: 14552:14553 ioctl 3ba0 20000440 returned -22
[  856.013426][T14553] binder: 14552:14553 ioctl 3b85 20000140 returned -22
[  856.023608][T14553] binder: 14552:14553 ioctl 3b85 20000040 returned -22
[  856.078522][T14450] batman_adv: batadv0: Adding interface: batadv_slave_0
[  856.085507][T14450] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  856.165546][T14450] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  856.190239][T14431] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  856.605357][T14450] batman_adv: batadv0: Adding interface: batadv_slave_1
[  856.613160][   T29] audit: type=1804 audit(1733910388.563:112): pid=14567 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.6.2123" name="/newroot/159/bus/file1" dev="overlay" ino=895 res=1 errno=0
[  856.636774][T14450] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  856.663789][T14450] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  856.730975][T12930] Bluetooth: hci2: command tx timeout
[  856.776167][T14450] hsr_slave_0: entered promiscuous mode
[  856.796172][T14450] hsr_slave_1: entered promiscuous mode
[  856.854406][T14450] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  856.885826][T14450] Cannot create hsr debugfs directory
[  856.947315][T11318] usb 7-1: new full-speed USB device number 13 using dummy_hcd
[  857.126749][T11318] usb 7-1: config 0 has too many interfaces: 125, using maximum allowed: 32
[  857.146876][T11318] usb 7-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  857.174644][T11318] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  857.187459][T11318] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 125
[  857.197494][T11318] usb 7-1: config 0 has no interface number 0
[  857.206821][T11318] usb 7-1: too many endpoints for config 0 interface 88 altsetting 253: 68, using maximum allowed: 30
[  857.211911][T14431] 8021q: adding VLAN 0 to HW filter on device bond0
[  857.217980][T11318] usb 7-1: config 0 interface 88 altsetting 253 has 0 endpoint descriptors, different from the interface descriptor's value: 68
[  857.218013][T11318] usb 7-1: config 0 interface 88 has no altsetting 0
[  857.247094][T11318] usb 7-1: New USB device found, idVendor=1d7b, idProduct=0101, bcdDevice= 0.40
[  857.266296][T14431] 8021q: adding VLAN 0 to HW filter on device team0
[  857.277595][T11318] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  857.285684][T11318] usb 7-1: Product: syz
[  857.290230][T11318] usb 7-1: Manufacturer: syz
[  857.294861][T11318] usb 7-1: SerialNumber: syz
[  857.371524][T11318] usb 7-1: config 0 descriptor??
[  857.403304][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  857.410471][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  857.460264][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  857.467437][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  857.593908][T14573] Invalid option length (915) for dns_resolver key
[  857.747137][T11318] usb 7-1: USB disconnect, device number 13
[  857.914346][T14431] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  857.937126][T14431] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  858.405441][T14604] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2129'.
[  859.049052][T14431] 8021q: adding VLAN 0 to HW filter on device batadv0
[  859.221393][T14621] FAULT_INJECTION: forcing a failure.
[  859.221393][T14621] name failslab, interval 1, probability 0, space 0, times 0
[  859.249348][T14621] CPU: 0 UID: 0 PID: 14621 Comm: syz.6.2132 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  859.260158][T14621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  859.270233][T14621] Call Trace:
[  859.273532][T14621]  <TASK>
[  859.276476][T14621]  dump_stack_lvl+0x241/0x360
[  859.281180][T14621]  ? __pfx_dump_stack_lvl+0x10/0x10
[  859.286408][T14621]  ? __pfx__printk+0x10/0x10
[  859.291032][T14621]  ? kmem_cache_alloc_lru_noprof+0x4d/0x390
[  859.296944][T14621]  ? __pfx___might_resched+0x10/0x10
[  859.302251][T14621]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  859.308254][T14621]  should_fail_ex+0x3b0/0x4e0
[  859.312967][T14621]  should_failslab+0xac/0x100
[  859.317681][T14621]  ? __d_alloc+0x31/0x700
[  859.322034][T14621]  kmem_cache_alloc_lru_noprof+0x75/0x390
[  859.327787][T14621]  __d_alloc+0x31/0x700
[  859.331966][T14621]  d_alloc+0x4b/0x190
[  859.335970][T14621]  lookup_one_qstr_excl+0xce/0x260
[  859.341106][T14621]  filename_create+0x297/0x540
[  859.345902][T14621]  ? __pfx_filename_create+0x10/0x10
[  859.351216][T14621]  ? __might_fault+0xaa/0x120
[  859.355929][T14621]  do_mknodat+0x18b/0x5b0
[  859.360286][T14621]  ? __pfx_do_mknodat+0x10/0x10
[  859.365159][T14621]  ? getname_flags+0x1e3/0x540
[  859.369944][T14621]  __x64_sys_mknod+0x8c/0xa0
[  859.374559][T14621]  do_syscall_64+0xf3/0x230
[  859.379085][T14621]  ? clear_bhb_loop+0x35/0x90
[  859.383794][T14621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  859.389712][T14621] RIP: 0033:0x7f379ed7ff19
[  859.394146][T14621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  859.413875][T14621] RSP: 002b:00007f379fae0058 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  859.422322][T14621] RAX: ffffffffffffffda RBX: 00007f379ef45fa0 RCX: 00007f379ed7ff19
[  859.430320][T14621] RDX: 0000000000000000 RSI: 000000000000c000 RDI: 0000000020000080
[  859.438323][T14621] RBP: 00007f379fae00a0 R08: 0000000000000000 R09: 0000000000000000
[  859.446312][T14621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  859.454331][T14621] R13: 0000000000000000 R14: 00007f379ef45fa0 R15: 00007ffee2c80a08
[  859.462341][T14621]  </TASK>
[  860.016118][T14450] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  860.079613][T14450] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  860.102231][T14450] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  860.123758][T14450] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  860.224715][T14431] veth0_vlan: entered promiscuous mode
[  860.273376][T14431] veth1_vlan: entered promiscuous mode
[  860.397448][T14450] 8021q: adding VLAN 0 to HW filter on device bond0
[  860.421368][T14431] veth0_macvtap: entered promiscuous mode
[  860.463076][T14431] veth1_macvtap: entered promiscuous mode
[  860.561089][T14450] 8021q: adding VLAN 0 to HW filter on device team0
[  860.610899][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  860.618030][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  860.648791][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  860.655928][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  860.687040][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  860.706168][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  860.716084][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  860.726767][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  860.740436][T14431] batman_adv: batadv0: Interface activated: batadv_slave_0
[  860.750069][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  860.760930][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  860.771203][T14431] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  860.782077][T14431] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  860.793762][T14431] batman_adv: batadv0: Interface activated: batadv_slave_1
[  860.860686][T14431] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  860.871670][T14431] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  860.897465][T14431] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  860.932298][T14431] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  861.180092][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  861.227246][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  861.302500][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  861.330018][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  861.967135][T14450] 8021q: adding VLAN 0 to HW filter on device batadv0
[  862.060157][T14684] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  862.090549][T14684] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  862.224963][T14688] netlink: 'syz.9.2142': attribute type 2 has an invalid length.
[  862.229999][T14450] veth0_vlan: entered promiscuous mode
[  862.269799][T14688] netlink: 'syz.9.2142': attribute type 8 has an invalid length.
[  862.283146][T14450] veth1_vlan: entered promiscuous mode
[  862.303687][T14688] netlink: 132 bytes leftover after parsing attributes in process `syz.9.2142'.
[  862.376727][T14450] veth0_macvtap: entered promiscuous mode
[  862.419089][T14450] veth1_macvtap: entered promiscuous mode
[  862.581318][T14450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  862.621601][T14450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  862.670085][T14450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  862.696928][T14450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  862.716218][T14450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  862.728531][T14450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  862.740961][T14450] batman_adv: batadv0: Interface activated: batadv_slave_0
[  862.755312][T14450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  862.817212][T14450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  862.847537][T14450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  862.858740][T14450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  862.868669][T14450] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  862.880088][T14450] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  862.891034][T14450] batman_adv: batadv0: Interface activated: batadv_slave_1
[  863.752791][   T11] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  863.803676][T14450] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  863.862960][T14450] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  863.907395][T14450] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  863.924901][T14450] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  864.385364][   T11] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  864.809640][  T968] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  864.947406][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  864.956888][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  865.099349][  T968] usb 4-1: Using ep0 maxpacket: 16
[  865.127630][  T968] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  865.135763][  T968] usb 4-1: config 0 has no interface number 0
[  865.142819][T10236] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  865.152891][T10236] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  865.161770][  T968] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  865.173007][T10236] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  865.180661][  T968] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  865.194765][  T968] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  865.204029][  T968] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  865.212199][  T968] usb 4-1: Product: syz
[  865.216395][  T968] usb 4-1: SerialNumber: syz
[  865.224894][  T968] usb 4-1: config 0 descriptor??
[  865.233962][  T968] cm109 4-1:0.8: invalid payload size 0, expected 4
[  865.243039][  T968] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input18
[  865.273326][T10236] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  865.297658][T10236] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  865.306891][T10236] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  866.362764][T14740] IPVS: set_ctl: invalid protocol: 8 224.0.0.1:20002
[  866.606525][   T11] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  866.815863][ T5886] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  866.886957][ T5886] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  866.993537][   T11] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  867.143160][T14726] ªªªªª» speed is unknown, defaulting to 1000
[  868.467566][   T11] bridge_slave_1: left allmulticast mode
[  868.473325][   T11] bridge_slave_1: left promiscuous mode
[  868.539364][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  868.719046][T10236] Bluetooth: hci4: command tx timeout
[  868.727973][   T11] bridge_slave_0: left allmulticast mode
[  868.735158][   T11] bridge_slave_0: left promiscuous mode
[  868.745066][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  869.796005][T14794] wlan1: Trigger new scan to find an IBSS to join
[  870.147589][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  870.156734][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  870.163967][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  870.171202][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  870.181032][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  870.188775][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  870.196013][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  870.203267][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  870.210639][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  870.217794][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  870.237593][  T968] usb 4-1: USB disconnect, device number 26
[  870.243557][    C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  870.255704][  T968] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  870.319791][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  870.326398][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  870.406431][T14820] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2160'.
[  870.528776][    T8] kernel write not supported for file /ipv6host (pid: 8 comm: kworker/0:0)
[  870.754232][T14832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2162'.
[  870.764399][T14832] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2162'.
[  870.797456][T10236] Bluetooth: hci4: command tx timeout
[  871.844732][T14853] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2165'.
[  872.158366][T14860] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2166'.
[  872.548044][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  872.584094][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  872.612576][   T11] bond0 (unregistering): Released all slaves
[  872.643760][   T11] bond1 (unregistering): Released all slaves
[  872.760522][T14817] vlan2: entered promiscuous mode
[  872.771831][T14817] vlan2: entered allmulticast mode
[  872.777110][T14817] hsr_slave_1: entered allmulticast mode
[  872.879155][T10236] Bluetooth: hci4: command tx timeout
[  872.908414][T14820] hsr_slave_1 (unregistering): left allmulticast mode
[  872.988030][T14820] hsr_slave_1 (unregistering): left promiscuous mode
[  873.039086][ T7388] wlan1: Trigger new scan to find an IBSS to join
[  873.077407][T14849] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  873.253276][   T29] audit: type=1804 audit(1733910405.303:113): pid=14879 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.2168" name="/newroot/4/bus/file1" dev="overlay" ino=56 res=1 errno=0
[  875.239949][T10236] Bluetooth: hci4: command tx timeout
[  876.716692][ T3538] wlan1: Creating new IBSS network, BSSID 52:91:b4:c3:f8:f0
[  877.181104][T14921] netlink: 16 bytes leftover after parsing attributes in process `syz.9.2176'.
