last executing test programs:

5m56.483987306s ago: executing program 2 (id=978):
r0 = creat(&(0x7f0000000040)='./bus\x00', 0xc)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xfffffeb7)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5fb, @value=0x3})
r4 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb66682c9d4233b0cc644f5fdae5b9d17f7ada03bc77aea173022c18232e1fb162caf50d08fda40c6e9c515c4a2c", 0x31, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r5, r4}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

5m53.891878302s ago: executing program 3 (id=984):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@private2, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x6faa}, {0x0, 0x0, 0x3e0}, 0x0, 0x0, 0x1}, {{@in6=@rand_addr=' \x01\x00', 0x0, 0x32}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}, 0xe8)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x40000)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@private2, @in=@remote, 0x800, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, {}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2}, {{@in6=@loopback, 0x0, 0x6c}, 0x0, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x0, 0x1, 0xfb}}, 0xe8)
close(r0)

5m52.829830746s ago: executing program 1 (id=986):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000080ff0000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca90000000000003509020000d44affe5000d0000000000b702000000000000739af0ff00000000c509040004100000c3aaf0ff00000000bf8600000000000007080000f8ffffffbfa400000000000007060000f0ffffffb70200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x24060400)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_DSTOPTS(r2, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r3)
sendmsg$NFC_CMD_DISABLE_SE(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, r4, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20008840}, 0x40000)
recvmmsg(r2, &(0x7f0000002140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=""/68, 0x44}, 0x8}], 0x1, 0x2, 0x0)
setsockopt(r2, 0x101, 0x1, &(0x7f0000000340)="d1bf5a2379db2573f8ba8314378731171819cea2e0dd7282cb128bf3be9c251fd5b00a1d6fa46fbe2051bf8952e343270886f2885fcd1c605745d9326f8a87fbbcb8befb57312784a032d9988e8a563a27391c79f312903e975072daf6bb19ab32da0d508882916f815b10cacd622befe76958f67864ef39fe3905f976cbf7d292c9c115bbe93e4db06acb7530f0a04c50a0763e1612ef45598a6e198c62946176323f7d571e", 0xa6)
sendto$inet6(r2, 0x0, 0x0, 0x4000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1, 0x5}, 0x1c)
r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x7e, 0x9e, 0xb4, 0x10, 0x54c, 0x38, 0x16f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8, 0xc5, 0x38}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f0000000100)={0x44, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket(0x10, 0x3, 0x0)
socket$kcm(0x10, 0x2, 0x4)
r6 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r6, 0x0, 0x0)
ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x29, 0x1f, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r7)
sendmsg$NLBL_MGMT_C_ADDDEF(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc00000000001080002000500000014000600ff01000a00f2f3f31f000a0000000001060001"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f0000000400), &(0x7f0000000180)=0x4)
sendmsg$NLBL_MGMT_C_ADDDEF(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4040000)

5m49.216067211s ago: executing program 4 (id=993):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='#(0.', 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWCHAIN={0x28, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x50}}, 0x40880)

5m49.138637986s ago: executing program 1 (id=994):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b3e090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b0732306c090890e0879b0a0ac6e70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb000000002f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d6ced5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed700129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb21fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

5m48.907058186s ago: executing program 4 (id=995):
r0 = socket$inet6(0xa, 0x2, 0x3a)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x7, 0x0, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000580), 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f0000000280)={0xa, 0x2, 0x0, @local, 0x4000100}, 0x1c, &(0x7f0000000240), 0x0, &(0x7f0000000080)=ANY=[], 0x2}}], 0x1, 0x40080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
process_vm_readv(0x0, &(0x7f0000000140), 0x100000000000028b, 0x0, 0x12, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
socket$phonet_pipe(0x23, 0x5, 0x2)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x112080c, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x12)
io_setup(0x6, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40041}, 0x40010)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x84, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e26, 0x3, @private2, 0x4e}}, 0x3, 0x80}, 0x0)
r5 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendto$l2tp(r5, &(0x7f0000000040)="e5786a0d000000000000c83b", 0xc, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_int(r5, 0x0, 0x8, &(0x7f0000000080)=0x3, 0x4)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000280)=@filename='./file0\x00', 0x0, 0x0)

5m47.988339379s ago: executing program 2 (id=997):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000ac0)=@newlink={0x50, 0x10, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4f26c}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0xbf5, 0x20000003}}]}]}, @IFLA_LINKMODE={0x5, 0x11, 0x9}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x40)

5m47.230310854s ago: executing program 4 (id=998):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=0x0], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001dc0)=@newtaction={0x48, 0x1e, 0x109, 0x70bd25, 0x0, {}, [{0x34, 0x1, [@m_pedit={0x30, 0xd, 0x0, 0x0, {{0x20}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x48}, 0x1, 0x2b1e}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000000c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x20000045)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000005580)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(r0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x1, 0x2b1e}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
read$msr(0xffffffffffffffff, &(0x7f0000000340)=""/57, 0x39)
r5 = dup(r4)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r4, 0x0, 0x4)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KDDELIO(r6, 0x4b35, 0xc7)
mknodat(r6, &(0x7f0000000180)='./file0\x00', 0x2, 0x3d8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x500)
r7 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r7, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r8 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)

5m46.899983356s ago: executing program 2 (id=999):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="000100000e81242e48a81b5609000100626f6e64000000000c000280060018000700000014000300626f6e643000"/56], 0x50}}, 0x40)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x3, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000085c0)=@newtfilter={0x70, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {}, {0x8, 0xc}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x7, 0x3, 0x67e6}, {0x9, 0x3, 0x5, 0x9}}}, @TCF_EM_NBYTE={0x10, 0x2, 0x0, 0x0, {{0x24}, {0x81, 0x0, 0x2}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}]}]}}]}, 0x70}}, 0x0)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b702000000000000060080040000004085000080c40000c4bb99668f28f2352c00000000000000000051c522b3e8f913b6b1550d85c872b3af1cb2fb41fa421f9b7801dcdab539ee0a8a8344822f5841f584521673ba697411b0f2d0e5891bbc55"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xb579, &(0x7f000000cf3d)=""/195}, 0x23)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000280)="0f9934b800008ed00f30660f38801b640f090f86ae00646536360f096465676565f30f1efff00fbabf36abdc0f218b", 0x2f}], 0x1, 0x0, 0x0, 0x0)
madvise(&(0x7f0000fe8000/0x1000)=nil, 0x1000, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000340)={0x2710, 0x2, 0xf000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
connect(r5, &(0x7f00000002c0)=@generic={0x1f, "a808a415c7c30531088d2f6de532661422b5f467ea7d3bdf7808823ee5690b310ea0f948ecb3efccb900874f225e63883b6dbcbbb6bb6b6850ca94dd01ff16f1009fa3b7b14bba87744729eb94dbe45edc9fcf2ae7c683ec1b3a8b13f460cf90840c2f7c781f4f9fc37dc5e1e6fcaff2c386900745ad7693c4173a935d97"}, 0x80)
r9 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r9, 0xaf01, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000061c2f20c81403006c050102030109021b00010000000009040000018ea44300090585da09"], 0x0)
r10 = eventfd(0xfffffff9)
ioctl$VHOST_SET_VRING_KICK(r9, 0x4008af20, &(0x7f0000000040)={0x1, r10})
setsockopt$netrom_NETROM_T1(r5, 0x103, 0x1, &(0x7f0000000080)=0xffff41e8, 0x4)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="74000000070a0101000000000000000006000005200004800c0001806c6f6700100001800c0001006e6f747261636b000c000640000000005d022f74e3c60000000308000a400000000008000940000000010900020073797a32000000000c0006400000000000000001090002007379581d97c210e9b1b27a3200000000"], 0x74}, 0x1, 0x0, 0x0, 0x8080}, 0x20004004)
lsetxattr$trusted_overlay_origin(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), &(0x7f0000000440), 0x2, 0x1)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs2/binder0\x00', 0x803, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)

5m46.77916439s ago: executing program 3 (id=1000):
r0 = creat(&(0x7f0000000040)='./bus\x00', 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = dup(0xffffffffffffffff)
socket$nl_sock_diag(0x10, 0x3, 0x4)
write$binfmt_aout(r2, 0x0, 0xfffffeb7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x5)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='quota'])
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1e, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @sk_lookup}, 0x94)
ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5fb, @value=0x3})
r6 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb66682c9d4233b0cc644f5fdae5b9d17f7ada03bc77aea173022c18232e1fb162caf50d08fda40c6e9c515c4a2c", 0x31, 0xfffffffffffffffe)
r7 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r6, r7, r6}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r8 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89e2, &(0x7f0000000040))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000200), 0xaad82, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)=ANY=[])
socket$netlink(0x10, 0x3, 0x14)

5m46.187260717s ago: executing program 1 (id=1001):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
io_uring_setup(0x1d8f, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x143042, 0x8d)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c00000400fc80a72601"], 0x26c0}}, 0x4010)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004a40)=ANY=[@ANYBLOB="c0260000410007010000000007000000027c00000400fc80a72601"], 0x26c0}}, 0x4010)
ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
gettid()
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@fallback=r0, r0, 0x24, 0x4, 0x0, @void, @value=r0}, 0x20)
r5 = syz_open_dev$video4linux(0x0, 0x7, 0x88200)
ioctl$VIDIOC_QUERYBUF_DMABUF(r5, 0xc0585609, &(0x7f0000000140)={0x0, 0xb, 0x4, 0x10, 0x5, {}, {0x1, 0x8, 0x81, 0x9, 0x1, 0x7f, "229762a3"}, 0x8000, 0x4, {}, 0x4, 0x0, r0})
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r6, 0x0)
accept4$x25(r6, 0x0, 0x0, 0x80800)

5m46.027814829s ago: executing program 4 (id=1002):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x1, 0x152)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f00000001c0)={{0x0, 0xdfff, 0x200, 0x10}, 'syz1\x00', 0x10000000})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x3)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
symlink(0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$pptp(0x18, 0x1, 0x2)
creat(0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x26100, 0x0)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r3, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000003c0)=ANY=[@ANYRES16=r4, @ANYBLOB, @ANYRES32=r5, @ANYBLOB="080026006c0900000800a00033f4ffff08002700000000000500190109000000080026008009000004006c00"], 0x48}, 0x1, 0x0, 0x0, 0xc0}, 0x80)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r7, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r7, 0x6, 0x1, 0x0, &(0x7f0000000080))
connect$bt_l2cap(r6, &(0x7f0000000040), 0xe)
shutdown(r6, 0x1)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)

5m43.955844186s ago: executing program 3 (id=1004):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8983, &(0x7f0000000080)={0x8, 'bond0\x00', {'nr0\x00'}, 0x7a3})
syz_emit_ethernet(0x3a, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x3, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x200, 0x0, 0x0, {[@mss={0x2, 0x4, 0x1}]}}}}}}}, 0x0)