[  877.253488][T14726] chnl_net:caif_netlink_parms(): no params data found
[  878.276295][   T11] hsr_slave_0: left promiscuous mode
[  878.443839][   T11] hsr_slave_1: left promiscuous mode
[  878.487378][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  878.514112][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  878.667015][T14939] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2179'.
[  879.230451][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  879.238300][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  879.315623][   T11] veth1_macvtap: left promiscuous mode
[  879.321455][   T11] veth0_macvtap: left promiscuous mode
[  879.349316][   T11] veth1_vlan: left promiscuous mode
[  879.400198][   T11] veth0_vlan: left promiscuous mode
[  879.406531][   T29] audit: type=1804 audit(1733910411.473:114): pid=14944 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.2180" name="/newroot/463/bus/file1" dev="overlay" ino=2504 res=1 errno=0
[  879.501019][T14951] FAULT_INJECTION: forcing a failure.
[  879.501019][T14951] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  879.587351][T14951] CPU: 0 UID: 0 PID: 14951 Comm: syz.1.2181 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  879.598141][T14951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  879.608188][T14951] Call Trace:
[  879.611452][T14951]  <TASK>
[  879.614375][T14951]  dump_stack_lvl+0x241/0x360
[  879.619055][T14951]  ? __pfx_dump_stack_lvl+0x10/0x10
[  879.624246][T14951]  ? __pfx__printk+0x10/0x10
[  879.628844][T14951]  ? __pfx_lock_release+0x10/0x10
[  879.633912][T14951]  ? tomoyo_path_number_perm+0x206/0x860
[  879.639538][T14951]  should_fail_ex+0x3b0/0x4e0
[  879.644213][T14951]  _copy_from_user+0x2f/0xc0
[  879.648799][T14951]  rtc_dev_ioctl+0xc77/0x1490
[  879.653470][T14951]  ? smk_tskacc+0x300/0x370
[  879.657971][T14951]  ? __pfx_rtc_dev_ioctl+0x10/0x10
[  879.663072][T14951]  ? smack_file_ioctl+0x29e/0x3a0
[  879.668103][T14951]  ? __pfx_smack_file_ioctl+0x10/0x10
[  879.673534][T14951]  ? __fget_files+0x2a/0x410
[  879.678127][T14951]  ? __fget_files+0x2a/0x410
[  879.682719][T14951]  ? __pfx_rtc_dev_ioctl+0x10/0x10
[  879.687833][T14951]  __se_sys_ioctl+0xf5/0x170
[  879.692424][T14951]  do_syscall_64+0xf3/0x230
[  879.696927][T14951]  ? clear_bhb_loop+0x35/0x90
[  879.701606][T14951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  879.707514][T14951] RIP: 0033:0x7f8a4ad7ff19
[  879.711941][T14951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  879.731543][T14951] RSP: 002b:00007f8a4bc28058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  879.739955][T14951] RAX: ffffffffffffffda RBX: 00007f8a4af46160 RCX: 00007f8a4ad7ff19
[  879.747921][T14951] RDX: 0000000020000040 RSI: 000000004024700a RDI: 0000000000000008
[  879.755885][T14951] RBP: 00007f8a4bc280a0 R08: 0000000000000000 R09: 0000000000000000
[  879.763853][T14951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  879.771815][T14951] R13: 0000000000000000 R14: 00007f8a4af46160 R15: 00007ffec149d3a8
[  879.779813][T14951]  </TASK>
[  881.978644][T14980] Can't find a SQUASHFS superblock on nullb0
[  882.785671][T14991] netlink: 16 bytes leftover after parsing attributes in process `syz.9.2186'.
[  883.723900][   T11] team0 (unregistering): Port device team_slave_1 removed
[  883.910924][T15002] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2189'.
[  884.777353][ T5869] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  884.937478][ T5869] usb 4-1: Using ep0 maxpacket: 8
[  884.960246][T14947] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  885.086816][ T5869] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  885.096117][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  885.165632][ T5869] usb 4-1: config 0 descriptor??
[  885.413163][T15019] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2191'.
[  885.703121][ T5869] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  885.713399][ T5869] asix 4-1:0.0: probe with driver asix failed with error -61
[  885.783089][    T8] usb 4-1: USB disconnect, device number 27
[  886.737551][   T29] audit: type=1326 audit(1733910418.193:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.1.2192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  886.759254][    C0] vkms_vblank_simulate: vblank timer overrun
[  887.690074][   T29] audit: type=1326 audit(1733910418.193:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.1.2192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  887.727012][   T29] audit: type=1326 audit(1733910418.193:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.1.2192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  887.754517][   T29] audit: type=1326 audit(1733910418.193:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.1.2192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  887.776078][    C0] vkms_vblank_simulate: vblank timer overrun
[  887.787689][   T29] audit: type=1326 audit(1733910418.193:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.1.2192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  887.809270][    C0] vkms_vblank_simulate: vblank timer overrun
[  887.820263][T15031] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2193'.
[  887.909633][   T29] audit: type=1326 audit(1733910418.193:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.1.2192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8a4ad7e880 code=0x7ffc0000
[  887.943093][T14726] bridge0: port 1(bridge_slave_0) entered blocking state
[  887.953481][T14726] bridge0: port 1(bridge_slave_0) entered disabled state
[  887.979722][T14726] bridge_slave_0: entered allmulticast mode
[  887.986810][   T29] audit: type=1326 audit(1733910418.203:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.1.2192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8a4ad7e880 code=0x7ffc0000
[  888.008414][    C0] vkms_vblank_simulate: vblank timer overrun
[  888.138152][T14726] bridge_slave_0: entered promiscuous mode
[  888.145723][T14726] bridge0: port 2(bridge_slave_1) entered blocking state
[  888.153206][   T29] audit: type=1326 audit(1733910418.203:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.1.2192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  888.176239][T14726] bridge0: port 2(bridge_slave_1) entered disabled state
[  888.184169][T14726] bridge_slave_1: entered allmulticast mode
[  888.191484][T14726] bridge_slave_1: entered promiscuous mode
[  888.197485][   T29] audit: type=1326 audit(1733910418.203:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.1.2192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  888.228731][   T29] audit: type=1326 audit(1733910418.203:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15024 comm="syz.1.2192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  888.325344][ T5866] IPVS: starting estimator thread 0...
[  888.358756][T14726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  888.372760][T15044] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[  888.375180][T14726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  888.450249][T14726] team0: Port device team_slave_0 added
[  888.459171][T14726] team0: Port device team_slave_1 added
[  888.487761][T15048] IPVS: using max 21 ests per chain, 50400 per kthread
[  888.532579][T14726] batman_adv: batadv0: Adding interface: batadv_slave_0
[  888.544045][T14726] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  888.686864][T14726] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  888.708789][T15039] input: syz0 as /devices/virtual/input/input19
[  888.731185][T14726] batman_adv: batadv0: Adding interface: batadv_slave_1
[  888.757388][T14726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  888.836759][T14726] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  889.102483][   T11] IPVS: stop unused estimator thread 0...
[  889.126986][T15065] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  889.404075][T14726] hsr_slave_0: entered promiscuous mode
[  889.487853][T15062] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2199'.
[  889.511117][T14726] hsr_slave_1: entered promiscuous mode
[  889.713323][T14726] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  889.721297][T14726] Cannot create hsr debugfs directory
[  890.207643][T15096] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2203'.
[  890.276526][T15097] netlink: 16 bytes leftover after parsing attributes in process `syz.9.2205'.
[  890.713327][T15101] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2206'.
[  891.260711][T15111] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2207'.
[  892.139466][T14726] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  892.169425][T14726] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  892.200862][T14726] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  892.241446][T14726] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  892.430422][T14726] 8021q: adding VLAN 0 to HW filter on device bond0
[  892.463503][T14726] 8021q: adding VLAN 0 to HW filter on device team0
[  892.555863][ T7388] bridge0: port 1(bridge_slave_0) entered blocking state
[  892.562996][ T7388] bridge0: port 1(bridge_slave_0) entered forwarding state
[  892.588358][ T7388] bridge0: port 2(bridge_slave_1) entered blocking state
[  892.595478][ T7388] bridge0: port 2(bridge_slave_1) entered forwarding state
[  893.111444][T14726] 8021q: adding VLAN 0 to HW filter on device batadv0
[  893.228162][T14726] veth0_vlan: entered promiscuous mode
[  893.257509][T14726] veth1_vlan: entered promiscuous mode
[  893.348681][T14726] veth0_macvtap: entered promiscuous mode
[  893.418460][T14726] veth1_macvtap: entered promiscuous mode
[  893.481149][T14726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  893.511111][T14726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  893.521952][T14726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  893.535345][T14726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  893.563320][T14726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  893.600642][T14726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  893.642896][T14726] batman_adv: batadv0: Interface activated: batadv_slave_0
[  893.691140][T14726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  893.737417][T14726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  893.777346][T14726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  893.820421][T14726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  893.857362][T14726] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  893.898156][T14726] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  893.948614][T14726] batman_adv: batadv0: Interface activated: batadv_slave_1
[  894.006083][T14726] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  894.036101][T14726] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  894.066140][T14726] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  894.107364][T14726] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  894.341427][ T6177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  894.377585][ T6177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  894.428913][ T6177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  894.469175][ T6177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  894.673611][T15159] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  894.744133][T15159] CIFS mount error: No usable UNC path provided in device string!
[  894.744133][T15159] 
[  894.764818][T15159] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  894.955943][T15163] team0: Port device team_slave_0 removed
[  894.962851][T15163] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  895.228287][    T8] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  895.727457][    T8] usb 4-1: Using ep0 maxpacket: 32
[  895.738597][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  895.928223][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  896.039556][T15185] netlink: 16 bytes leftover after parsing attributes in process `syz.9.2215'.
[  896.172311][    T8] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  896.182515][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  896.203207][    T8] usb 4-1: config 0 descriptor??
[  896.315862][T15191] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2216'.
[  896.556509][T15201] netlink: 16 bytes leftover after parsing attributes in process `syz.9.2217'.
[  896.658230][    T8] kone 0003:1E7D:2CED.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.3-1/input0
[  896.859427][    T8] kone 0003:1E7D:2CED.0007: couldn't init struct kone_device
[  896.887046][    T8] kone 0003:1E7D:2CED.0007: couldn't install mouse
[  896.918804][    T8] kone 0003:1E7D:2CED.0007: probe with driver kone failed with error -5
[  896.962902][    T8] usb 4-1: USB disconnect, device number 28
[  897.007431][ T5866] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  897.191128][ T5866] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  897.235214][ T5866] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  897.304552][ T5866] usb 7-1: Product: syz
[  897.324654][ T5866] usb 7-1: Manufacturer: syz
[  897.344936][ T5866] usb 7-1: SerialNumber: syz
[  897.366993][ T5866] usb 7-1: config 0 descriptor??
[  897.653651][ T5866] usb 7-1: USB disconnect, device number 14
[  898.787404][ T5911] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  898.958332][T15257] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2224'.
[  898.968224][ T5911] usb 4-1: Using ep0 maxpacket: 32
[  898.995025][ T5911] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  899.019846][ T5911] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  899.048381][ T5911] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  899.085027][ T5911] usb 4-1: config 1 has no interface number 0
[  899.101681][ T5911] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  899.133259][ T5911] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  899.176237][ T5911] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  899.200202][ T5911] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  899.338987][ T5911] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  899.926517][ T5911] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached
[  900.189311][ T5911] usb 4-1: USB disconnect, device number 29
[  900.195805][ T5911] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  900.311270][T15287] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2227'.
[  901.097592][ T5911] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[  901.259770][ T5911] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  901.273380][ T5911] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  901.298188][ T5911] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  901.326159][ T5911] usb 7-1: config 0 interface 0 altsetting 191 has 0 endpoint descriptors, different from the interface descriptor's value: 144
[  901.361302][ T5911] usb 7-1: config 0 interface 0 has no altsetting 0
[  901.382257][ T5911] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  901.399006][ T5911] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  901.431700][ T5911] usb 7-1: Product: syz
[  901.445494][ T5911] usb 7-1: Manufacturer: syz
[  901.464341][ T5911] usb 7-1: SerialNumber: syz
[  901.480924][ T5911] usb 7-1: config 0 descriptor??
[  901.676679][T15340] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2235'.
[  901.745330][ T5911] ldusb 7-1:0.0: Interrupt in endpoint not found
[  901.772372][ T5911] usb 7-1: USB disconnect, device number 15
[  902.383242][T15350] batman_adv: batadv0: Adding interface: dummy0
[  902.392704][T15350] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  902.425193][T15350] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active
[  902.717356][T10236] Bluetooth: hci4: command tx timeout
[  902.772490][T15358] FAULT_INJECTION: forcing a failure.
[  902.772490][T15358] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  902.785761][T15358] CPU: 0 UID: 0 PID: 15358 Comm: syz.3.2238 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  902.796635][T15358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  902.806793][T15358] Call Trace:
[  902.810089][T15358]  <TASK>
[  902.813030][T15358]  dump_stack_lvl+0x241/0x360
[  902.817735][T15358]  ? __pfx_dump_stack_lvl+0x10/0x10
[  902.822958][T15358]  ? __pfx__printk+0x10/0x10
[  902.827575][T15358]  should_fail_ex+0x3b0/0x4e0
[  902.832279][T15358]  _copy_from_user+0x2f/0xc0
[  902.836888][T15358]  move_addr_to_kernel+0x82/0x150
[  902.841933][T15358]  __sys_bind+0x124/0x290
[  902.846285][T15358]  ? __pfx___sys_bind+0x10/0x10
[  902.851176][T15358]  __x64_sys_bind+0x7a/0x90
[  902.855706][T15358]  do_syscall_64+0xf3/0x230
[  902.860231][T15358]  ? clear_bhb_loop+0x35/0x90
[  902.864928][T15358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  902.870833][T15358] RIP: 0033:0x7fbe3f77ff19
[  902.875257][T15358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  902.894876][T15358] RSP: 002b:00007fbe40557058 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  902.903306][T15358] RAX: ffffffffffffffda RBX: 00007fbe3f946160 RCX: 00007fbe3f77ff19
[  902.911293][T15358] RDX: 0000000000000024 RSI: 0000000020001080 RDI: 0000000000000008
[  902.919275][T15358] RBP: 00007fbe405570a0 R08: 0000000000000000 R09: 0000000000000000
[  902.927260][T15358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  902.935242][T15358] R13: 0000000000000000 R14: 00007fbe3f946160 R15: 00007ffd523ed468
[  902.943240][T15358]  </TASK>
[  903.513684][T15368] 9pnet_fd: Insufficient options for proto=fd
[  904.348833][T15381] lo speed is unknown, defaulting to 1000
[  904.355193][T15381] lo speed is unknown, defaulting to 1000
[  904.364982][T15381] lo speed is unknown, defaulting to 1000
[  904.388666][T15381] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  904.428819][T15381] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  905.008983][   T29] kauditd_printk_skb: 11 callbacks suppressed
[  905.009000][   T29] audit: type=1326 audit(1733910437.083:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.3.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  905.060170][T15381] lo speed is unknown, defaulting to 1000
[  905.067408][T15381] lo speed is unknown, defaulting to 1000
[  905.073662][T15381] lo speed is unknown, defaulting to 1000
[  905.081305][T15381] lo speed is unknown, defaulting to 1000
[  905.087769][T15381] lo speed is unknown, defaulting to 1000
[  905.095018][T15381] lo speed is unknown, defaulting to 1000
[  905.101325][T15381] lo speed is unknown, defaulting to 1000
[  905.163556][   T29] audit: type=1326 audit(1733910437.113:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.3.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  905.294386][   T29] audit: type=1326 audit(1733910437.113:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.3.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  905.316523][   T29] audit: type=1326 audit(1733910437.113:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.3.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  905.338562][   T29] audit: type=1326 audit(1733910437.113:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.3.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  905.403073][   T29] audit: type=1326 audit(1733910437.113:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.3.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  905.439880][T15398] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2246'.
[  905.495397][   T29] audit: type=1326 audit(1733910437.113:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.3.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  905.765473][T15407] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2247'.
[  905.908258][   T29] audit: type=1326 audit(1733910437.113:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.3.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  905.979956][   T29] audit: type=1326 audit(1733910437.113:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.3.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  906.733617][   T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  906.765448][   T29] audit: type=1326 audit(1733910437.113:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15384 comm="syz.3.2243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  909.480492][T15472] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2261'.
[  909.664147][T15481] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2259'.
[  912.419554][T15517] delete_channel: no stack
[  913.375211][T15537] FAULT_INJECTION: forcing a failure.
[  913.375211][T15537] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  913.454445][T15537] CPU: 1 UID: 0 PID: 15537 Comm: syz.3.2277 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  913.465259][T15537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  913.475336][T15537] Call Trace:
[  913.478636][T15537]  <TASK>
[  913.481593][T15537]  dump_stack_lvl+0x241/0x360
[  913.486302][T15537]  ? __pfx_dump_stack_lvl+0x10/0x10
[  913.491532][T15537]  ? __pfx__printk+0x10/0x10
[  913.496157][T15537]  ? snprintf+0xda/0x120
[  913.500424][T15537]  should_fail_ex+0x3b0/0x4e0
[  913.505140][T15537]  _copy_to_user+0x31/0xb0
[  913.509583][T15537]  simple_read_from_buffer+0xca/0x150
[  913.514990][T15537]  proc_fail_nth_read+0x1e9/0x250
[  913.520046][T15537]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  913.525626][T15537]  ? rw_verify_area+0x568/0x6f0
[  913.530499][T15537]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  913.536075][T15537]  vfs_read+0x1fc/0xb70
[  913.540269][T15537]  ? __pfx___mutex_lock+0x10/0x10
[  913.545315][T15537]  ? __pfx_vfs_read+0x10/0x10
[  913.550011][T15537]  ? __fget_files+0x2a/0x410
[  913.554599][T15537]  ? __fget_files+0x395/0x410
[  913.559271][T15537]  ? __fget_files+0x2a/0x410
[  913.563869][T15537]  ksys_read+0x18f/0x2b0
[  913.568120][T15537]  ? __pfx_ksys_read+0x10/0x10
[  913.572884][T15537]  ? do_syscall_64+0x100/0x230
[  913.577739][T15537]  ? do_syscall_64+0xb6/0x230
[  913.582423][T15537]  do_syscall_64+0xf3/0x230
[  913.586927][T15537]  ? clear_bhb_loop+0x35/0x90
[  913.591608][T15537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  913.597505][T15537] RIP: 0033:0x7fbe3f77e92c
[  913.601929][T15537] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  913.621531][T15537] RSP: 002b:00007fbe40599050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  913.629972][T15537] RAX: ffffffffffffffda RBX: 00007fbe3f945fa0 RCX: 00007fbe3f77e92c
[  913.637946][T15537] RDX: 000000000000000f RSI: 00007fbe405990b0 RDI: 0000000000000006
[  913.645910][T15537] RBP: 00007fbe405990a0 R08: 0000000000000000 R09: 0000000000000000
[  913.653875][T15537] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000001
[  913.661841][T15537] R13: 0000000000000000 R14: 00007fbe3f945fa0 R15: 00007ffd523ed468
[  913.669818][T15537]  </TASK>
[  913.672967][    C1] vkms_vblank_simulate: vblank timer overrun
[  916.326151][T15573] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2285'.
[  916.555437][T15573] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2285'.
[  916.577348][T15573] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2285'.
[  916.705501][T15581] FAULT_INJECTION: forcing a failure.
[  916.705501][T15581] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  916.718682][T15581] CPU: 0 UID: 0 PID: 15581 Comm: syz.9.2287 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  916.729456][T15581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  916.739524][T15581] Call Trace:
[  916.742814][T15581]  <TASK>
[  916.745751][T15581]  dump_stack_lvl+0x241/0x360
[  916.750456][T15581]  ? __pfx_dump_stack_lvl+0x10/0x10
[  916.755684][T15581]  ? __pfx__printk+0x10/0x10
[  916.760288][T15581]  ? __pfx_lock_release+0x10/0x10
[  916.765331][T15581]  should_fail_ex+0x3b0/0x4e0
[  916.770038][T15581]  _copy_from_user+0x2f/0xc0
[  916.774652][T15581]  kvmemdup_bpfptr_noprof+0x7d/0xf0
[  916.779872][T15581]  map_update_elem+0x251/0x6f0
[  916.784656][T15581]  __sys_bpf+0x76f/0x810
[  916.788912][T15581]  ? __pfx___sys_bpf+0x10/0x10
[  916.793698][T15581]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  916.799692][T15581]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  916.806030][T15581]  ? do_syscall_64+0x100/0x230
[  916.810813][T15581]  __x64_sys_bpf+0x7c/0x90
[  916.815248][T15581]  do_syscall_64+0xf3/0x230
[  916.819770][T15581]  ? clear_bhb_loop+0x35/0x90
[  916.824466][T15581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  916.830462][T15581] RIP: 0033:0x7f9789d7ff19
[  916.834905][T15581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  916.854543][T15581] RSP: 002b:00007f978aaf9058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  916.862979][T15581] RAX: ffffffffffffffda RBX: 00007f9789f46160 RCX: 00007f9789d7ff19
[  916.870970][T15581] RDX: 0000000000000020 RSI: 0000000020000140 RDI: 0000000000000002
[  916.878959][T15581] RBP: 00007f978aaf90a0 R08: 0000000000000000 R09: 0000000000000000
[  916.886943][T15581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  916.894924][T15581] R13: 0000000000000000 R14: 00007f9789f46160 R15: 00007ffd836c1368
[  916.902924][T15581]  </TASK>
[  918.069383][T15589] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2290'.
[  918.078512][T15589] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2290'.
[  918.256714][T15590] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  918.646532][T15608] netlink: 16 bytes leftover after parsing attributes in process `syz.9.2294'.