5m43.903935795s ago: executing program 2 (id=1005):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r1, 0x89f1, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000140)=@ethtool_cmd={0x0, 0xb, 0x1, 0x8000, 0x0, 0x6, 0x2, 0xfe, 0x10, 0x5, 0x0, 0x0, 0x7e4, 0x1, 0x1, 0x45, [0x2, 0x10000001]}})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r2, 0xc0145b0e, &(0x7f0000000040))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x2, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'tunl0\x00'})
ioctl$FS_IOC_GETVERSION(r2, 0xc0145b0e, &(0x7f0000000040))

5m43.261100963s ago: executing program 1 (id=1006):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xaf9d6000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
setreuid(0x0, 0xee00)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_GET_HW_INFO(r4, 0x3b8a, &(0x7f0000000300)={0x20, 0x0, r6, 0x1000, &(0x7f00000003c0)=""/4096})
ptrace(0x10, r3)

5m40.68995727s ago: executing program 1 (id=1007):
prlimit64(0x0, 0xe, &(0x7f0000000900)={0x7, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, 0x0, 0x8040)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
ioctl$CEC_DQEVENT(r2, 0xc0506107, 0x0)
ioctl$CEC_DQEVENT(r2, 0xc0506107, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
r4 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_PEC(r4, 0x708, 0x40)
syz_init_net_socket$ax25(0x3, 0x2, 0x6)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f00000000c0)={0x1, 0xfb, 0x1, &(0x7f0000000100)={0x8, "6a6ea751434fd7f4a4331cbdbff893a5ba0300"}})
ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000080)={0x1, @pix={0x0, 0x0, 0x3234564e, 0x0, 0x0, 0x0, 0x1, 0xfeedcafe, 0x3, 0x0, 0x0, 0x4}})

5m40.267870157s ago: executing program 4 (id=1008):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) (async, rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (rerun: 32)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) (async)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x8001) (async)
r2 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0)
ppoll(&(0x7f0000000240)=[{r2, 0x1}], 0x1, 0x0, 0x0, 0x0) (async)
open(&(0x7f0000000200)='./file0\x00', 0xa5941, 0x5) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_emit_ethernet(0x76, &(0x7f0000000100)={@link_local, @random="86082b9827c1", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb3e02", 0x40, 0x3a, 0x0, @private2, @local, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "974367", 0x0, 0x11, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [@dstopts={0x0, 0x8, '\x00', [@padn={0x1, 0xffffff84, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}]}}}}}}}, 0x0) (async)
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
socket$inet_sctp(0x2, 0x5, 0x84)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x3, 0x250, 0x0, 0xb, 0x148, 0x0, 0x148, 0x1b8, 0x230, 0x242, 0x1b8, 0x215, 0x3, 0x0, {[{{@ip={@remote, @remote, 0x0, 0x0, 'batadv_slave_0\x00', 'geneve0\x00', {}, {}, 0x11}, 0x0, 0xd0, 0xf0, 0x0, {0xff0f000000000000}, [@inet=@rpfilter={{0x28}, {0x4}}, @common=@unspec=@devgroup={{0x38}, {0x0, 0x0, 0x0, 0x6}}]}, @unspec=@TRACE={0x20}}, {{@ip={@local, @rand_addr=0x64010101, 0xffffff00, 0xffffffff, 'veth0_to_batadv\x00', 'pimreg\x00', {0xff}, {0xff}, 0x33, 0x2, 0x22}, 0xec010000, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x7}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2b0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e0000000000000005"], 0x48)
r6 = socket$kcm(0x2, 0x2, 0x73)
sendmsg$inet(r6, &(0x7f0000000580)={&(0x7f00000000c0), 0x10, &(0x7f00000004c0), 0x300}, 0x0) (async, rerun: 32)
pipe(&(0x7f0000000040)) (rerun: 32)

5m40.199312996s ago: executing program 3 (id=1009):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x11}, 0x40)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000000))
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00', <r5=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="310300000000000000000900000001000600", @ANYRES32=r5, @ANYBLOB], 0x1c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r7=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f0000000300), &(0x7f0000000340)=0xe)
fcntl$lock(r7, 0x7, &(0x7f00000031c0)={0x1, 0x0, 0x8004, 0x7fffffffffffffff})
close(r6)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="120000000d000000040000000200000000000000", @ANYRES32, @ANYBLOB="0000000000000000010000000000faffffff0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r8, <r9=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r6}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r9, <r10=>0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000400)=r6}, 0x20)
r11 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r11, 0xc0d05605, &(0x7f0000000880)={0xa, @pix_mp={0x1003, 0x1, 0x74617f17, 0x2, 0xb, [{0x200000, 0x8}, {0xffff, 0xfffffff8}, {0x60000000, 0x9}, {0x7, 0xff}, {0x39, 0x3}, {0x7fff, 0x6}, {0x4, 0xfffffffe}, {0x4, 0x5}], 0x6, 0xa, 0x0, 0x0, 0x3}})
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000002c0)={r10, &(0x7f0000000200)="667947febe1c850831f9ee0819330afe808accf33e8c1c0098a1de0aac8b98e3b0559aa47f2f3e4283a227ad0b2b0a046d906234d3692323e13f7d31c65e81ea6b222bf0787637c494beac07b81cfc1ba340a4e7516405f061b040f9debfbf7a7abd38ae3f7013815c2c9923af", &(0x7f0000000500)=""/216}, 0x20)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')

5m39.286119521s ago: executing program 2 (id=1010):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000206030000000000000000000300fffd0c000780"], 0x5c}}, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/xfrm_stat\x00')
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
io_uring_setup(0x1694, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000}, 0x94)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0x8}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r3, &(0x7f000000c800)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000340)=""/25, 0x19}, {&(0x7f0000000700)=""/93, 0x5d}, {&(0x7f0000000940)=""/132, 0x84}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000000800)=""/218, 0xda}, {&(0x7f0000001a80)=""/102, 0x66}], 0x6}, 0xc}, {{0x0, 0x0, 0x0}, 0x24c9ddb}, {{0x0, 0x0, 0x0}, 0xf04}, {{0x0, 0x0, 0x0}, 0x1}], 0x4, 0x40000020, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_S_STD(r7, 0x40085618, &(0x7f00000000c0)=0x40000)
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, 0x0)
mkdir(0x0, 0x0)
read$FUSE(r1, &(0x7f00000020c0)={0x2020}, 0x2020)
syz_open_dev$loop(&(0x7f00000000c0), 0xe388, 0x8140)

5m38.091810765s ago: executing program 4 (id=1011):
syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, 0x0, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
landlock_restrict_self(0xffffffffffffffff, 0x300)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x5, &(0x7f0000000180)=@framed={{}, [@map_fd={0x18, 0xd792d10817fcc8b5, 0x1, 0x0, r3}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5, 0x0, 0x20000000000000}, 0x18)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000580)=@base={0x18, 0x0, 0x41, 0x0, 0x101, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x4, 0xfffffffc}, 0x50)
sendmmsg$inet6(r4, &(0x7f0000001600)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x9, @mcast2, 0x80000000}, 0x1c, 0x0, 0x0, &(0x7f0000000280)=[@rthdr={{0x28, 0x29, 0x39, {0x2c, 0x2, 0x2, 0x1, 0x0, [@private2]}}}], 0x28}}], 0x1, 0x20000000)
socket$pptp(0x18, 0x1, 0x2)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=@newtfilter={0x2c, 0x2c, 0xd27, 0x70bd08, 0x8000, {0x0, 0x0, 0x0, r8, {0x10, 0xb}, {0xfff2}, {0xc, 0xfff3}}, [@TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x22044028}, 0x40040)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x300, 0x0, 0x1, {0x60, 0x0, 0x0, 0x0, {0x4, 0x10}, {0xffe0, 0xffff}, {0x9, 0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_MPU={0x8, 0xe, 0x40}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0xdd1}]}}]}, 0x44}}, 0x0)

5m36.36349328s ago: executing program 1 (id=1012):
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000000c0)={0x1, 0x3}, 0x4)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000002c0)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x1c, 0x0, "246575a4000000004fb62fe6bce0eef5607264c7f28557a8046964d292934c2a2bb1dcc5a80c0107040000000000001e0000009000000000000800"}, 0xf0)
setsockopt$inet_tcp_int(r0, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in={{0x2, 0x4e22, @empty}}, 0x0, 0x0, 0x10, 0x0, "12fe8478a8860c6689d054e27b260ab269070baeac7649a6982f1f1fd991cf21257e5cd4059853c7af30dcfa0aef6297c6fcdfd29de6b73c2dac29053d81c40a1094c2dc0d21126c0e1d7bc3bd4b26db"}, 0xd8)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
dup3(0xffffffffffffffff, r2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000019300), 0x0, 0x0)
read$msr(r3, &(0x7f0000000300)=""/102392, 0x18ff8)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000007c0)={0xa, 0x2, 0x0, @empty, 0x80000001}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x8}, 0x1c)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r5, &(0x7f00000007c0)={0x1f, 0x0, @any, 0x4}, 0xe)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r5, 0x6, 0x1, 0x0, 0x0)
listen(r5, 0xffffffff)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xf8}}, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x0, @loopback, 0x1}}, 0x0, 0x0, 0x2, 0x0, "10baa70a93289349d889de25b87376f64276337642b890d33cb5b592266c5b98fb19402835fee1b3871b7ef6619db5b2a94edb6f73ea08b02aa3b47debd38b6d889a8c986b33eb49c3157f1f370dfd67"}, 0xd8)
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x800)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), r1)
sendmsg$IPVS_CMD_DEL_DAEMON(r1, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)={0x24, r7, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x8000)

5m34.320709715s ago: executing program 2 (id=1013):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r2, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)="c2", 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x0)
r3 = dup(r2)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f00000012c0)={0x0, @in={{0x2, 0x4e21, @local}}, 0x6, 0x34c3}, 0x90)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x80, 0x1, 0x40000333}, &(0x7f0000000240)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_usb_connect$uac1(0x2, 0xdc, 0x0, 0x0)
io_uring_register$IORING_REGISTER_NAPI(r4, 0x1b, &(0x7f0000000040)={0xd, 0xcd}, 0x1)
r7 = socket$isdn(0x22, 0x2, 0x22)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
rt_sigaction(0x4, 0x0, 0x0, 0x8, &(0x7f0000000000))
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r7, 0x0, &(0x7f0000000600)=[{&(0x7f0000001080)=""/216, 0xd8}], 0x1})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)

5m34.319447991s ago: executing program 3 (id=1014):
mkdir(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffa}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0xfffffffe, 0x4, 0x1)
timer_getoverrun(0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x8, 0x1, 0x68}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x94)

5m27.429241333s ago: executing program 32 (id=1003):
syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102390, 0xffffffffffffff39)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@my=0x0})
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000001440)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r2, 0xfffffffffffffffc, {0x1, 0xff, 0x4}, 0x1}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="81b641f1", 0x4}], 0x1}, 0x48005)
readv(r1, &(0x7f0000001540), 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(r3, 0x641f)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000040))
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40)