[  922.587258][   T29] kauditd_printk_skb: 26 callbacks suppressed
[  922.587273][   T29] audit: type=1326 audit(1733910454.223:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15639 comm="syz.3.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  922.874595][   T29] audit: type=1326 audit(1733910454.223:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15639 comm="syz.3.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  922.903661][   T29] audit: type=1326 audit(1733910454.223:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15639 comm="syz.3.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  922.988399][   T29] audit: type=1326 audit(1733910454.223:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15639 comm="syz.3.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  923.238100][T15651] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2301'.
[  923.266187][T15636] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2299'.
[  923.286395][   T29] audit: type=1326 audit(1733910454.223:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15639 comm="syz.3.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  923.317517][   T29] audit: type=1326 audit(1733910454.223:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15639 comm="syz.3.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbe3f77e880 code=0x7ffc0000
[  923.348641][   T29] audit: type=1326 audit(1733910454.233:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15639 comm="syz.3.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbe3f77e880 code=0x7ffc0000
[  923.448310][   T29] audit: type=1326 audit(1733910454.233:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15639 comm="syz.3.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  923.655647][   T29] audit: type=1326 audit(1733910454.233:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15639 comm="syz.3.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  923.701386][   T29] audit: type=1326 audit(1733910454.233:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15639 comm="syz.3.2302" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  923.814065][T15667] fuse: Bad value for 'user_id'
[  923.819192][T15667] fuse: Bad value for 'user_id'
[  923.929181][T15669] (syz.9.2304,15669,0):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  923.938777][T15669] (syz.9.2304,15669,0):ocfs2_fill_super:1178 ERROR: status = -22
[  925.522815][T15692] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2313'.
[  926.442882][T15705] team0: Port device team_slave_0 removed
[  926.449356][T15705] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  928.777313][   T58] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  928.947295][   T58] usb 7-1: device descriptor read/64, error -71
[  929.240088][   T58] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  929.407332][   T58] usb 7-1: device descriptor read/64, error -71
[  929.878898][   T58] usb usb7-port1: attempt power cycle
[  930.114460][T11073] udevd[11073]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  930.237810][   T58] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  930.507425][T15769] libceph: resolve 'c' (ret=-3): failed
[  931.408257][   T58] usb 7-1: device descriptor read/8, error -71
[  931.796471][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  931.808965][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  932.247491][T15784] netlink: 'syz.1.2330': attribute type 21 has an invalid length.
[  932.255429][T15784] netlink: 'syz.1.2330': attribute type 6 has an invalid length.
[  932.264005][T15784] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2330'.
[  932.556507][T15800] netlink: 'syz.9.2335': attribute type 126 has an invalid length.
[  932.676309][T15804] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2334'.
[  933.143296][T15809] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2332'.
[  934.292032][T15823] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2340'.
[  934.837779][T15826] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2338'.
[  935.120554][T15841] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  935.288809][T15845] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2342'.
[  935.639325][T15857] af_packet: tpacket_rcv: packet too big, clamped from 3698 to 2928. macoff=96
[  935.753341][T15864] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2348'.
[  938.152984][T15874] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2351'.
[  938.186976][T15873] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  938.311643][T15904] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  938.502856][T15906] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2354'.
[  939.122654][T15910] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2355'.
[  939.138022][ T5944] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  939.355937][T15925] FAULT_INJECTION: forcing a failure.
[  939.355937][T15925] name failslab, interval 1, probability 0, space 0, times 0
[  939.369253][T15925] CPU: 0 UID: 0 PID: 15925 Comm: syz.0.2360 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  939.380046][T15925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  939.390121][T15925] Call Trace:
[  939.393414][T15925]  <TASK>
[  939.396355][T15925]  dump_stack_lvl+0x241/0x360
[  939.401071][T15925]  ? __pfx_dump_stack_lvl+0x10/0x10
[  939.406303][T15925]  ? __pfx__printk+0x10/0x10
[  939.410906][T15925]  ? __kmalloc_noprof+0xb5/0x4c0
[  939.415864][T15925]  ? __pfx___might_resched+0x10/0x10
[  939.421194][T15925]  should_fail_ex+0x3b0/0x4e0
[  939.425918][T15925]  should_failslab+0xac/0x100
[  939.430620][T15925]  __kmalloc_noprof+0xdd/0x4c0
[  939.435389][T15925]  ? sk_prot_alloc+0xe0/0x210
[  939.440067][T15925]  sk_prot_alloc+0xe0/0x210
[  939.444568][T15925]  ? sk_alloc+0x26/0x370
[  939.448824][T15925]  sk_alloc+0x38/0x370
[  939.452896][T15925]  ? bpf_test_init+0x15a/0x180
[  939.457765][T15925]  ? bpf_ctx_init+0x162/0x1b0
[  939.462462][T15925]  bpf_prog_test_run_skb+0x3ab/0x1820
[  939.467833][T15925]  ? __pfx_lock_release+0x10/0x10
[  939.472852][T15925]  ? __pfx___might_resched+0x10/0x10
[  939.478155][T15925]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  939.483999][T15925]  ? __fget_files+0x2a/0x410
[  939.488584][T15925]  ? fput+0x21b/0x290
[  939.492567][T15925]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  939.498408][T15925]  bpf_prog_test_run+0x2e4/0x360
[  939.503347][T15925]  __sys_bpf+0x48d/0x810
[  939.507593][T15925]  ? __pfx___sys_bpf+0x10/0x10
[  939.512348][T15925]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  939.518340][T15925]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  939.524658][T15925]  ? do_syscall_64+0x100/0x230
[  939.529420][T15925]  __x64_sys_bpf+0x7c/0x90
[  939.533833][T15925]  do_syscall_64+0xf3/0x230
[  939.538329][T15925]  ? clear_bhb_loop+0x35/0x90
[  939.542999][T15925]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  939.548881][T15925] RIP: 0033:0x7f375e77ff19
[  939.553285][T15925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  939.572879][T15925] RSP: 002b:00007f375f5f4058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  939.581297][T15925] RAX: ffffffffffffffda RBX: 00007f375e945fa0 RCX: 00007f375e77ff19
[  939.589260][T15925] RDX: 0000000000000048 RSI: 0000000020000080 RDI: 000000000000000a
[  939.597222][T15925] RBP: 00007f375f5f40a0 R08: 0000000000000000 R09: 0000000000000000
[  939.605187][T15925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  939.613143][T15925] R13: 0000000000000000 R14: 00007f375e945fa0 R15: 00007ffc52cb76b8
[  939.621118][T15925]  </TASK>
[  939.703305][T15932] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2359'.
[  940.127380][T15938] netlink: 132 bytes leftover after parsing attributes in process `syz.9.2361'.
[  940.819388][   T29] kauditd_printk_skb: 9 callbacks suppressed
[  940.825917][   T29] audit: type=1804 audit(1733910472.893:191): pid=15963 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.2366" name="/newroot/31/bus/file1" dev="overlay" ino=191 res=1 errno=0
[  941.275241][T15975] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  941.438312][T15988] siw: device registration error -23
[  941.613763][T15990] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2369'.
[  942.207374][T15996] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2373'.
[  943.781319][T16019] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2378'.
[  943.905524][   T29] audit: type=1326 audit(1733910474.983:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15999 comm="syz.1.2374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  943.990036][   T29] audit: type=1326 audit(1733910474.983:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15999 comm="syz.1.2374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  944.064019][   T29] audit: type=1326 audit(1733910474.983:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15999 comm="syz.1.2374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  944.085600][    C0] vkms_vblank_simulate: vblank timer overrun
[  944.132707][   T29] audit: type=1326 audit(1733910474.983:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15999 comm="syz.1.2374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  944.222249][   T29] audit: type=1326 audit(1733910474.983:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15999 comm="syz.1.2374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  944.251949][   T29] audit: type=1326 audit(1733910474.983:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15999 comm="syz.1.2374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8a4ad7e880 code=0x7ffc0000
[  944.273964][   T29] audit: type=1326 audit(1733910474.993:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15999 comm="syz.1.2374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8a4ad7e880 code=0x7ffc0000
[  944.295765][   T29] audit: type=1326 audit(1733910474.993:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15999 comm="syz.1.2374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  944.317350][    C0] vkms_vblank_simulate: vblank timer overrun
[  944.324650][   T29] audit: type=1326 audit(1733910474.993:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15999 comm="syz.1.2374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  944.432050][T16043] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2384'.
[  944.602028][T16050] team0: Port device team_slave_0 removed
[  944.608148][T16050] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  946.022263][T16070] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2389'.
[  946.509510][T16074] fuse: Bad value for 'rootmode'
[  946.534465][T16074] overlay: ./file0 is not a directory
[  948.127413][ T5912] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  948.295986][ T5912] usb 2-1: config 9 has an invalid interface number: 109 but max is 0
[  948.326110][ T5912] usb 2-1: config 9 has no interface number 0
[  948.345060][ T5912] usb 2-1: config 9 interface 109 altsetting 0 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[  948.388630][ T5912] usb 2-1: config 9 interface 109 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  948.422853][ T5912] usb 2-1: New USB device found, idVendor=2040, idProduct=4902, bcdDevice=b5.f2
[  948.432514][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  948.450820][ T5912] usb 2-1: Product: syz
[  948.471136][ T5912] usb 2-1: Manufacturer: syz
[  948.486130][ T5912] usb 2-1: SerialNumber: syz
[  948.503002][T16096] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  948.597412][   T58] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  948.725563][T16096] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  948.737564][   T58] usb 4-1: device descriptor read/64, error -71
[  948.761044][T16096] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  948.770654][T16116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  948.787052][T16116] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  948.838691][ T5912] hdpvr 2-1:9.109: Could not find bulk-in endpoint
[  948.851714][ T5912] hdpvr 2-1:9.109: probe with driver hdpvr failed with error -12
[  948.869498][ T5912] usb 2-1: USB disconnect, device number 2
[  948.907743][T11318] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  948.987354][   T58] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  949.077344][T11318] usb 10-1: Using ep0 maxpacket: 8
[  949.088967][T11318] usb 10-1: New USB device found, idVendor=0423, idProduct=010c, bcdDevice=14.e5
[  949.098372][T11318] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  949.116148][T11318] usb 10-1: config 0 descriptor??
[  949.137298][   T58] usb 4-1: device descriptor read/64, error -71
[  949.253684][   T58] usb usb4-port1: attempt power cycle
[  949.652351][   T58] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  949.784350][   T58] usb 4-1: device descriptor read/8, error -71
[  950.064647][   T58] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  950.323776][   T58] usb 4-1: device descriptor read/8, error -71
[  950.423270][T16153] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2402'.
[  950.438653][   T58] usb usb4-port1: unable to enumerate USB device
[  950.888292][   T58] usb 10-1: USB disconnect, device number 2
[  950.995628][ T5912] IPVS: starting estimator thread 0...
[  951.087342][T16168] IPVS: using max 22 ests per chain, 52800 per kthread
[  951.365173][T16185] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2410'.
[  951.959456][T16190] FAULT_INJECTION: forcing a failure.