5m19.550376517s ago: executing program 33 (id=1012):
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000000c0)={0x1, 0x3}, 0x4)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000002c0)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x1c, 0x0, "246575a4000000004fb62fe6bce0eef5607264c7f28557a8046964d292934c2a2bb1dcc5a80c0107040000000000001e0000009000000000000800"}, 0xf0)
setsockopt$inet_tcp_int(r0, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000140)={@in={{0x2, 0x4e22, @empty}}, 0x0, 0x0, 0x10, 0x0, "12fe8478a8860c6689d054e27b260ab269070baeac7649a6982f1f1fd991cf21257e5cd4059853c7af30dcfa0aef6297c6fcdfd29de6b73c2dac29053d81c40a1094c2dc0d21126c0e1d7bc3bd4b26db"}, 0xd8)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
dup3(0xffffffffffffffff, r2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000019300), 0x0, 0x0)
read$msr(r3, &(0x7f0000000300)=""/102392, 0x18ff8)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f00000007c0)={0xa, 0x2, 0x0, @empty, 0x80000001}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x8}, 0x1c)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r5, &(0x7f00000007c0)={0x1f, 0x0, @any, 0x4}, 0xe)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r5, 0x6, 0x1, 0x0, 0x0)
listen(r5, 0xffffffff)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xf8}}, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x0, @loopback, 0x1}}, 0x0, 0x0, 0x2, 0x0, "10baa70a93289349d889de25b87376f64276337642b890d33cb5b592266c5b98fb19402835fee1b3871b7ef6619db5b2a94edb6f73ea08b02aa3b47debd38b6d889a8c986b33eb49c3157f1f370dfd67"}, 0xd8)
sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, 0x0, 0x800)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), r1)
sendmsg$IPVS_CMD_DEL_DAEMON(r1, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)={0x24, r7, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x8000)

5m19.424630604s ago: executing program 3 (id=1017):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x80000)
r2 = dup2(r1, r0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000140), 0xa, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r3, 0xc010640c, &(0x7f0000000000)={0x5})
r4 = socket$inet6(0xa, 0x3, 0x1)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x19)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
unshare(0x4c040200)
r6 = openat$cgroup_freezer_state(r0, &(0x7f0000000280), 0x2, 0x0)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r6, 0xf502, 0x0)
bind$inet6(r4, 0x0, 0x0)
ioctl$BTRFS_IOC_RESIZE(r2, 0x50009403, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYBLOB=':+0000'])
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000180)={@in={{0x2, 0x4e22, @remote}}, 0x0, 0x0, 0x19, 0x0, "af198d486021bf42865a3182cee4e7550103af70e40d347081a6e68263b8312c09c62772664d4f57ecd6bbc07eb22e82c39167f3c425b4e6e566f344f3dc5aee42b5877a94f2ed3aa4491fc28982e4e8"}, 0xd8)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

5m18.824735622s ago: executing program 34 (id=1011):
syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, 0x0, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
landlock_restrict_self(0xffffffffffffffff, 0x300)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x5, &(0x7f0000000180)=@framed={{}, [@map_fd={0x18, 0xd792d10817fcc8b5, 0x1, 0x0, r3}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5, 0x0, 0x20000000000000}, 0x18)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000580)=@base={0x18, 0x0, 0x41, 0x0, 0x101, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x4, 0xfffffffc}, 0x50)
sendmmsg$inet6(r4, &(0x7f0000001600)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x9, @mcast2, 0x80000000}, 0x1c, 0x0, 0x0, &(0x7f0000000280)=[@rthdr={{0x28, 0x29, 0x39, {0x2c, 0x2, 0x2, 0x1, 0x0, [@private2]}}}], 0x28}}], 0x1, 0x20000000)
socket$pptp(0x18, 0x1, 0x2)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=@newtfilter={0x2c, 0x2c, 0xd27, 0x70bd08, 0x8000, {0x0, 0x0, 0x0, r8, {0x10, 0xb}, {0xfff2}, {0xc, 0xfff3}}, [@TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x22044028}, 0x40040)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x300, 0x0, 0x1, {0x60, 0x0, 0x0, 0x0, {0x4, 0x10}, {0xffe0, 0xffff}, {0x9, 0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_MPU={0x8, 0xe, 0x40}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0xdd1}]}}]}, 0x44}}, 0x0)

5m18.537124126s ago: executing program 35 (id=1013):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r2, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)="c2", 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x0)
r3 = dup(r2)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f00000012c0)={0x0, @in={{0x2, 0x4e21, @local}}, 0x6, 0x34c3}, 0x90)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
r4 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x80, 0x1, 0x40000333}, &(0x7f0000000240)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_usb_connect$uac1(0x2, 0xdc, 0x0, 0x0)
io_uring_register$IORING_REGISTER_NAPI(r4, 0x1b, &(0x7f0000000040)={0xd, 0xcd}, 0x1)
r7 = socket$isdn(0x22, 0x2, 0x22)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
rt_sigaction(0x4, 0x0, 0x0, 0x8, &(0x7f0000000000))
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r7, 0x0, &(0x7f0000000600)=[{&(0x7f0000001080)=""/216, 0xd8}], 0x1})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)

5m3.592433223s ago: executing program 36 (id=1017):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x80000)
r2 = dup2(r1, r0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000140), 0xa, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r3, 0xc010640c, &(0x7f0000000000)={0x5})
r4 = socket$inet6(0xa, 0x3, 0x1)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x19)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
unshare(0x4c040200)
r6 = openat$cgroup_freezer_state(r0, &(0x7f0000000280), 0x2, 0x0)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r6, 0xf502, 0x0)
bind$inet6(r4, 0x0, 0x0)
ioctl$BTRFS_IOC_RESIZE(r2, 0x50009403, &(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYBLOB=':+0000'])
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000180)={@in={{0x2, 0x4e22, @remote}}, 0x0, 0x0, 0x19, 0x0, "af198d486021bf42865a3182cee4e7550103af70e40d347081a6e68263b8312c09c62772664d4f57ecd6bbc07eb22e82c39167f3c425b4e6e566f344f3dc5aee42b5877a94f2ed3aa4491fc28982e4e8"}, 0xd8)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

2m33.877996803s ago: executing program 8 (id=1313):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r0, &(0x7f0000000400), &(0x7f0000000440)=""/236}, 0x20)

2m33.25357637s ago: executing program 8 (id=1315):
socket$inet6(0xa, 0x3, 0x3c)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000400)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "c4a8bb72"}]}}, 0x0}, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r2, 0x400c4808, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x8, 0xdd, 0xff}, 0x50)
close(0x3)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1900000004000000040000000a"], 0x50)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x3d}]}, &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r4}, &(0x7f0000000440)=0x2000000, &(0x7f0000000480)=r5}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r6}, 0x10)
syz_io_uring_setup(0x23b6, &(0x7f0000000100)={0x0, 0xb40b, 0x100, 0x1, 0x10f}, &(0x7f0000000000), &(0x7f0000002180))
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x80200, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r8 = getpid()
syz_pidfd_open(r8, 0x0)
pselect6(0x40, &(0x7f0000000080)={0x5, 0x0, 0x120000000000, 0x2, 0x500, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000180)={0x3fe, 0x7, 0x0, 0x9, 0x86, 0x800, 0x80000002}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2m27.061569914s ago: executing program 8 (id=1327):
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1, 0x0, 0x4000}}], 0x400000000000181, 0x9200000000000000)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000540)=0x5, 0x4)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000000004010)

2m25.763737102s ago: executing program 8 (id=1328):
socket$inet6(0xa, 0x80002, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000140)="0f09f29e0f0050f366b869a900000f23d00f21f86635000000030f23f8baf80c66b8d00ffa8e66efbafc0cb816acef0fc7300ff8b8b5910f20e06635080000000f22e00f20c06635000000200f22c0baf80c66b84d0e188666efbafc0cb003ee", 0x60}], 0x1, 0x2, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x2d, 0x20040040)
bind$unix(r7, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
recvmmsg(r6, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x10020, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_GETMODE(r8, 0x5601, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0xb49, 0x9, 0x8, 0x7, 0xfffffff9}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vicodec0(0xffffff9c, 0x0, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r9, 0x8983, &(0x7f00000000c0)={0x0, 'macvlan0\x00', {0x1}, 0x2})

2m24.311198926s ago: executing program 8 (id=1333):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140))
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x10400}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
ppoll(&(0x7f0000000140)=[{r3}], 0x1, 0x0, 0x0, 0x0)
syz_fuse_handle_req(r1, &(0x7f0000004200)="9c7229b3b13ab2edd8ae742153edbde2f2b8580a32318f0e1c0ba0e4830ecd079784690876773e01b68af1b951109b96bc4828e91b62b25578a41a42d456d0ea18599c96460b0e49923f4cf4d70098f8cb469ca8f0e4ecaed1c9047ff044a5f836ad8e1ca353b7444b2cd6283680720472d70610a8d34f7be697a2998b3cfcfbc7200c7a2730c500fb967d434022701b2ef32e4842ffcad78da81fb58dc80e000d2912ce8767e673873193e8b3eee5adc0bc16bf5508a6d1944330a840695932d346300cc4aa91406c021a6c3e428642f2ef1fe24e4563bb788d602fb107d994db1586f4df75811468731cbca31878d1e08641be1317a36e0bacd07a885baee68a78bbe7b980967de4662af4fbc3dda307ec10d5c54a704db53c934883caa2e839ecf0dbc92ad09cb09324879200e68ab8a39f2c3742bf294a6c0f485b1e1f5da8d5459525da76782467bfa74a070f3cbad2961bcdbf1234fa2abfa94eae333f9ec62287832cd5fd71af91a96f4224f5bf7fae5048d5f9b112e756a833e75330487ed5c645cb0e334688abbea680e9d04ba96d73c004fba018c676c92a4dedf581848c2cd130de468b76f0b357d312246e0daa073ae9b477bab55da376a2b383c740b78041e564c954d9c61c4a8c85d3979cc12d8289276d75f902c5bbe4df0e0be90880b4d05f70f07c3027d9227b5d7cdb9780e0cf91a853ff9d8793b1b02323b4336e64f725cb5414edc4a3b849f875ff69de1d67f28cbd036c7804760a6039894b777561c0455a7eff99d9cc462ededae8e34ef61c48b24efcf15f607982ec7b7c30cf9875a10bf05f103e88a77cc3f328b10756966a324621bbe3df7aacaee486475680aceae36e4b12970b9025f7f7d155b8133bf108119414b83d49bb7a288725c886d6af3c03a1a8b8cf7e10797067f129f82186d760ca7f14776a0229e840b47fce4d8ddf65bb4dc9c245b83c1d2d7c10bddfb00f8ff5e1f8fdcc48d1fd2a4e5bf22dffa491de9423e8a6265bce515f5490614a61f672525847884df3a317e85d478a2204f33d43e72b000d0139324b7f7fa8ed181031beefe72289878fa91ee7c74318dae7e85176785f71df3a7388760bc8ba0f84bd2e2dfdea1c3ea60c2d88afa85e8ed86faabb8bb9fc50596b99bdd91d39d2baaeb0a0b360224465cfc759cf0a85bcce0ba009d8325a082e398f477206804ddb6ae76ced6f32f47fdbe2319dd37ad05d3b1d7fc1828198bfba4c92c7cd612776b6cfdd39f4ca12e8d29a8089afeb852d9927159ec7025f1a55be6787b0211c4b4cfcc7d82c26e5bf068dcca07045ee9708158724b325d5c0040d73910347b89f0e09fcfd02e37f5fa5b1a9e6bb5060a13964241cf38bc8804e722454a33fe7fb3a117b7719eea43194972b62c3a7d30cb419d24218d3f76117d7ec58e8a2e87bbc6890d42181918d66037c5ec5336309c48991020c91963296e4089c3ffece388a5ff32afb26b197bbb46edbd41c94d5a007bab3d082b9ffd38eb6af1d1d58909d2b8e9a99c4e658d91f6a1c490db503e287d31b11dcfddbe5b097ea775d855a569e51b9fc560e3b9c9e876d3e5a953b9f0e9fb5e5e5325d5df94a2429917d3cd53f938922bc0ae43630ae520d28df260f909b2368d2a5fbcc20919dd1613a811ef9878f21b47ddb4a2457dc28bb117b5c8a856e54f01a0d700de3620aa38c0f52ebf402d0620a5b075b8d1f7ce7b504b2a6158d23fadb50b55dc4e4d8c461f5b6f1a16dd86db44fa516f8fa04df4388a3f3e0fa87925f0b22be8f4ce89b089e8cc9903d4541bc371596a63ae6c808a4c8862bd58d5e9ebf0977c15b0fd4c258ebbc865e4bde8ec081f1d6359ce38facccae479a5057f403f70f45d02636120727f94f4300c425d0e830d640d2211195d485578ea79bfe18a4589e1209621ee6c2d26ff5a4986ba7facd77db0352456eabcc16b02bdb9081c413a94f284dde5269cc0b8ad2248b3e8ae5a8f282b769ede690ca4c867216757ef309cb8bdfe28ed7b044fc45ac3775c225ef9b228e30452228d1bae92ae2b76b91975d5d76967c62c878f5a1496ff5f0a2abb7dddb00c72dd2ad77836922c4a899225b81a45d6cd48fe0095735e2adea35e673d05df1fb1ccb9069703787090e0d9da91c212b8f856acb0d216c516598ee5fff92d63210b314ed44631a02c0458828aa819e6716adc5842db90cbe4370b25e7dab6f76fcbd0fd87aea135edc33a5467a7483dfcabd48256189f488899a23710878f942c720fa3c6717f8253ca8d489bee3bb9dcefd645978103928641c20b764466c6ce26f54d47b873bcb028c026ab7d9d28acfcd9ff612d7dc734b3633ee7e6bbc237f5a2480dc0c8c235ecd4195c610da480718752b64116ccbef95e91053d840e3c515aacb55d943881d255a1067f9a8e886e374e2cd10f7667f55f2ffd5b7f2b1368a027e5edad4a6cdee3ac6d4485a17d606c15ccf348e4e58f456ec2f8361ca6dfd70b248dcfd30aece7cd3b8d50adf10f4a45ab21dee13d12d66e9c6642d9c871a0bd920fd3b7ac2737c5169a21fe685fca816bea76d760a1bd3a8a49137a219bdc252a727955c73a1349736410d652ced5f7db1e79e6303f22ca04b5ab80c82bd9d42acf3e800aa47296f5aa48098cf90b13782a9d3303bd34e0f6f86eb5f6654283ae7d7aef932dcdd7bc63908c5579ff6b2205915fc4cf46337069b697e577d153a4669cbe06a5a7b0414b47ec34b79aa6781a1315c0b8ea38168e821701c8c6f04d3ff0f846f4834fb19b5f727a59785a070ee45ea82ea9d3514ba3e169453fa240da9a0792b92ff42272296451a03968c5182661331b3972d498cb248fe67d10de2414a04cc4cfe21780f66efa21d416cf8f51472f3d4be17f64606500138c55e44dcffa57f63c4c3473cfbaaff5093007b696d316a651e332e44a3e61458a91f9a27c9321fa43d2f2949efa477a89dcca9dc094247a988a86794320881f87ec8eee86fa7721090d5bc6c854792ec89ab6318454e9899a6290231d7914ce37df59a9cab9375c3fbf8910ded020d2bd856f4f395f26ae53a5a2736af04826778709c33b7f230f13bddac8a7a333c9fa276c33af1547a8dcc847c0ef745e345b6127e79c76e04e01862652485ef6e81e6e7140d2874a08fff98418621da96f96c0027acb948768454540fe7440de333490cfbea1cecb05e817daee34616a03e837399dda6c4e072495d3d24d5b9607492351f4f0d3999b55d51fab9f22c054ce996463b7d31984ee525109e2f8d34751b936e3b427efa72629a7a3aee313501cff1db4f103a1fa52cf37b895c79edd5b578532875222775906db38b135ca1e75be5a8a60db811c37c417e727343fd265330e5dcfc41d5d8fa563aea090d629dc5aaa89f9207c115ea10cc21185c8df4f93b9d0813b5af496ca089c9b006bfcf7d807d894f08939f7c719c359bdcf2e1e429583b97bbe55c9187376497fcf1dae24e69ab3b9c9ca4fd2729fca6c6d6947d38bb51a9024153ef87e85084eb4496bccdbfc3065a517e0bc5d14a4b79798dac8d5a3da9063cd9bc5bf078659b8bf86e9076c7ca87472c6296322ca7918f4aa60414cb3ab25384f4b1465e95f246cf7865342fd47c81cdb17607f1e098c38aed5a858b25ff1c3584f9df4fb4c3e02e9a283c0fb56d11fab489bc10800934cc8e2074416242eeb7d275802ed15ae0bfe398ba9d2c426f2596097c1a7ab67ae25353dbbc19018ccfda728785c2757cc284970de5817ba49a9b42933594095df59e411316d0fd6cdf4818556f082cb536139463663a325aec7896e9786d27af5c9b265d87cc96b11c47e405cf3e1dd471a9d311c7e309cc75324ef3bdac29e97a854567aff9d33643ce0058008df2aa538a17d567e51fc63d4b8095d65391161decb0c054b570408bd933fb814fcee0f1fd49c01130d9f778b668e66aaca13b2d6e31cb681b451414b0dfa429728ad6465c247edb393e926be659d6cb4d03732db78d735ca3740c8166f3fd29cb7792308a14073fd49c84718a93e0245c98f7293b961259fc65cc9277626d03262048b83f28fe1a0643b437150f9a55e731ce72f402e7c7d7c6f8cc7791c36f467f0364799a8f58edb14f71f5eb10b712f6eb9756f3d34f637cee0634167c8267c90a2de779902451f0a299d3c3a1b1e8f5016aaf66bcd98861a7ea5a2b21fdd50e0e0a4244cd6a3fde592e5dc65679123b4328a28faf0e09b8e2c6cc6c38fdca0fc7af252de5f9b6bbe820539a21715c1be7a48f271fe81d946832ddd54945dc1261939d6a3a105c490fbdfc7569975d42b0c51a558458cd153689ffeecd7d679e7b1d7cd8dd0605b8e9123bd9dc4bf0481f537e187628de7b9282f2cfaa5ab7919a2ffb765079b7f5f31847383d49a245043ebde452b145117541cc7a0c46c0e79165b9b25ddce143912f29a98f1494b66beebd54f338cc5ac8a9e95b6e2f472e0047d82931bb445994a9437e83a3070a09f0bffe25b4580ae7d36bd53ac57af22586bf930288bd7476a390f126fc8b9c95994e5bbbf3663fa7740e53f1720bc8b4e4026904e91bf7863ef4d6459bb350f1625d1d00e66cccad34a0e54b18ee8efec8bfaf743089ad537e0860a2cc06280565f03843b5f6239b3139a9092a9d1151fa38f38e591b7781e1c9c74eb76d8b6ffcbafaf107a60e6557a10145a8b432b35a982c1d6762998b69d7f3ab79a651190062e387d7da3bfbb71294d96a3e9a9caa6b53805b48a4b8de0388a5fdebcdae87e0bcca06eaf780cd4c43ba8d17833602887ef6828b3c892ca9b2e5b9e8fb150096851b7922f657420ecdd3019f6bfcc8133b302c775fc5ae03bf26bb33bb5cb8d44b86d53051dafa9c40a74e1b9a3a9405c73efa51dc7b71674cf9975e711c611cd2edffee8907ed06fdf44d1dd354d5c14c76c2371b76bc84a9a9d9a4da3ba9e7e931dbaf14c4fed0b7458c1bb6b46bfcec76ee98bc3da220b19c5d0fda2655bb93fed8ac78b4879485e20a961155ecdf815d95a698bc6ef4db5af21f9f7b0061f5cc16bbc262db0deac523c67c95b241886531e5003cc31ef77b57e3f75a55e9483a2620446058d50ff175896d003e2e48dd3e92c35c4f5234053685253f2bd28b3c9defb0d795b34dcd81104c614bf11acc2750fab57d43b5da18cfc84951580cd7c498c1c6891a77304d57641891d9748b20310b08931cea19c34abebf7ae089640ea809e2b87dad19dd4dcdeb572e25c53eca23692133da8a4a9420d9f8795778830bc61d48ec7392ba7ff0d6d5137aaece427fb830979511880388c21129b585431cffc45f17f2d9f108a42113d218a4763443bd077c535b4d9624a7746922a1cef87f90a9775b7716503560e5e8be1bbb4d231b4479ba826ea62caba4489a74c3d44d0dcbc2e64d66bad4837d6a65dee80e410156b153867873b7def3d0416fd1fd9235dda869106ae6e2bf1a045e78c4d473c269b878dcf79e8ed3f17772fed3622df495f85b5ea348d620771e60e457157092a05d01043b0d7f491b45e3227335b551567f885d8e4a8322e27e7574395d242a9d7cc6f1d69e70647b75604b655b2dc31a28f655585ee6692ace60e5acb360e8e54022aa05abfb55cb13f92caf364bf1b564ed67a2cdca2261776fda03c094f3c7fbd22c7bb595f06d5a2ef3d1c49ac1c7fe6a97b0f4ff50d54d5ae2fda2e2aec81f3eae0dad645cf65f59eed5c70e3e5a4824a176e8d0b9ac3ba81cf2ab74f1f7f571f3d6886c967cb7d5bd0945551121416d079f41fa016cf0be5dacdf4b0a92756bc0f240f57e6b679b418dfcd33fd10ef7dfa12f2822dbe04630078d3b35568f45c71f440