[  951.959456][T16190] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  951.979650][T16190] CPU: 1 UID: 0 PID: 16190 Comm: syz.0.2412 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  951.990470][T16190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  952.000552][T16190] Call Trace:
[  952.003854][T16190]  <TASK>
[  952.006814][T16190]  dump_stack_lvl+0x241/0x360
[  952.011523][T16190]  ? __pfx_dump_stack_lvl+0x10/0x10
[  952.016750][T16190]  ? __pfx__printk+0x10/0x10
[  952.021459][T16190]  ? __pfx_lock_release+0x10/0x10
[  952.026520][T16190]  should_fail_ex+0x3b0/0x4e0
[  952.031237][T16190]  _copy_from_user+0x2f/0xc0
[  952.035859][T16190]  memdup_user+0x64/0xc0
[  952.040129][T16190]  strndup_user+0x68/0xc0
[  952.044491][T16190]  __se_sys_fsconfig+0x763/0xf60
[  952.049462][T16190]  ? __pfx___se_sys_fsconfig+0x10/0x10
[  952.054940][T16190]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  952.060959][T16190]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  952.067310][T16190]  ? do_syscall_64+0x100/0x230
[  952.072112][T16190]  ? __x64_sys_fsconfig+0x20/0xc0
[  952.077170][T16190]  do_syscall_64+0xf3/0x230
[  952.081707][T16190]  ? clear_bhb_loop+0x35/0x90
[  952.086418][T16190]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  952.092340][T16190] RIP: 0033:0x7f375e77ff19
[  952.096778][T16190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  952.116411][T16190] RSP: 002b:00007f375f5f4058 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[  952.124858][T16190] RAX: ffffffffffffffda RBX: 00007f375e945fa0 RCX: 00007f375e77ff19
[  952.132969][T16190] RDX: 0000000020000180 RSI: 0000000000000001 RDI: 0000000000000003
[  952.140976][T16190] RBP: 00007f375f5f40a0 R08: 0000000000000000 R09: 0000000000000000
[  952.148968][T16190] R10: 0000000020000d80 R11: 0000000000000246 R12: 0000000000000001
[  952.156967][T16190] R13: 0000000000000000 R14: 00007f375e945fa0 R15: 00007ffc52cb76b8
[  952.164978][T16190]  </TASK>
[  952.189515][T16194] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  952.520190][T16203] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2415'.
[  953.723811][ T5912] IPVS: starting estimator thread 0...
[  953.857624][T16223] IPVS: using max 20 ests per chain, 48000 per kthread
[  954.439510][T16226] ªªªªª» speed is unknown, defaulting to 1000
[  954.466451][T16235] FAULT_INJECTION: forcing a failure.
[  954.466451][T16235] name failslab, interval 1, probability 0, space 0, times 0
[  954.529414][T16235] CPU: 1 UID: 0 PID: 16235 Comm: syz.1.2423 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  954.540235][T16235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  954.550326][T16235] Call Trace:
[  954.553621][T16235]  <TASK>
[  954.556579][T16235]  dump_stack_lvl+0x241/0x360
[  954.561291][T16235]  ? __pfx_dump_stack_lvl+0x10/0x10
[  954.566552][T16235]  ? __pfx__printk+0x10/0x10
[  954.571170][T16235]  ? __kmalloc_cache_noprof+0x48/0x390
[  954.576718][T16235]  ? __pfx___might_resched+0x10/0x10
[  954.582046][T16235]  should_fail_ex+0x3b0/0x4e0
[  954.586766][T16235]  should_failslab+0xac/0x100
[  954.591477][T16235]  __kmalloc_cache_noprof+0x70/0x390
[  954.596785][T16235]  ? wakeup_source_register+0x57/0x250
[  954.602275][T16235]  wakeup_source_register+0x57/0x250
[  954.607595][T16235]  ep_insert+0xd99/0x1ab0
[  954.611962][T16235]  ? __pfx_ep_insert+0x10/0x10
[  954.616755][T16235]  ? __fget_files+0x2a/0x410
[  954.621388][T16235]  ? bpf_lsm_capable+0x9/0x10
[  954.626098][T16235]  do_epoll_ctl+0x8bc/0xf80
[  954.630640][T16235]  __x64_sys_epoll_ctl+0x161/0x1a0
[  954.635782][T16235]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[  954.641466][T16235]  ? do_syscall_64+0x100/0x230
[  954.646259][T16235]  ? do_syscall_64+0xb6/0x230
[  954.650967][T16235]  do_syscall_64+0xf3/0x230
[  954.655497][T16235]  ? clear_bhb_loop+0x35/0x90
[  954.660209][T16235]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  954.666133][T16235] RIP: 0033:0x7f8a4ad7ff19
[  954.670570][T16235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  954.690287][T16235] RSP: 002b:00007f8a4bc6a058 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  954.698703][T16235] RAX: ffffffffffffffda RBX: 00007f8a4af45fa0 RCX: 00007f8a4ad7ff19
[  954.706670][T16235] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004
[  954.714691][T16235] RBP: 00007f8a4bc6a0a0 R08: 0000000000000000 R09: 0000000000000000
[  954.722657][T16235] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000001
[  954.730641][T16235] R13: 0000000000000000 R14: 00007f8a4af45fa0 R15: 00007ffec149d3a8
[  954.738636][T16235]  </TASK>
[  954.805901][T16241] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2424'.
[  954.954567][T16226] lo speed is unknown, defaulting to 1000
[  955.247262][   T29] kauditd_printk_skb: 29 callbacks suppressed
[  955.247280][   T29] audit: type=1326 audit(1733910487.313:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  955.277710][   T29] audit: type=1326 audit(1733910487.313:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  955.302154][   T29] audit: type=1326 audit(1733910487.313:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  955.327242][   T29] audit: type=1326 audit(1733910487.313:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  955.352940][   T29] audit: type=1326 audit(1733910487.313:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  955.375498][   T29] audit: type=1326 audit(1733910487.313:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  955.397864][   T29] audit: type=1326 audit(1733910487.313:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  955.420054][   T29] audit: type=1326 audit(1733910487.313:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  955.442268][   T29] audit: type=1326 audit(1733910487.313:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  955.464135][   T29] audit: type=1326 audit(1733910487.313:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16249 comm="syz.1.2427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  955.697061][T16266] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2429'.
[  956.342445][T16272] bridge0: port 3(dummy0) entered blocking state
[  956.369523][T16272] bridge0: port 3(dummy0) entered disabled state
[  956.398608][T16272] dummy0: entered allmulticast mode
[  956.433441][T16272] dummy0: entered promiscuous mode
[  956.458081][T16272] bridge0: port 3(dummy0) entered blocking state
[  956.465075][T16272] bridge0: port 3(dummy0) entered forwarding state
[  956.522901][   T58] IPVS: starting estimator thread 0...
[  956.627286][T16286] IPVS: using max 25 ests per chain, 60000 per kthread
[  956.696013][   T58] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  956.754929][T16293] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  956.859755][T16296] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2437'.
[  956.877398][   T58] usb 2-1: Using ep0 maxpacket: 8
[  956.884434][   T58] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  956.895817][   T58] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  956.926751][   T58] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  956.947259][   T58] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  956.960343][   T58] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  956.969522][   T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  957.270848][   T58] usb 2-1: GET_CAPABILITIES returned 0
[  957.276437][   T58] usbtmc 2-1:16.0: can't read capabilities
[  957.864406][ T5912] usb 2-1: USB disconnect, device number 3
[  958.326385][T16331] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2441'.
[  958.860451][T16337] netlink: 'syz.1.2443': attribute type 2 has an invalid length.
[  958.895692][T16337] fþ: entered promiscuous mode
[  959.214327][T16344] FAULT_INJECTION: forcing a failure.
[  959.214327][T16344] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  959.227575][T16344] CPU: 1 UID: 0 PID: 16344 Comm: syz.3.2446 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  959.238369][T16344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  959.248536][T16344] Call Trace:
[  959.251832][T16344]  <TASK>
[  959.254778][T16344]  dump_stack_lvl+0x241/0x360
[  959.259484][T16344]  ? __pfx_dump_stack_lvl+0x10/0x10
[  959.264710][T16344]  ? __pfx__printk+0x10/0x10
[  959.269336][T16344]  should_fail_ex+0x3b0/0x4e0
[  959.274046][T16344]  strncpy_from_user+0x36/0x270
[  959.278933][T16344]  getname_flags+0xf1/0x540
[  959.283466][T16344]  user_path_at+0x24/0x60
[  959.287817][T16344]  __se_sys_utime+0x145/0x2e0
[  959.292520][T16344]  ? __pfx___se_sys_utime+0x10/0x10
[  959.297732][T16344]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  959.303734][T16344]  ? do_syscall_64+0x100/0x230
[  959.308522][T16344]  ? do_syscall_64+0xb6/0x230
[  959.313226][T16344]  do_syscall_64+0xf3/0x230
[  959.317748][T16344]  ? clear_bhb_loop+0x35/0x90
[  959.322455][T16344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  959.328372][T16344] RIP: 0033:0x7fbe3f77ff19
[  959.332804][T16344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  959.352437][T16344] RSP: 002b:00007fbe40599058 EFLAGS: 00000246 ORIG_RAX: 0000000000000084
[  959.360886][T16344] RAX: ffffffffffffffda RBX: 00007fbe3f945fa0 RCX: 00007fbe3f77ff19
[  959.368882][T16344] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000020000000
[  959.376876][T16344] RBP: 00007fbe405990a0 R08: 0000000000000000 R09: 0000000000000000
[  959.384893][T16344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  959.392889][T16344] R13: 0000000000000000 R14: 00007fbe3f945fa0 R15: 00007ffd523ed468
[  959.400887][T16344]  </TASK>
[  959.881924][    T8] hid-generic 0005:04F3:FFF9.0008: item fetching failed at offset 0/1
[  960.157052][T11319] usb 10-1: new full-speed USB device number 3 using dummy_hcd
[  960.293422][    T8] hid-generic 0005:04F3:FFF9.0008: probe with driver hid-generic failed with error -22
[  960.400633][T11319] usb 10-1: config index 0 descriptor too short (expected 156, got 27)
[  960.417334][T11319] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  960.436869][T11319] usb 10-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  960.460152][T11319] usb 10-1: config 0 interface 0 altsetting 191 has 0 endpoint descriptors, different from the interface descriptor's value: 144
[  960.477925][T11319] usb 10-1: config 0 interface 0 has no altsetting 0
[  960.498792][   T29] kauditd_printk_skb: 21 callbacks suppressed
[  960.498808][   T29] audit: type=1326 audit(1733910492.573:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16362 comm="syz.3.2448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  960.510589][T16366] FAULT_INJECTION: forcing a failure.