c377bad0337253c88fb56ef9b827309f37ab272d407a46c1f9ce970524d7e42c4d7826ceb77a01a774b9f8a2225cab7a3318aa4ab1407747279704efadf4186a5d80c2ab89c947ebe7c00ad6d3c7a449eae93c3529fde28b77c164f2e2cda7e9d123bb50afed45d8af69b320ea4ba520c4746e6df207ca9ebc8346b3e05376a161c7a6e4e3373c5861d0e3e2b1f83dfce27c9e2e64f25dccc2eddb2182de16fb37a315fb1688a07849a2c75391cfbda98bb8b1c2497b9f931307134d26e3696c1c93203b42b27b9c9bcde6b882b73c65e42aaf766a30089fe85a8b652f60b27040c2b22760179aba4ab22844f5dc996620951840c1175d0b9dabc24694575c6d69d8cfe821529871ee4adb1065c1855a4f22039c9bf844957cc74117109299fb497c24de798dbf27aeb5ed0beb90853c64241e84ad386e11ccefdf3119b9882969701cc137c129aaa5021da5e64c62346bfdd6aa27c7007412735798a65da08178f2505c126010c1c4d7471add175b19e15319c9a621445ef2a539d374ab23a9c288d2a08535632fb4147bcc8cd50ba8cf89af0e2889197f0249ad43002bdf444499c2a2e4bab52a0e756d307708cc8d8dd4992445d1ceaef6adb4f203fc8f72f64cf8448d4cd04eae7945f9c743c00b92240a2deb8ebbcad91b7b09703e108b7cc9dd9ea37689a4ac584134e03ea0b77d959850473a45b5a6cca61335c0a2df35968aa72e1d9840e1422e0c6df2d468082d8341a75c19d7815da1fa5dde484eb21aaf5f7d205d95a780ee219104b24a0218881aa937726fc0c61ca90b0f9fed131a9dd29d8d05921eddcf4d2b2cac1a4727748fd1a0a4dcf00df67a27ea8d35bc26de1a2c8b9f9029816d1fcfd6fce83ca02fa0d669321a805bec7bf2b14398820821c143a7c8c918fb575c20101556c27cc383e10c7c8ab6c8f419b0a54f5939823538c76064f14f1d10811aa465ca2d70defc90c7362ceb6368400e2ee29da1493549019baa6e08a9ceaf3db91d53f764aaea4c47eb8cc1e52d365d4de521d34908fd6517d71dabbd0e3d01be2af2f80ae8328101435c828789c4130729d86a8390aee8e7b29f686e2037e2f37a3e97f758c422bda0ab48048f44ffc76ee0fb2868d60422f8a5a5680624b18a343c696181199f75b035f032f61d825374f30cb43ff83233f1cd11e91b02759475c0723b5b6ee9fa88a34de12453a4879a15e3170f95e26a128327db2e5c3bad34cc57bfc36a1261110c577a987db259c23664617e992e9580e0c06d57d80c87eda7bca09ccf09a1c985b8e82c6115b8398ed6ef4dfb550aa7118cd46eda5622e9bb57103c5d0fd7e47774a6b5c6eebb25eecc8ddcf16cb188fb04328e45675938d3f0cb12eb6a55ea9d03427d334a6152efdcca05302fbf679f913da1ba1b58e6a4bb724731768e96e95749000e58d0f26f8ccabdcced362b51c1ffc7f0ccdf84b7bcf3a7d670a786a93d2d5024346266607b803be610f2fc4f149dfe5688bfd3011505565454bfedc1c120718662c205a0f646f03490192a6c9e3167d64c330af2989504773287f99889c80c50c32873bb570ce2897c824b79e56bed925678ef92437668b6f1fc41a3e0c9c57c3a73ebf6e7071f309a6006b89d459c39826493c45efc7c27d0a10541b6ed0662d7ac6500c25a732a5c0f33e8637835478dc1c280b64b6f1fabf9e7a72f834e86c4e35895d2353a68e89f680e08e1c6759ddb93528eec2ea35a9edc0956e0ae80f6aaf1baec128c5683331f03886aaead536fc8255c905df63c9c4a2e589547625f5ab22036e0ab1e91eb7fe60677da1aa2ceab2fe06bb75e94236316c53a4fc62fbf7d35f0f23cb9622b059f430bcc9ddd41b65dd5267a882dfc8fbe2431c45b947de1b64a2e02bb7c3bdd897ecf5d73449db50dbbee797135d365bcf418057add761b65862943ed6ee5175206aa0fef443d570bb2bfd105372d2d938e74b0ed69c569eacabc4c6cd9ea91e71bf6fe87066ea055586810beb65aa606eb83531e8cf767a0889ee4be5bc26e273ac1ef8c075d6ce73c1db96d24e4a271c997dbe9cf27d7a597b5e14179ce8d0f824ddf7a23f9bfa055a5af4cc9f9abcf78916f78df601207b3fd854d48db7fac76beb8bb18e452be6b78e195f85cc8c7fba4cbb4558cfe9f049a9ba300e3bdc6f2c77fad8539161930734daaf67652f49cbc4eb8c5d8ad67adbd5d24001d2e7759537fa72f58836df113dd971f5cb818e1c04f16ff30318327ea569a37959c20fbd5fbdfa48b22ad28816f793a132534d27ecdb654370d41c879bb66b7613537acbc18d24a622dd8593e0fc494f58e548f56de3441aaadc28bee95e208337c32218ccb499d4cd68ef01100911cb7ac63178d7d61491c1fa6ac489ca0c7d0b7344853699f5197ea00458d161736556ae7ef3722b2a47b18c3e41e9735ef605e87eda73a3252beba2b2bf06cd33dbb726dc947ca19fe1fe096a764d639bcd0b2390504dae1dd732460f4302555ee4e1d26898d1190577de51508de933d953c353c4020fc5976181da4ea73aa47ace88add4a314e3480dddef85e6adc264a6e845bd65321dc84693b2c53cc60a7b2ec267557f7e4764211136f707d6a50da3e504073806d9276c7658e2385d0933671b3f4b643384b3a66ab699dd3aff154b9f92bbcac897074ff56fdbd8fc84f9a2a780a71ec823881b7982eca95e761ef9a84d1605bf4bb86080882e90676c3de87f1a073f5d86fb78ef310bcf2dc7cdcfa411b227500b1ff0e19db9525c9c2843d8dab5c4dce47056cfd7039897a750c5db76191ff1666f00b86cb73b523de530cf3ed0cae94a407cc9974d7686d36cddfa28e64c7dec078ae7538fec8139c8452d79dcc682367d94513bd0fe8ee81285c6557f8690928fdb4552132c23bb81247bdfed42c1acb715dcdb55acbb5241639e80d1b29bb623e308e249dfdb7a61fe62e0cfd35cc013ca670ff29d919a98332889d3410a2fd6aa4cf7ed8521362ad93064bf54f44c32f75566a28cf28e176e448b6bc25e0cd84507febdcdb8e9677b7be95d7fb655f49125704ab0aa3c86cb891c15df193b19105158932983d06ce97b376a1af62f3ebb79b306d4f90be696aa8ed767fd57ceada2c2ba21c7c168ff22f1399f02b54f90c5fe245508c7123c9753a67751008a9334556ae394e0f6a8ab236c860236811adce12ba09972c01cf4f2569c7e821e0de5b9995d80979fe6a32ba0bd22917dc984511818b78eb6d3b971fe1360784ffc345593a15f024d69334548f1b2bbda41688494fc9f82b1870dfaba60e6e6d7a3b78e9b5c7aef2df88a7b154e533a9822ec7359974276486d22f3311d817a9746117652f4f3f07e7a069022a45b10a6b4fb9d85d7b9fb89ee2df467ce1a8cadb4d1a30ddc316d5ca01c192e7fa6a719b5348ce56b901d8f50c1384e909d7e9c8744eaad11bb266b4933df9c94267e5d2a46496069cf907351ee837071f41e9bb5145ceb64dd2d7301d5f6f20aecb1fe39633c9ff421dd0d0891ddbc0236090445ffa0d720d9016ababc3e716f9bd91c041520fec85ab2da9ff6c1282bd1bb9602a20b71920cd75a3f36fc31b32379fb0d3ff088c6254d6644f85652f0c942815f663ea374b5dfd28fae6f36dbf7d0cf1fd338ed2b48b0c728e04d643a5821bb92ad1fbfe63a84b381c5ddc4a3aa2763a13a0404212fe6cd282070c7923a5bc47f757c5fdbd00abc75e6ffb9b453ff0ee882e174e1dc067545cf8617b236ebecec070ec9a8923a1f04cd1a37287ad1a18a8f2650c92e72d0fb21eeccc936c98b22987e6bc0e6f21bf230910caa50b049049637883eac535a93d30621a7c3fd28aa2134ce819ffa6aa3b6add864bd2615f01bb6e8def2f59bb78d41b95116c4f60637210a58de885988f1ee5c72582a9b2ab54a50825d60cdf3d7d21e8aaab4e96e5ca8498199c69c55d660db1f5a10760fb5a9df6b9df26d05ce0e642f0bf2279ed0f91250878e4c893531f555a618d2465e8a93ac3cc81c69e255e687dc826403753d1b820b3f58724c4cd46670d93c9874d9c05958faa1a7731b7a4226c935485ad36285b8cfcc7153c12de924b82449d08e95176a87de75e7e512192ca3fc433d1582d4e32a6fa98a1878c96e102c54709b0b692b44c12dfe877a1e0f527559182a83cab95c6b5a76373c2004ceeb7895f215ae372e5f3ee561ae8e25e7f75a7ae92c7b2e2bcd6023f5ab7cb76ab22347a70b877c29e897981e7cf2f06adbe69329921a4c4e96b8d1bbc05ff9307a2b921c8d9a756ed81ac03f7ef9f1f5b2e015625b0ca8c8a901d27466450807df30b7bd1218120c188ad946d2d03df5c58a6ba10dbd9810f443fbc11850e00a2b8bda70ee332d9596de66f2342c5eaa5dd1e735aa6daea683d8a854c48161f886792374067535e6de4f337478a52107dbdea3e56ccc30b33ad8a4a5cf9dbc21d77439e39a87d21f13c4c7a6b1f62ba6178a8874024af63c168de41dc10aeafbc3d07b2b40cb84aa524ff6ee52d0eb2aa3da73308245eedec6870ac32a254573f3af5d1d4bb2b186848bca3eca767cc94d61f4f5cde5b8f3a4463e9f16028e33cf793befcb0982a4709ce63ba8e268a457b932114f9ec29c2eb5b1d047f7c392f56a0de3f2c18c1c4ab7a69e85f729845213a9fedd738d916009abcdeaceaa3af949179ea1075f035b7d07f31b2a4231b20164863fb2137cafcf38b1ab8ff753e6e1405480ffb334c88184b4132f14d71063ace4c8cdbc871d88cdc3658c56fad5121b38b707ce7b9a5aabc6df6f364b66e3226df69f3cd13cb4b00f94d3b698169188835109bf9eb808e608d4db90e4bfa76e4b3322151fa849f6bdfb570efeed75141b203f1313a6f8e2cba59d8d4eff390e97ad4c0add1d9f9cca55c3aa28c217b43389da408f8539a3850550ef7bbc4d83c0a204827df8d84df827ee2ea0131eef890c376c97698b2c50b942a68a770d8fbec3ae33f14dfab45f0416f394f8c8553d7a7ae384c92d3c2cee574938eb0d9490aeab1ef777c0efe2bf8ac515fde805beac15a1ecd0466b5a5b0fb6a2947333431ad0332c637f72b370d394f454faa86f0dbcdcfb1348eeb4a39cfad23a7a0ad36ecc4e49ec9a3d45130c608f02a37f397f3e3b95a1dec84bbc568109daeb75774460cf787c6ccf110be877157b1ea1358608ac545c15fb82e0d1c97b2282329540ea1ab4e1b4caff58b5e5bb6f9a175d7f61b7acfe0f3b2ae95a026ccfd4abbf89cee696eb4f4ca74d079614c822ad140ce332e82d5014147076ca850666fd2000b98e7a672adf7223c272c6eff5311e4875249542bf7ffeef5394462b9b92f2d4037483244ea9ed5ba33e6a5af339d0894859864143e9072ff041966f6cf8d7826859a90bd4f0675234ca3ce8492be0435f32a38342feb9583b531376f1ded3a4650945330ee5815ce943861cd063fe4c9c74a3c94aba1b95d877ebae860bf70ed0580ab0c51835ab672eef3c485efc95fbe998019238c33c3d91b3a2aba15dad0cd09b9e4dabb21a67917a52f289167fa3632bf58460ea3b4e192916e0a4e0e799845c2395c7a612d725af5c63d7b295f31ee3366668dd2f6d8cf51e1c7fe02a3be8d434cbd2a1b74055d87feb0c63c6574a80f197162c168352fdf7ea90a3b449b46f9ddd60a8e7260fe1178fea4f2ac05747834e33b4", 0x2000, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
close(r1)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_SETMODE(r4, 0x5602, &(0x7f0000000040)={0x7, 0x0, 0x1ff, 0x2, 0x7})
r5 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000080)=@name, &(0x7f00000000c0)=0x10, 0x80000)
getpeername$tipc(r5, &(0x7f0000000100)=@name, &(0x7f0000000180)=0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
ioctl$UFFDIO_COPY(r0, 0x8010aa02, &(0x7f0000000000)={&(0x7f0000548000/0x1000)=nil, &(0x7f0000fee000/0x11000)=nil, 0x1000})