[  960.510589][T16366] name failslab, interval 1, probability 0, space 0, times 0
[  960.540274][T16366] CPU: 0 UID: 0 PID: 16366 Comm: syz.6.2450 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  960.548095][T11319] usb 10-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  960.551042][T16366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  960.560494][T11319] usb 10-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  960.570186][T16366] Call Trace:
[  960.570203][T16366]  <TASK>
[  960.570214][T16366]  dump_stack_lvl+0x241/0x360
[  960.570245][T16366]  ? __pfx_dump_stack_lvl+0x10/0x10
[  960.570268][T16366]  ? __pfx__printk+0x10/0x10
[  960.590761][   T29] audit: type=1326 audit(1733910492.573:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16362 comm="syz.3.2448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  960.594871][T16366]  should_fail_ex+0x3b0/0x4e0
[  960.594910][T16366]  should_failslab+0xac/0x100
[  960.594938][T16366]  __kmalloc_noprof+0xdd/0x4c0
[  960.594957][T16366]  ? io_cqring_event_overflow+0xd2/0x660
[  960.594982][T16366]  io_cqring_event_overflow+0xd2/0x660
[  960.595009][T16366]  io_req_cqe_overflow+0xf2/0x150
[  960.595035][T16366]  __io_submit_flush_completions+0x2b7/0xd70
[  960.595066][T16366]  ? __pfx___io_submit_flush_completions+0x10/0x10
[  960.595088][T16366]  ? io_req_task_complete+0x12a/0x1a0
[  960.595113][T16366]  ? io_notif_tw_complete+0x337/0x350
[  960.595145][T16366]  io_handle_tw_list+0x473/0x500
[  960.595174][T16366]  tctx_task_work_run+0x9a/0x370
[  960.595197][T16366]  tctx_task_work+0x9a/0x100
[  960.595218][T16366]  ? __pfx_tctx_task_work+0x10/0x10
[  960.595242][T16366]  ? _raw_spin_unlock_irq+0x23/0x50
[  960.595263][T16366]  ? lockdep_hardirqs_on+0x99/0x150
[  960.595287][T16366]  task_work_run+0x24f/0x310
[  960.595313][T16366]  ? __pfx_task_work_run+0x10/0x10
[  960.595333][T16366]  ? __lock_acquire+0x1397/0x2100
[  960.595359][T16366]  get_signal+0x15f7/0x1750
[  960.595394][T16366]  ? __pfx_get_signal+0x10/0x10
[  960.595428][T16366]  arch_do_signal_or_restart+0x96/0x860
[  960.595457][T16366]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  960.595481][T16366]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  960.595515][T16366]  ? syscall_exit_to_user_mode+0xa3/0x340
[  960.595542][T16366]  syscall_exit_to_user_mode+0xce/0x340
[  960.595569][T16366]  do_syscall_64+0x100/0x230
[  960.595594][T16366]  ? clear_bhb_loop+0x35/0x90
[  960.595623][T16366]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  960.595647][T16366] RIP: 0033:0x7f379ed7ff19
[  960.595665][T16366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  960.595681][T16366] RSP: 002b:00007f379fae0058 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  960.805337][T16366] RAX: 0000000000000001 RBX: 00007f379ef45fa0 RCX: 00007f379ed7ff19
[  960.813308][T16366] RDX: 00000000ffffffff RSI: 0000000000001fd0 RDI: 0000000000000003
[  960.821286][T16366] RBP: 00007f379fae00a0 R08: 0000000000000000 R09: 0000000000000000
[  960.829251][T16366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  960.837218][T16366] R13: 0000000000000000 R14: 00007f379ef45fa0 R15: 00007ffee2c80a08
[  960.845207][T16366]  </TASK>
[  960.876086][   T29] audit: type=1326 audit(1733910492.573:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16362 comm="syz.3.2448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  960.910230][T11319] usb 10-1: Product: syz
[  960.914657][T11319] usb 10-1: Manufacturer: syz
[  960.956261][T11319] usb 10-1: SerialNumber: syz
[  961.092924][T11319] usb 10-1: config 0 descriptor??
[  961.235801][   T29] audit: type=1326 audit(1733910492.573:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16362 comm="syz.3.2448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  961.658361][   T29] audit: type=1326 audit(1733910492.583:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16362 comm="syz.3.2448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  961.741294][T11319] ldusb 10-1:0.0: Interrupt in endpoint not found
[  961.761007][T11319] usb 10-1: USB disconnect, device number 3
[  961.787303][   T29] audit: type=1326 audit(1733910492.583:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16362 comm="syz.3.2448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  961.858055][T16383] netdevsim netdevsim6 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  961.866909][T16383] netdevsim netdevsim6 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  961.887282][   T29] audit: type=1326 audit(1733910493.873:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16362 comm="syz.3.2448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  961.948362][T16383] netdevsim netdevsim6 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  961.984145][T16383] netdevsim netdevsim6 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  962.037709][   T29] audit: type=1326 audit(1733910493.873:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16362 comm="syz.3.2448" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe3f77ff19 code=0x7ffc0000
[  962.187787][T16383] geneve2: entered promiscuous mode
[  962.193060][T16383] geneve2: entered allmulticast mode
[  962.210443][T16395] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2454'.
[  962.978493][T16383] netdevsim netdevsim6 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[  963.027438][T16383] netdevsim netdevsim6 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  963.064949][T16383] netdevsim netdevsim6 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  963.090368][T16383] netdevsim netdevsim6 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  963.130444][   T29] audit: type=1800 audit(1733910495.193:269): pid=16408 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.2457" name="bus" dev="overlay" ino=343 res=0 errno=0
[  963.811946][T16389] ªªªªª» speed is unknown, defaulting to 1000
[  964.239037][   T29] audit: type=1326 audit(1733910496.313:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16427 comm="syz.1.2461" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a4ad7ff19 code=0x7ffc0000
[  964.326378][T16389] lo speed is unknown, defaulting to 1000
[  965.337929][T16447] siw: device registration error -23
[  967.427227][T16466] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2468'.
[  970.880732][ T7388] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  971.169228][   T29] kauditd_printk_skb: 11 callbacks suppressed
[  971.169270][   T29] audit: type=1326 audit(1733910503.203:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16507 comm="syz.9.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9789d7ff19 code=0x7ffc0000
[  971.659070][   T29] audit: type=1326 audit(1733910503.203:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16507 comm="syz.9.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9789d7ff19 code=0x7ffc0000
[  971.717590][   T29] audit: type=1326 audit(1733910503.203:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16507 comm="syz.9.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9789d7ff19 code=0x7ffc0000
[  971.739156][    C1] vkms_vblank_simulate: vblank timer overrun
[  971.764719][   T29] audit: type=1326 audit(1733910503.203:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16507 comm="syz.9.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9789d7ff19 code=0x7ffc0000
[  971.786564][    C1] vkms_vblank_simulate: vblank timer overrun
[  971.899879][   T29] audit: type=1326 audit(1733910503.203:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16507 comm="syz.9.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9789d7ff19 code=0x7ffc0000
[  971.942461][   T29] audit: type=1326 audit(1733910503.213:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16507 comm="syz.9.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9789d7e880 code=0x7ffc0000
[  971.968291][   T29] audit: type=1326 audit(1733910503.213:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16507 comm="syz.9.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9789d7e880 code=0x7ffc0000
[  971.990329][   T29] audit: type=1326 audit(1733910503.213:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16507 comm="syz.9.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9789d7ff19 code=0x7ffc0000
[  972.012139][   T29] audit: type=1326 audit(1733910503.213:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16507 comm="syz.9.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f9789d7ff19 code=0x7ffc0000
[  972.034202][   T29] audit: type=1326 audit(1733910503.213:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16507 comm="syz.9.2475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9789d7ff19 code=0x7ffc0000
[  973.504733][T16547] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2482'.
[  974.799108][T16560] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check.
[  974.984168][T16564] FAULT_INJECTION: forcing a failure.
[  974.984168][T16564] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  975.120775][T16564] CPU: 0 UID: 0 PID: 16564 Comm: syz.6.2485 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  975.131611][T16564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  975.141702][T16564] Call Trace:
[  975.145013][T16564]  <TASK>
[  975.147966][T16564]  dump_stack_lvl+0x241/0x360
[  975.152683][T16564]  ? __pfx_dump_stack_lvl+0x10/0x10
[  975.157925][T16564]  ? __pfx__printk+0x10/0x10
[  975.162554][T16564]  ? snprintf+0xda/0x120
[  975.166829][T16564]  should_fail_ex+0x3b0/0x4e0
[  975.171546][T16564]  _copy_to_user+0x31/0xb0
[  975.175984][T16564]  simple_read_from_buffer+0xca/0x150
[  975.181361][T16564]  proc_fail_nth_read+0x1e9/0x250
[  975.186385][T16564]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  975.191925][T16564]  ? rw_verify_area+0x55e/0x6f0
[  975.196770][T16564]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  975.202310][T16564]  vfs_read+0x1fc/0xb70
[  975.206491][T16564]  ? __pfx___mutex_lock+0x10/0x10
[  975.211511][T16564]  ? __pfx_vfs_read+0x10/0x10
[  975.216188][T16564]  ? __fget_files+0x2a/0x410
[  975.220765][T16564]  ? __fget_files+0x395/0x410
[  975.225433][T16564]  ? __fget_files+0x2a/0x410
[  975.230029][T16564]  ksys_read+0x18f/0x2b0
[  975.234374][T16564]  ? __pfx_ksys_read+0x10/0x10
[  975.239131][T16564]  ? trace_sys_enter+0x74/0x120
[  975.243980][T16564]  ? rcu_is_watching+0x15/0xb0
[  975.248740][T16564]  ? trace_sys_enter+0x25/0x120
[  975.253590][T16564]  do_syscall_64+0xf3/0x230
[  975.258092][T16564]  ? clear_bhb_loop+0x35/0x90
[  975.262764][T16564]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  975.268652][T16564] RIP: 0033:0x7f379ed7e92c
[  975.273108][T16564] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  975.292723][T16564] RSP: 002b:00007f379fae0050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  975.301161][T16564] RAX: ffffffffffffffda RBX: 00007f379ef45fa0 RCX: 00007f379ed7e92c
[  975.309139][T16564] RDX: 000000000000000f RSI: 00007f379fae00b0 RDI: 0000000000000003
[  975.317105][T16564] RBP: 00007f379fae00a0 R08: 0000000000000000 R09: 0000000000000000
[  975.325063][T16564] R10: 000000000000002a R11: 0000000000000246 R12: 0000000000000001
[  975.333041][T16564] R13: 0000000000000001 R14: 00007f379ef45fa0 R15: 00007ffee2c80a08
[  975.341064][T16564]  </TASK>
[  975.346964][T16542] Bluetooth: hci1: command 0x0406 tx timeout
[  975.357597][T16542] Bluetooth: hci2: command 0x0406 tx timeout
[  975.473247][T16563] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2486'.
[  977.239321][T16604] FAULT_INJECTION: forcing a failure.
[  977.239321][T16604] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  977.494381][ T5898] IPVS: starting estimator thread 0...