2m22.195941931s ago: executing program 8 (id=1338):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
dup(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
ftruncate(r1, 0x9)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
lseek(r3, 0x1000000000931f, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000))
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES16=r7, @ANYBLOB], 0x14}}, 0x0)
sendfile(r6, r5, &(0x7f00000000c0)=0x58, 0x5)
sendmsg$inet6(r0, 0x0, 0x20048843)

2m7.040017882s ago: executing program 37 (id=1338):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
dup(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
ftruncate(r1, 0x9)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
lseek(r3, 0x1000000000931f, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000))
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES16=r7, @ANYBLOB], 0x14}}, 0x0)
sendfile(r6, r5, &(0x7f00000000c0)=0x58, 0x5)
sendmsg$inet6(r0, 0x0, 0x20048843)

15.610232331s ago: executing program 6 (id=1652):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x103}, 0x0)
r1 = getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r2 = syz_open_dev$loop(&(0x7f0000000100), 0xdf6, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffb}, 0x18)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8540, 0x0)
write$binfmt_misc(r3, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d00009520a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bc0007008019000000000000000000000000af1e4ccfb7b3cad80004010400", [0x1, 0x2000000000001]}})
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
ptrace$peekuser(0x3, r1, 0x0)
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x2, 0x300)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c03390006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32], 0xb4}}, 0x0)

14.290806239s ago: executing program 6 (id=1654):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xff7fffffffffffff, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socket$can_bcm(0x1d, 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffe13)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0xee00)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x40, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$phonet_pipe(0x23, 0x5, 0x2)
sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, 0x0, 0x10)
socket(0x10, 0x400000000080803, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
getpid()
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r1, 0x2, &(0x7f0000000100)={0x1, 0x4}, 0x0)
landlock_restrict_self(r1, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$I2C_SLAVE(0xffffffffffffffff, 0x703, 0x3b0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000050000000000000080000000850000007500000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000018000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
landlock_restrict_self(r1, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

12.134216513s ago: executing program 6 (id=1658):
sendmsg$L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000008bce6cb8f62794be493f437de16c33617b5b5875fd84dc8ce7cc"], 0x14}}, 0x40)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x3, 0x1, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000080)="f226360f1853c266b9800000c00f326635010000000f30fe06346c2e656536f20f5dd466b9800000c00f326635000100000f300f705e00000f011926a9000066b98b00000066b80030000066ba000000000f3066b9c50d00000f32", 0x5b}], 0x1, 0x84f823c6c6abaa74, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

11.416195236s ago: executing program 9 (id=1660):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r0, 0xffffffffffffffff, 0x0)

11.328479747s ago: executing program 9 (id=1661):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000240)={0x1, 'veth0_to_team\x00'}, 0x18)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x202)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, &(0x7f0000000040)={0xf, 0x2, 'client1\x00', 0x4, "70067ad327c699d3", "78a45e16571ec69bc5afc81e679e50b0d40d6a65820e48ce9b168132d17e5813", 0xffffff2a, 0x7fff})
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi0\x00', 0xb0440, 0x0)
ioctl$COMEDI_RANGEINFO(r2, 0x80106408, &(0x7f00000000c0)={0x6, &(0x7f0000000080)=[{}, {}, {}]})
syz_emit_ethernet(0xbf, &(0x7f0000000e80)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb1, 0x0, 0x0, 0xfb, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x9, @loopback, @local, {[@cipso={0x86, 0x77, 0xffffffffffffffff, [{0x0, 0xc, "0800b28c590300000052"}, {0x5, 0x9, "020007651442eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x6, 0x7, "cfa11cab1a"}, {0x0, 0x10, "000000000000e2e7000000000000"}, {0x6, 0xa, "0000000000800000"}, {0x0, 0x12, "73bc95a70000ffa30900a301c8460000"}, {0x0, 0x12, "c8f46976e79ea788f03d9d3205927e3d"}]}, @cipso={0x86, 0x6, 0x22}]}}, "ef"}}}}}, 0x0)

10.793882426s ago: executing program 9 (id=1664):
r0 = socket$inet6(0xa, 0x2, 0x3a)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x10, 0x6, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000580), 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f0000000280)={0xa, 0x2, 0x0, @local, 0x4000100}, 0x1c, &(0x7f0000000240), 0x0, &(0x7f0000000080)=ANY=[], 0x2}}], 0x1, 0x40080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
process_vm_readv(0x0, &(0x7f0000000140), 0x100000000000028b, 0x0, 0x12, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
socket$phonet_pipe(0x23, 0x5, 0x2)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x112080c, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
r4 = gettid()
tkill(r4, 0x12)
io_setup(0x6, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40041}, 0x40010)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e26, 0x3, @private2, 0x4e}}, 0x3, 0x80}, 0x0)
r6 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r6, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendto$l2tp(r6, &(0x7f0000000040)="e5786a0d000000000000c83b", 0xc, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_int(r6, 0x0, 0x8, &(0x7f0000000080)=0x3, 0x4)
recvfrom$l2tp(r6, 0x0, 0x0, 0x10020, 0x0, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000280)=@filename='./file0\x00', 0x0, 0x0)

10.68359964s ago: executing program 7 (id=1665):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
listen(0xffffffffffffffff, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x24f6, &(0x7f0000000b80)={0x0, 0x0, 0x10100, 0x2, 0x33a}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r4=>0x0})
connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1, 0x840, 0x0, {}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "ef1d62ee7e923b0ad9cda5b28dd4753620a2f0271768a8284c18a4e2b5e44dc77098b18fd964df81213608ec503db52d42f1a78c97322f4ae4c8dc89cf2b1440"}}, 0x80}}, 0x0)
sendmsg$can_bcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x2, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x40, 0x1, 0x0, 0x0, "ce2a4fa7a0aa108b"}}, 0x48}}, 0x40884)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x8})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

10.380000648s ago: executing program 6 (id=1667):
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0xffffffffffffff4f)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xded, 0xffffffff}, 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550c, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = socket(0x800000000000002, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2a, &(0x7f0000000200)={0x85, {{0xa, 0x0, 0x2, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote, 0x400}}}, 0x108)
r5 = socket(0x80000000000000a, 0x2, 0x0)
write$nci(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="44f100"/12], 0x7)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
sendto$inet6(r6, &(0x7f0000000340)="d4d7efad020efa27e4b5b271825ef53d030f992ff58468566c6fc090ac508f876b89a6004f4d6aa59f13c8afda4bfc2137c8a1d584595b77c2a5f6a72a6d627f3408143aae7315bb608e1557b707b38c30f447a288036c", 0x57, 0x10, 0x0, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108)
close(r4)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f00000001c0)={0x60, 0x2, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000001000/0x4000)=nil, 0x0, 0x0, 0x0, 0xfffffffffff7fffd, 0x0, 0x14, 0x0, 0x24})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0x8, 0x4, 0x10, '\x00', 0xc1d})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

10.061160528s ago: executing program 0 (id=1668):
syz_usb_connect(0x6, 0x1fc, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
lgetxattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000140)=@known='user.incfs.metadata\x00', &(0x7f0000000180)=""/90, 0x5a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
socket$packet(0x11, 0x2, 0x300)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
setxattr$system_posix_acl(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000100)='system.posix_acl_default\x00', 0x0, 0x0, 0x3)

8.912616747s ago: executing program 7 (id=1670):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x13, r0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'wpan0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$nfc(&(0x7f0000000780), 0xffffffffffffffff)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80006)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r4, &(0x7f0000000400), &(0x7f0000000440)=""/236}, 0x20)

8.829625047s ago: executing program 9 (id=1672):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_io_uring_setup(0x499, &(0x7f0000000200)={0x0, 0xf7c9, 0x0, 0x1, 0x193}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(0xffffffffffffffff, 0x26c8, 0x0, 0x1, 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r6 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="00000201aaaaaaaaaabbaaaaaaaaaabb88a8300000f700007c48"], 0x1a)
socket$inet_sctp(0x2, 0x1, 0x84)
landlock_restrict_self(r1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000ac0)=@raw={'raw\x00', 0x8, 0x3, 0x500, 0x1c0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x430, 0xffffffff, 0xffffffff, 0x430, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz0\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x208, 0x270, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@iprange={{0x68}, {@ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4=@remote, @ipv6=@empty, @ipv6=@loopback}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x3, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x59d)
r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000001540), 0x1, 0x0)
ioctl$UI_SET_EVBIT(r8, 0x40045564, 0x1a)
ioctl$TCSBRKP(r8, 0x5425, 0x5)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r9, 0xc1004110, 0x0)