[  977.570823][T16604] CPU: 1 UID: 0 PID: 16604 Comm: syz.3.2495 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  977.581648][T16604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  977.591728][T16604] Call Trace:
[  977.595039][T16604]  <TASK>
[  977.597990][T16604]  dump_stack_lvl+0x241/0x360
[  977.602702][T16604]  ? __pfx_dump_stack_lvl+0x10/0x10
[  977.607942][T16604]  ? __pfx__printk+0x10/0x10
[  977.612564][T16604]  ? __pfx_lock_release+0x10/0x10
[  977.617624][T16604]  should_fail_ex+0x3b0/0x4e0
[  977.622328][T16604]  _copy_from_iter+0x1e9/0x1c20
[  977.627201][T16604]  ? __virt_addr_valid+0x183/0x530
[  977.632330][T16604]  ? __alloc_skb+0x28f/0x440
[  977.636913][T16604]  ? __pfx__copy_from_iter+0x10/0x10
[  977.642189][T16604]  ? __virt_addr_valid+0x183/0x530
[  977.647290][T16604]  ? __virt_addr_valid+0x183/0x530
[  977.652388][T16604]  ? __virt_addr_valid+0x45f/0x530
[  977.657487][T16604]  ? __phys_addr_symbol+0x2f/0x70
[  977.662499][T16604]  ? __check_object_size+0x47a/0x730
[  977.667784][T16604]  netlink_sendmsg+0x73d/0xcb0
[  977.672542][T16604]  ? __pfx_netlink_sendmsg+0x10/0x10
[  977.677842][T16604]  ? __pfx_netlink_sendmsg+0x10/0x10
[  977.683126][T16604]  __sock_sendmsg+0x221/0x270
[  977.687811][T16604]  ____sys_sendmsg+0x52a/0x7e0
[  977.692573][T16604]  ? __pfx_____sys_sendmsg+0x10/0x10
[  977.697853][T16604]  ? __fget_files+0x2a/0x410
[  977.702441][T16604]  ? __fget_files+0x2a/0x410
[  977.707040][T16604]  __sys_sendmsg+0x269/0x350
[  977.711645][T16604]  ? __pfx___sys_sendmsg+0x10/0x10
[  977.716762][T16604]  ? trace_sys_enter+0x74/0x120
[  977.721607][T16604]  ? __pfx_lock_release+0x10/0x10
[  977.726643][T16604]  ? trace_sys_enter+0x74/0x120
[  977.731484][T16604]  ? rcu_is_watching+0x15/0xb0
[  977.736237][T16604]  ? trace_sys_enter+0x25/0x120
[  977.741085][T16604]  do_syscall_64+0xf3/0x230
[  977.745600][T16604]  ? clear_bhb_loop+0x35/0x90
[  977.750273][T16604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  977.756157][T16604] RIP: 0033:0x7fbe3f77ff19
[  977.760560][T16604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  977.780162][T16604] RSP: 002b:00007fbe40599058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  977.788568][T16604] RAX: ffffffffffffffda RBX: 00007fbe3f945fa0 RCX: 00007fbe3f77ff19
[  977.796530][T16604] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000009
[  977.804494][T16604] RBP: 00007fbe405990a0 R08: 0000000000000000 R09: 0000000000000000
[  977.812459][T16604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  977.820420][T16604] R13: 0000000000000000 R14: 00007fbe3f945fa0 R15: 00007ffd523ed468
[  977.828399][T16604]  </TASK>
[  977.935609][T16617] x_tables: duplicate underflow at hook 2
[  978.108735][T16618] IPVS: using max 23 ests per chain, 55200 per kthread
[  978.164467][T16625] FAULT_INJECTION: forcing a failure.
[  978.164467][T16625] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  978.244494][T16625] CPU: 1 UID: 0 PID: 16625 Comm: syz.1.2498 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  978.255315][T16625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  978.265393][T16625] Call Trace:
[  978.268691][T16625]  <TASK>
[  978.271642][T16625]  dump_stack_lvl+0x241/0x360
[  978.276352][T16625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  978.281576][T16625]  ? __pfx__printk+0x10/0x10
[  978.286192][T16625]  ? __pfx_lock_release+0x10/0x10
[  978.291250][T16625]  should_fail_ex+0x3b0/0x4e0
[  978.295969][T16625]  _copy_from_iter+0x1e9/0x1c20
[  978.300844][T16625]  ? __virt_addr_valid+0x183/0x530
[  978.305988][T16625]  ? __alloc_skb+0x28f/0x440
[  978.310599][T16625]  ? __pfx__copy_from_iter+0x10/0x10
[  978.315910][T16625]  ? __virt_addr_valid+0x183/0x530
[  978.321056][T16625]  ? __virt_addr_valid+0x183/0x530
[  978.326195][T16625]  ? __virt_addr_valid+0x45f/0x530
[  978.331339][T16625]  ? __phys_addr_symbol+0x2f/0x70
[  978.336383][T16625]  ? __check_object_size+0x47a/0x730
[  978.341702][T16625]  netlink_sendmsg+0x73d/0xcb0
[  978.346502][T16625]  ? __pfx_netlink_sendmsg+0x10/0x10
[  978.351825][T16625]  ? __pfx_netlink_sendmsg+0x10/0x10
[  978.357128][T16625]  __sock_sendmsg+0x221/0x270
[  978.361827][T16625]  ____sys_sendmsg+0x52a/0x7e0
[  978.366621][T16625]  ? __pfx_____sys_sendmsg+0x10/0x10
[  978.371931][T16625]  ? __fget_files+0x2a/0x410
[  978.376545][T16625]  ? __fget_files+0x2a/0x410
[  978.381165][T16625]  __sys_sendmmsg+0x36a/0x720
[  978.385875][T16625]  ? __pfx___sys_sendmmsg+0x10/0x10
[  978.391146][T16625]  ? bpf_trace_run2+0x1fc/0x540
[  978.396025][T16625]  ? __pfx_lock_release+0x10/0x10
[  978.401112][T16625]  ? __might_fault+0xc6/0x120
[  978.405809][T16625]  ? trace_sys_enter+0x74/0x120
[  978.410682][T16625]  ? rcu_is_watching+0x15/0xb0
[  978.415477][T16625]  __x64_sys_sendmmsg+0xa0/0xb0
[  978.420355][T16625]  do_syscall_64+0xf3/0x230
[  978.424883][T16625]  ? clear_bhb_loop+0x35/0x90
[  978.429589][T16625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  978.435509][T16625] RIP: 0033:0x7f8a4ad7ff19
[  978.439950][T16625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  978.459582][T16625] RSP: 002b:00007f8a4bc6a058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  978.468021][T16625] RAX: ffffffffffffffda RBX: 00007f8a4af45fa0 RCX: 00007f8a4ad7ff19
[  978.476013][T16625] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000005
[  978.484005][T16625] RBP: 00007f8a4bc6a0a0 R08: 0000000000000000 R09: 0000000000000000
[  978.491995][T16625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  978.499986][T16625] R13: 0000000000000000 R14: 00007f8a4af45fa0 R15: 00007ffec149d3a8
[  978.507988][T16625]  </TASK>
[  978.837582][T11318] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  979.017381][T11318] usb 10-1: Using ep0 maxpacket: 16
[  979.034477][T11318] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  979.047868][T11318] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  979.058581][T11318] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  979.068906][T11318] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0
[  979.087069][T11318] usb 10-1: New USB device found, idVendor=0586, idProduct=1500, bcdDevice=2e.97
[  979.096990][T11318] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  979.147531][T16646] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2503'.
[  979.154493][T11318] usb 10-1: Product: syz
[  979.163553][T11318] usb 10-1: Manufacturer: syz
[  979.197255][    T9] usb 4-1: new full-speed USB device number 34 using dummy_hcd
[  979.201391][T11318] usb 10-1: SerialNumber: syz
[  979.332022][T11318] usb 10-1: config 0 descriptor??
[  979.453415][    T9] usb 4-1: config 0 has an invalid interface number: 235 but max is 0
[  979.566014][T11318] omninet 10-1:0.0: ZyXEL - omni.net usb converter detected
[  979.611973][T11318] usb 10-1: ZyXEL - omni.net usb converter now attached to ttyUSB0
[  979.617273][    T9] usb 4-1: config 0 has no interface number 0
[  979.757384][   T30] INFO: task syz.5.2026:14064 blocked for more than 143 seconds.
[  979.765440][   T30]       Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  979.853614][T16650] siw: device registration error -23
[  980.280726][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  980.433354][   T30] task:syz.5.2026      state:D stack:25552 pid:14064 tgid:14063 ppid:6750   flags:0x00000004
[  980.496372][   T30] Call Trace:
[  980.504380][   T30]  <TASK>
[  980.515049][    T9] usb 4-1: config 0 interface 235 has no altsetting 0
[  980.521917][   T30]  __schedule+0x17fb/0x4be0
[  980.521982][   T30]  ? __pfx___schedule+0x10/0x10
[  980.541836][   T30]  ? __pfx_lock_release+0x10/0x10
[  980.546912][   T30]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  980.555858][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  980.567704][   T30]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  980.574068][   T30]  ? schedule+0x90/0x320
[  980.603256][   T30]  schedule+0x14b/0x320
[  980.609127][   T30]  schedule_preempt_disabled+0x13/0x30
[  980.620107][   T30]  __mutex_lock+0x7e7/0xee0
[  980.624808][   T30]  ? __mutex_lock+0x5ef/0xee0
[  980.630618][   T30]  ? nfsd_nl_listener_set_doit+0x12d/0x1a90
[  980.636710][    T9] usb 4-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=3e.18
[  980.648846][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  980.657097][    T9] usb 4-1: Product: syz
[  980.661766][    T9] usb 4-1: Manufacturer: syz
[  980.666923][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  980.672537][    T9] usb 4-1: SerialNumber: syz
[  980.677467][   T30]  ? __asan_memset+0x23/0x50
[  980.683225][   T30]  ? netlink_unicast+0x7f6/0x990
[  980.694470][    T9] usb 4-1: config 0 descriptor??
[  980.699607][   T30]  ? netlink_sendmsg+0x8e4/0xcb0
[  980.704839][   T30]  ? __sock_sendmsg+0x221/0x270
[  980.710206][   T30]  ? __sys_sendmsg+0x269/0x350
[  980.717902][    T9] keyspan 4-1:0.235: Keyspan 1 port adapter converter detected
[  980.725605][   T30]  nfsd_nl_listener_set_doit+0x12d/0x1a90
[  980.731907][    T9] keyspan 4-1:0.235: found no endpoint descriptor for endpoint 87
[  980.740442][   T30]  ? __pfx___nla_validate_parse+0x10/0x10
[  980.746334][    T9] keyspan 4-1:0.235: found no endpoint descriptor for endpoint 7
[  980.754289][   T30]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  980.762878][   T30]  ? __nla_parse+0x40/0x60
[  980.768515][    T9] keyspan 4-1:0.235: found no endpoint descriptor for endpoint 81
[  980.781347][   T30]  ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290
[  980.788080][    T9] keyspan 4-1:0.235: found no endpoint descriptor for endpoint 1
[  980.796030][   T30]  genl_rcv_msg+0xb14/0xec0
[  980.801091][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[  980.806473][    T9] keyspan 4-1:0.235: found no endpoint descriptor for endpoint 2
[  980.814673][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  980.820059][    T9] keyspan 4-1:0.235: found no endpoint descriptor for endpoint 85
[  980.828201][   T30]  ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10
[  980.834500][   T30]  ? __pfx___might_resched+0x10/0x10
[  980.840884][   T30]  netlink_rcv_skb+0x1e3/0x430
[  980.841196][    T9] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB1
[  980.855054][   T30]  ? __pfx_genl_rcv_msg+0x10/0x10
[  980.860423][   T30]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  980.867513][   T30]  genl_rcv+0x28/0x40
[  980.875920][   T30]  netlink_unicast+0x7f6/0x990
[  980.886872][   T30]  ? __pfx_netlink_unicast+0x10/0x10
[  980.895794][   T30]  ? __virt_addr_valid+0x45f/0x530
[  980.906755][   T30]  ? __phys_addr_symbol+0x2f/0x70
[  980.917316][   T30]  ? __check_object_size+0x47a/0x730
[  980.932635][   T30]  netlink_sendmsg+0x8e4/0xcb0
[  980.941080][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  980.946420][   T30]  ? futex_wait_queue+0x27/0x1d0
[  980.951521][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  980.964577][   T30]  __sock_sendmsg+0x221/0x270
[  980.974333][T16662] netlink: 10 bytes leftover after parsing attributes in process `syz.3.2502'.