7.96992846s ago: executing program 5 (id=1673):
r0 = socket(0xa, 0x3, 0xff)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0x4000002}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f00000001c0)={@multicast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, 'z&-', 0x38, 0x3a, 0xfe, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x500, {0x2, 0x6, "081331", 0x9, 0xff, 0x0, @remote, @loopback, [@fragment={0xb8, 0x0, 0xa, 0x0, 0x0, 0x7, 0x65}]}}}}}}}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbb000000def3ffff0061fbddf000083afffe740000000101000000000000000000000000000000018000907822000009000000000000"], 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080))
ioctl$TIOCVHANGUP(r1, 0x5437, 0x2)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00', 0x6}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x5, 0xb68, 0xfffffffffffffeb9, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0xe}, 0x48)

5.600045833s ago: executing program 0 (id=1674):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x20, @remote}, 0x10)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x4000000000010046)

5.180563032s ago: executing program 7 (id=1675):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$ITER_CREATE(0x21, &(0x7f0000000040), 0x8)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x15, 0x5, 0x0)
openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
fanotify_init(0x1f00, 0x0)
socket$inet6(0xa, 0x800, 0xfff)
pselect6(0x40, &(0x7f0000000080)={0x5, 0x0, 0x40120000000000, 0x2, 0x500, 0x0, 0x1000001000, 0x249}, 0x0, &(0x7f0000000180)={0x3fe, 0x7, 0x0, 0xb, 0x86, 0x800, 0x80000002}, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$revoke(0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000300), 0x8)
socket(0x40000000015, 0x5, 0x0)

5.093663693s ago: executing program 5 (id=1676):
r0 = socket$inet6(0xa, 0x2, 0x3a)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x7, 0x0, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000580), 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmmsg$inet6(r0, 0x0, 0x0, 0x40080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
process_vm_readv(0x0, &(0x7f0000000140), 0x100000000000028b, 0x0, 0x12, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
socket$phonet_pipe(0x23, 0x5, 0x2)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x112080c, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x12)
io_setup(0x6, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40041}, 0x40010)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x84, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e26, 0x3, @private2, 0x4e}}, 0x3, 0x80}, 0x0)
r5 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendto$l2tp(r5, &(0x7f0000000040)="e5786a0d00000000", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_int(r5, 0x0, 0x8, &(0x7f0000000080)=0x3, 0x4)
quotactl$Q_QUOTAON(0xffffffff80000200, 0x0, 0x0, 0x0)

3.996529999s ago: executing program 5 (id=1677):
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000400)=0x3)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000016c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000001340)={0x40, 0xfffffffc}, 0x10)
sendmsg$tipc(r5, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
shutdown(r6, 0x2)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x15, 0x2c, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@jmp={0x5, 0x1, 0x6, 0x0, 0x2, 0x8, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x40000000}, @exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x86a}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}, @jmp={0x5, 0x1, 0x7, 0x2, 0x1, 0x80, 0x3}, @map_fd={0x18, 0x9, 0x1, 0x0, r7}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd}}, @exit], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x6}, 0x94)
r8 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$IMGETDEVINFO(r8, 0x80044944, 0x0)

3.927600677s ago: executing program 7 (id=1678):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0xd, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000800000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa108000000000047010000f6ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000300)='GPL\x00', 0x1, 0x5, &(0x7f0000000340)=""/5}, 0x90)
poll(0x0, 0x0, 0x3)
r1 = bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xc, 0x2031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xdada4db5d75ac874, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@gettaction={0x1c, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}]}, 0x1c}}, 0x0)
pwritev2(r1, &(0x7f0000000500)=[{&(0x7f0000000040)="37faa0083469d1", 0x7}], 0x1, 0x3, 0x9, 0x2)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x400017e)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f00000005c0)=""/222, 0x0, 0x8}, 0x94)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r5, 0x400448e1, &(0x7f0000000240)={0x1, 0xfffe, "be4108"})
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x82)
writev(r6, &(0x7f00000017c0)=[{&(0x7f0000000040)="273eebfecb7c0e923301b61c42cb1d11f41d00bdab2a3d983b065a56", 0x1c}, {&(0x7f0000000000)="fe00010ff1e20000003d8ad30b0036a00000000004b19651dcd445f1", 0x1c}], 0x2)
bind$bt_hci(r5, &(0x7f0000000000)={0x1f, 0x1, 0x2}, 0x6)

3.854208955s ago: executing program 9 (id=1679):
socket$inet6(0xa, 0x80002, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = dup(0xffffffffffffffff)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x2d, 0x20040040)
bind$unix(r6, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
recvmmsg(r5, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x10020, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_GETMODE(r7, 0x5601, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0xb49, 0x9, 0x8, 0x7, 0xfffffff9}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vicodec0(0xffffff9c, 0x0, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r8, 0x8983, &(0x7f00000000c0)={0x0, 'macvlan0\x00', {0x1}, 0x2})