[  980.976756][   T30]  ____sys_sendmsg+0x52a/0x7e0
[  980.985300][T16662] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  981.002920][   T30]  ? __pfx_____sys_sendmsg+0x10/0x10
[  981.009222][T16662] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  981.013896][   T30]  __sys_sendmsg+0x269/0x350
[  981.025833][   T30]  ? __pfx___sys_sendmsg+0x10/0x10
[  981.035120][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  981.045416][   T30]  ? do_syscall_64+0x100/0x230
[  981.054085][   T30]  ? do_syscall_64+0xb6/0x230
[  981.062605][   T30]  do_syscall_64+0xf3/0x230
[  981.067392][   T30]  ? clear_bhb_loop+0x35/0x90
[  981.072295][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  981.080295][   T30] RIP: 0033:0x7fcff4d7ff19
[  981.084926][   T30] RSP: 002b:00007fcff5b99058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  981.093763][   T30] RAX: ffffffffffffffda RBX: 00007fcff4f45fa0 RCX: 00007fcff4d7ff19
[  981.102449][   T30] RDX: 0000000024000100 RSI: 0000000020001740 RDI: 0000000000000003
[  981.114147][   T30] RBP: 00007fcff4df3cc8 R08: 0000000000000000 R09: 0000000000000000
[  981.122492][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  981.130924][   T30] R13: 0000000000000000 R14: 00007fcff4f45fa0 R15: 00007ffea05df6f8
[  981.139260][   T30]  </TASK>
[  981.146204][   T30] 
[  981.146204][   T30] Showing all locks held in the system:
[  981.154588][   T30] 1 lock held by khungtaskd/30:
[  981.159754][   T30]  #0: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0
[  981.170393][   T30] 1 lock held by dhcpcd/5485:
[  981.175383][   T30] 2 locks held by getty/5571:
[  981.177746][ T5898] usb 4-1: USB disconnect, device number 34
[  981.196968][   T30]  #0: ffff88814d3770a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  981.208620][ T5898] keyspan_1 ttyUSB1: Keyspan 1 port adapter converter now disconnected from ttyUSB1
[  981.210812][   T30]  #1: ffffc9000330b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00
[  981.232100][ T5898] keyspan 4-1:0.235: device disconnected
[  981.244787][   T30] 5 locks held by kworker/0:4/5898:
[  981.250476][   T30] 3 locks held by kworker/u9:0/10236:
[  981.257761][   T30]  #0: ffff8880435a6948 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840
[  981.277367][   T30]  #1: ffffc9000c03fd00 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840
[  981.291003][   T30]  #2: ffff888034cecd80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_power_on+0x1bf/0x6b0
[  981.300861][   T30] 2 locks held by syz.8.2022/14053:
[  981.306174][   T30]  #0: ffffffff8fd01950 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  981.314896][   T30]  #1: ffffffff8ebff248 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x12d/0x1a90
[  981.335569][   T30] 2 locks held by syz.5.2026/14064:
[  981.342381][   T30]  #0: ffffffff8fd01950 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  981.356641][   T30]  #1: ffffffff8ebff248 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x12d/0x1a90
[  981.367508][   T30] 2 locks held by syz.9.2501/16632:
[  981.372816][   T30]  #0: ffff8880246fb0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x5c/0x200
[  981.384572][   T30]  #1: ffff8880246ff0a0 (&tty->ldisc_sem/1){+.+.}-{0:0}, at: tty_ldisc_release+0x80/0x200
[  981.401620][   T30] 
[  981.404072][   T30] =============================================
[  981.404072][   T30] 
[  981.415972][   T30] NMI backtrace for cpu 1
[  981.420331][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  981.430826][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  981.440877][   T30] Call Trace:
[  981.444147][   T30]  <TASK>
[  981.447072][   T30]  dump_stack_lvl+0x241/0x360
[  981.451751][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  981.456948][   T30]  ? __pfx__printk+0x10/0x10
[  981.461543][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  981.466489][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  981.471940][   T30]  ? _printk+0xd5/0x120
[  981.476090][   T30]  ? __pfx__printk+0x10/0x10
[  981.480681][   T30]  ? __wake_up_klogd+0xcc/0x110
[  981.485533][   T30]  ? __pfx__printk+0x10/0x10
[  981.490126][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  981.495145][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  981.501124][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  981.507103][   T30]  watchdog+0xff6/0x1040
[  981.511342][   T30]  ? watchdog+0x1ea/0x1040
[  981.515756][   T30]  ? __pfx_watchdog+0x10/0x10
[  981.520426][   T30]  kthread+0x2f0/0x390
[  981.524487][   T30]  ? __pfx_watchdog+0x10/0x10
[  981.529158][   T30]  ? __pfx_kthread+0x10/0x10
[  981.533740][   T30]  ret_from_fork+0x4b/0x80
[  981.538153][   T30]  ? __pfx_kthread+0x10/0x10
[  981.542740][   T30]  ret_from_fork_asm+0x1a/0x30
[  981.547521][   T30]  </TASK>
[  981.552025][   T30] Sending NMI from CPU 1 to CPUs 0:
[  981.557911][    C0] NMI backtrace for cpu 0
[  981.557924][    C0] CPU: 0 UID: 0 PID: 5944 Comm: kworker/u8:8 Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  981.557943][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  981.557954][    C0] Workqueue: events_unbound kfree_rcu_work
[  981.557976][    C0] RIP: 0010:debug_object_active_state+0x16e/0x360
[  981.558001][    C0] Code: 8d b4 c9 80 d8 53 9a 48 8d bc c9 88 d8 53 9a 48 89 7c 24 18 e8 83 51 02 07 48 89 44 24 10 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 <74> 08 4c 89 f7 e8 78 8e 42 fd 48 89 1c 24 4d 8b 3e 45 31 f6 eb 06
[  981.558014][    C0] RSP: 0018:ffffc90004597940 EFLAGS: 00000046
[  981.558028][    C0] RAX: 1ffffffff34c167f RBX: 1ffff920008b2f2c RCX: 0000000000000001
[  981.558040][    C0] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffffc90004597820
[  981.558052][    C0] RBP: ffffc90004597a40 R08: 0000000000000003 R09: fffff520008b2f04
[  981.558064][    C0] R10: dffffc0000000000 R11: fffff520008b2f04 R12: dffffc0000000000
[  981.558075][    C0] R13: ffff8880570cec80 R14: ffffffff9a60b3f8 R15: ffffc90004597990
[  981.558088][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  981.558102][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  981.558113][    C0] CR2: 00007ffdc096d2f8 CR3: 000000000e736000 CR4: 00000000003526f0
[  981.558128][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  981.558138][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  981.558148][    C0] Call Trace:
[  981.558154][    C0]  <NMI>
[  981.558161][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  981.558179][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  981.558198][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  981.558214][    C0]  ? nmi_handle+0x2a/0x5a0
[  981.558238][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  981.558259][    C0]  ? nmi_handle+0x14f/0x5a0
[  981.558275][    C0]  ? nmi_handle+0x2a/0x5a0
[  981.558292][    C0]  ? debug_object_active_state+0x16e/0x360
[  981.558313][    C0]  ? default_do_nmi+0x63/0x160
[  981.558330][    C0]  ? exc_nmi+0x123/0x1f0
[  981.558345][    C0]  ? end_repeat_nmi+0xf/0x53
[  981.558371][    C0]  ? debug_object_active_state+0x16e/0x360
[  981.558392][    C0]  ? debug_object_active_state+0x16e/0x360
[  981.558413][    C0]  ? debug_object_active_state+0x16e/0x360
[  981.558434][    C0]  </NMI>
[  981.558440][    C0]  <TASK>
[  981.558447][    C0]  ? __pfx_debug_object_active_state+0x10/0x10
[  981.558470][    C0]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  981.558488][    C0]  ? lockdep_hardirqs_on+0x99/0x150
[  981.558506][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  981.558523][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  981.558542][    C0]  kvfree_rcu_bulk+0xc5/0x4e0
[  981.558563][    C0]  kfree_rcu_work+0x44b/0x500
[  981.558580][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  981.558599][    C0]  ? __pfx_kfree_rcu_work+0x10/0x10
[  981.558621][    C0]  ? process_scheduled_works+0x976/0x1840
[  981.558642][    C0]  process_scheduled_works+0xa66/0x1840
[  981.558674][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  981.558699][    C0]  ? assign_work+0x364/0x3d0
[  981.558721][    C0]  worker_thread+0x870/0xd30
[  981.558742][    C0]  ? __kthread_parkme+0x169/0x1d0
[  981.558766][    C0]  ? __pfx_worker_thread+0x10/0x10
[  981.558781][    C0]  kthread+0x2f0/0x390
[  981.558797][    C0]  ? __pfx_worker_thread+0x10/0x10
[  981.558811][    C0]  ? __pfx_kthread+0x10/0x10
[  981.558828][    C0]  ret_from_fork+0x4b/0x80
[  981.558842][    C0]  ? __pfx_kthread+0x10/0x10
[  981.558858][    C0]  ret_from_fork_asm+0x1a/0x30
[  981.558884][    C0]  </TASK>
[  981.591819][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  981.591838][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc2-syzkaller-00031-gf92f4749861b #0
[  981.591860][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  981.591871][   T30] Call Trace:
[  981.591878][   T30]  <TASK>
[  981.591887][   T30]  dump_stack_lvl+0x241/0x360
[  981.591916][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  981.591939][   T30]  ? __pfx__printk+0x10/0x10
[  981.591958][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  981.591985][   T30]  ? vscnprintf+0x5d/0x90
[  981.592013][   T30]  panic+0x349/0x880
[  981.592035][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  981.592056][   T30]  ? __pfx_panic+0x10/0x10
[  981.592074][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  981.592099][   T30]  ? __irq_work_queue_local+0x137/0x410
[  981.592120][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  981.592139][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  981.592158][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  981.592180][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  981.592202][   T30]  watchdog+0x1035/0x1040
[  981.592223][   T30]  ? watchdog+0x1ea/0x1040
[  981.592247][   T30]  ? __pfx_watchdog+0x10/0x10
[  981.592264][   T30]  kthread+0x2f0/0x390
[  981.592284][   T30]  ? __pfx_watchdog+0x10/0x10
[  981.592302][   T30]  ? __pfx_kthread+0x10/0x10
[  981.592322][   T30]  ret_from_fork+0x4b/0x80
[  981.592338][   T30]  ? __pfx_kthread+0x10/0x10
[  981.592358][   T30]  ret_from_fork_asm+0x1a/0x30
[  981.592392][   T30]  </TASK>
[  982.051508][   T30] Kernel Offset: disabled
[  982.055824][   T30] Rebooting in 86400 seconds..