3.85249143s ago: executing program 0 (id=1680):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000340)={0x1, 0x6d}, 0x8)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000001c0)=0x439b, 0x4)
sendmmsg$inet6(r0, &(0x7f0000001a00)=[{{&(0x7f0000000200)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x47}}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e24, 0x3, @private0, 0x7}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000040)="b7d6dfdd1bb691040d2e51c80d8e28b60868c8ba0a", 0x15}, {&(0x7f0000000380)="5a692cc5e07661f64207cda3a44e3d0f79db9f58a026128ba96e0de7c75e80d3788e57c58f0ad14629413a6aab7249096f708c0af3ce1e044a3196ce0b7c69eabe5e5cbbeab16de8b0093d8113075b2e3d9c75f145939ef706e0b354a28ed09a0d8b27e8f07a789ecea1093d55794285ffb9a1d068267d3b8b46d304f793965f54b9b2596c44720c11a39480178cb722aac77ebd2238399d1e25fc9b31a4e5cea00149c9febf3f43005148abf7cdf3fe7be4fcf90f9f18eece5b5cf6de052eccaf91c266da7e49d1973ff1865a91e42ddba6b455071c91a015046ef3f948f5c9e9fc010ccf41148e003188b7797bd1051f52af0e0d053b1f4dcd8d8334987433e1fa2b0d7e0dc58a708ac55a846bd71fbb84f5f56ca5de98ffd57455346a07303e80f8a1907d52882bb1a34361b50fcbf8dd3a56f479e931241a6e757a9302dadc1b2a94aefdf9b143fbc224777d8a641fbaa9ae985c16c56dd9a1981c51045ec19fe7fe2568ec638c0fb73c1e3131afd6fef8590f714de4494483940e84bd7c99f1d3723d069c4379f228f9ca230feb5e13fa8a6ed8ddfa798e7a1573be261b2325e87caf7c5160b452719b5c6ac898b34077b490ceffc9be38e6e1a40255f189beb3e2db363caccc37ee61fd5c845488864f970bc32f4a230cfdf5031160a1e3163af9ba54c83b02ec7480cf0c1d4bc033254f5593a32a0279607bf0c36a8ed3a0974befa18277d6b3084fc7821ae7cacdecdba0a4e2e57ab51cf6567944440a77231b0cebe112a1f47c48f9d6c1282adea55b0388a4190d602f06ed34ba00b3a762efe2568fa10703f88a2c0c9710082ee33823d6b302190cb6cc4d8c5de5ce4c808a24f95359cc3a7c45e75a617d3a61f7872537f395d199f77e9a9e05aa3e2dc48763e1b8772683af2e06578e2cec26fbc7405b0be67410c03475330ecd49bacfe53bdcc08e04b7108d1dcfec64b798162e0f4d74584167a7132a2d04d523db28672f086ccd6ac7763b5be78855aa2b8e1b085971c8f2a03be6f494bcd80d3be0bcdc7dcf40edb78d1581ba330a6862d45d32f3f2e761fe88a625b5dbbe4c09fc240e94d7a37c4a255749e4c2e672cf99a7eb079051d233a9e755f54ec9798d33c75aea7679256b3b77883ba71feabecc2a379d8cf6160fe87591efa0aa242bea759d1816a44a9517a881bf3ada5363b56ff51d75dc6e94872d23a03f790a343b6145e860248cdf673a3824ac1969c442ec300391532f418fb1b0ee8a9ffe3202880477c01f4774dc5833aa6afe877884b9014c13dc9194f92ac209316a4816baaac43a0d4ee2373437b200972d88f369684151a12d67a54f2ddf212eae039e973b96fbb00068f8a4c5445cdcdad41b3438d97dedb512ed5c84c0186321477d9ecc22a49cebba1b99050a047f1aec08c54f95b97849ce67cd01d3a8d5572f51de83d98453a639d29ae510ed4d8efec4be8df20e5d95dc632cc95a9ed54ca525b274dd27b35c88c194a744d949d650c9253f8a8934998522613e89e8dc8a3625b8867e00d88ee38a90b882ae3a60de4a7b40084143191eaa11086cec4d0d7aebaea51178954b9077e44faf3e880a46f70fdc0528cedbd9a9d6bdb47c68b6908ce04ed711153348ab8a89887116b57da48e0610a990cd7f767bc98deeaa1da5e967660f91ee1ae08a1f25375a193a992b4fde80783d275b980381c40fe5667a097e8e6194ab6e68e4ea3687409f680ffb26bc738991829960773f634a061a0899a3971991f41339c21c62db4e4550474344df282d8b11fb7b4f0f3818d2c9d5bced002b56477c00dff5ebd0c00c8cf0467fedd04edd950ee1e5c41215c3706a272cee955fdcc85d529e87b1e2f47f773441bace4ff0a6fcc4a8893c00b25712308601bc5ac921511338e2f8bdf344ec0b82ea7a71e73a8d6b31b66d5d6c876adb6f89d4dfe5bf6343025aec2ed3bfdd139299aca1c9677e395f3a44fd0802987abe6ac67ba1f34614215ff85b9b53755db617ec63082b4330211b78281b3be168192b1f274eda63971ffd88c7c8fe805b595d84856e5daf67b743c677d3246ed58c95c7e09cc906c2d33ca670284e2abcf5ae91f3e7dab0f8959a2512df9e9a12832a3334a9d9f776b8abe9cd488d928d52a5e42c6d86a832eddf6c0cb98d6702ed091a357c6d4830b20110d0465bbc3e242f52cd84af21500dd40cff6e0f2b888215e9814e458db2a62a20efef988c9e5f056b8314eeb6b9d65fa014043bfc1501635f6b3aaac196c9b28dbb1b9f5fd77f1bbb34a398891e140b8ace142296cb8e5c6fce17210c275041a3bbec6b4b296861983275c122900d5df9c27a78e58f886fc15ffe512913e1a4148ed458cbbdb948f4fa142716a853ab47d4e6d2792de43518c4f2ebb6d4e9a3cab389fa865ca8226c62406d84749f8be9d6d542e92f006ad519d1fed594b666814e811a1b7db192bd95bb7573dd7f87b80e27b9db0a0bcdc0a62730863a811e0c3bc85d42291993d4c402284f7240469994ebee77faf36136d2474e10c7582439854653b9b6e06d82575cd7064cb27611f536c0643acc85c4fd3cec930c879515ac677e0a5144f59f7a03e8a605f10a75260af831303579975f964eb1d21bb1aee5654b7e41f52990ea7c362511a602cb6085f15b4dd8ab7102b0a4787f09e4cb975a056915b85faa4c632502f2ec6356672b56927817fec074fad213c117be40ed41f2ad264a56beb106fa15d19d1da4c6e5e68952bf75a2be1c653a4e8b4c683a19d3ddfc185ea600fe8057e88a5701373af4d5f5e67d025121a4b087cf8cbabc96b2557bc9ad0c9e804f3734cffb6489501a94dae8780e5e89028a953c77e354629c179122f731c8d26a60a756fa472777a9c65b5438ba229e65bf6f6fc90d61926c49d05877e6a430f7b6c70a1e9b0daab428464ba84d1e216399d98858e73a44617c5ae85e79acd8ece528a6aca7f44a02908d7c782a4853fa5f5eb0dad8bdb49c8583d519a505e53f819eb288be6772cc4e6b4b0f5f0c58c566d813b6d311bb412f7f7c2a78f5b2d2f4855416e43aa6858deb2ba1e0f992f1d7a91d0c5246ffb8f4f27d8381d563b08be920b8d344283e08ae89a9c1f95cc891df842bd9c06545be096d7baa4656a6844f59161a7d5daf9e6c58872dbe220ba7a8292e12eda2861d3d577eaf77134434bee4c84f34357b42ddeb8b0c0af0aa6319d8e38a38e21cd84d22dc7322869fabde41844bca26dbcafcc73abc24b4893f4a4b20add021fd056e7ec19afa8f23da5ffa59a0e2a37c9c4a3b2d90b7a3058c6d2e8c6d1d27c632dad8083d09949441186140670ef31f6b8828a805a0dc5e276646b2e870528c2baa21503c2c70a36d9fa4496fc4ab2b9778e50ceced53f607d9c3ec0e05ba2c822ed8cd66bce35e11184f24ab0ad11f7cfc054028b5e245de7b1a69c34bb8b0d7d2e1cb1ce4e138f6c9b392335c3e30e82a6b15e318241483a79bce9d3890a780fdd81a943e3082d937e24f8b5eb1c19296b4df7e5beacf258e3325ad7583c6c557cb03d490e325fd940b80953e4335fe353b18f2aa4a26064c7c24b59027e3a18d34aa3d1305067b00367daa6f1f6c6e97c3c59a8f88c1ee362aa9bf659e04d7e25a6d3bbaa40b71c9a14c58e7c4f7f2ecec8013bc9e40aaa9ecb4163695f9f866f748cc1107da3a5b689216be37bba01a52e667c70c1e2a7e904594c9aa0bb08e7f5971d70b3d067e608dda5f1918e880e2db73db923013dd69b2aa0130f5fceff0ccb11de509bd12f85ef9b8b9e372cdd626ec87207d389a71365fef6b4e7a655a7eec01a2c76d8427c25e0d4e493e534a0b1370df4197a7a48c4fe8f9c4b4be43111ac958a5b3362f59361004de12cc0c3826ed03965bededb56046a0e0400ec12dd4302dde5479a5185f53fb10b1f0f9acfd6681bbce1aa05ec795f638277cb8bdee555ad61026045069decf2f912b36f6a499db96e6ff2b0f3d10b4dd75dc136e0bf1350d10474c45271c143c71306a872b5dc64cb49bf8b439fa6ee1344a6a9cf82601d3fe8e713be94bb1d8d6e3f10452bcbb6bf3133ef2cbf8da0f09c2f7c509ee67b7fc6b02dc0fbba4740777c93b7e25614b87519f0e5efc5c1f8766417dd603fe6c8f0d3609944e7ecd3f381d818454227176ec9e667b217eecbd4ad61430811c619599dbd844530fd7d7a20e5f1fc860c92eb4371033b09a79f35fa4873884144ce03cf01350fb14913d99ca30ff6dbf5f7e76223d5ff13c870deb9a72f40a4c15afaa1299bf32661cdd454feae2b7750b5a6fe268631704d2e292bc1691df9f788482acd4ba06c5de6293919cd5126ade7dacf5a289f9854f2c6a45cb34d41cb5cdc84eb76eeed147732abb91c9f5c05b9b446df9bbaae3d9943d333e180f82c3e0c01c8ef27d2f6c176f625c46424c07207bb327cc102e53650b8e2f1758c3376c2a91e962ea6449a7cd88915591af55ed2715c141adc07c5762e504f62231d215299ef7f523f34f0b73e7543a7543a8157bc24c3f2a4776333780e9938c2f5dccdf7fb424b3dc1e0710313edc3c9f46df25de6fa1ee5ec06556fc7f372b0666488f42126f4cc982fad63b1862cab427294aee9b1581f010802d667c4de4777c7177d51bf618d4ae55e31187fa158784b020e071892b81e18138c43beb847ee39082324175b16043262d9ed0867020361f280efcbdb4ca7a9ca6a5ac652db71d14ad062cb28ed7971c39a26cb9386b77a2ba7daffe0ecf1155355890c1f7d415d4405ccd4db6bb95ca8ee931a59acb51de811ee323e8b557e9cf2d50b2a1185d2e24cc1c059b40c07f9c0132c9f2eea937983acef917c7da25ba3b93838b9fbf9d3a6c3dde55ea31acc2ea1162bc6ee66e0dded8f2630428997610df7a3b48423786b6ac98f1021e5a253bd3a64ff723700bd24aadffc2e6e1fed63a2c43f49cb2e201ee2b466365372f917aa598778db8e79da10fcc6c50e93b54111b613644355f5383ea934e30499dafead17055ee6910dd513c740592f92cf8420816771d1d8bf824c4980258838f98e4044b4ead98c89265f10f2b54a2cbb4d6549bbc0172103c5ff7d145071467d6a419248d369436eb651dee15e483b6ac9776054e1a21b4533de2652aad57a51f3b4736022f85b7a8bfe451899e2886a47b10451250d48b56d9eae9c718eb7b6b03621c80960924c656158beb6d2ac4673606e5a7bb72864fa8bdca5e3b04e04b058944e63a030a3427e7c22f7e6fe0010220e5804ea68a9bd05521d01c98fbd35622c74368beebae83bdc745672ae854522b6986644d01f4353511486ab369902bccdc99e2c3c8a4439becc2bbc71d34879dd76b8cb757df93c4031b78c4d0908e865f0a4bbff8ac93ad320a8267c987427600cd22cee8c5010419930ca32a6ad57fa75d5643fcfb9a13225868ae800fcf100ab2973cdbda01b2ba92252adde417a009c2e64b61ab51e0e8e1c6357ae4248891a1fead6a52e17df29d6bc8953da6acfe89fe3b0126dc686346ace51ce00abfc61993b1b7f81e714595b0cbc6562beb307b3278e387138eb46364be9027d1311a3a94440f5079e4ed2307a6cd31216f715c4a76f0354db68ddcb4705c710cfc5e5aba7b60d781dea357fa0c5911a69ceb365fd0c46ebfb90b79baecc54c86f83b24718d8a07b31efd87c4042b1a1d451a13befc87d0ed4cfcec6d25effd13b76b9b361c30058398861e6f7db22e96440bbdd999962fd1f7c92bb4efd4af0acacea141d276a44485b05064", 0x1000}, {&(0x7f0000000080)="2d926e233e2ea0327200c700740a796497187344103945ea26e07788909840fbb46887986b7ed97ce9cd1f0b7b617eefff78d74ef8469fe496e42e182b64e464b594de7f0a0f8abb8f5683859697c1d745bd241ba78a3326eb756bbcca3b7e01e5560e73b25b431dea2e9d99377c809cabc6a831ee42b5427fe4d3bc77cb953441f5be50cfcb2f746e68fad1a6bd5264a726be8c7effca2d18b2e13a33", 0x9d}, {&(0x7f0000000240)="b843ff8ddf722320bcd368417f81b1d421ebaf3b0aea269e58a88123643557c8afa278d12e9553e01d3e096ab2896b622103edd685444b308eb8ab38f04e70f587589da69f415058ec45c8058d4f7fb44e7bc45a6363356684f3c8e5c3b0c22bd1d20d37602d80f9610cca187b4dfcf5c99719d2714023d667844931b4de9ba53174b15507d8dd888612a33250adccc8988bd41350c25d", 0x97}, {&(0x7f0000001380)="e997d04bf10d755f82220ef0f23292c8eeb080f4eb27dbb562014ef2d48cbfa9e98f28c0029656ed1a7b5ea485ce390dcdd36b4b4a4e11f008a5af8d3545cfa5c0c3c41560983db5898e7d4fee062268c69af1f2afb9bcd296bdfd391e11f26105659a3bfbf911a6afbdc78025a7967bf98d20503a9a577f5d923f976b42910268180d46d8dcbf5267e1b4ed72392c0d0ce5e1f45d29f9c9dd0d163de6cdc50a6111117fba8cd19260374c767a99e61b945fa94dbf7df1e6b25821ff19d237909dc211e66125513ab2232a28d2f4208f6c82d188fd48230df77fc4ea3434185f938f1ca7681a3be3aad7cef9", 0xec}], 0x5, &(0x7f0000001480)=[@rthdr_2292={{0x78, 0x29, 0x39, {0x6c, 0xc, 0x2, 0x7, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, @empty, @local, @private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x3}}, @hopopts_2292={{0x28, 0x29, 0x36, {0x8, 0x1, '\x00', [@pad1, @pad1, @ra={0x5, 0x2, 0xa}]}}}, @hopopts={{0x88, 0x29, 0x36, {0x2b, 0xd, '\x00', [@pad1, @pad1, @ra={0x5, 0x2, 0x2}, @ra={0x5, 0x2, 0x5}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0xf0, 0x51, "80f1fed657654e9b52a0cc88f4ad6875e79bfd5b1240b635c15747faa6101c0138c3c89e5120f066f20fed83b456702f9ba0958ee384a3678456246930f21d00ca83b076289e1eb81aadd846b25535bfdc"}]}}}, @hopopts_2292={{0x30, 0x29, 0x36, {0x1, 0x2, '\x00', [@hao={0xc9, 0x10, @empty}]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x5}}, @hoplimit={{0x14, 0x29, 0x34, 0x1}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x2}}, @tclass={{0x14, 0x29, 0x43, 0x81}}, @hoplimit={{0x14, 0x29, 0x34, 0x67dc0b3d}}], 0x1e8}}, {{&(0x7f0000000300)={0xa, 0x4e24, 0x8, @private1={0xfc, 0x1, '\x00', 0x1}, 0x800}, 0x1c, &(0x7f00000019c0)=[{&(0x7f0000001680)="9d6006c7986407fa43af29c390caa6e911be622fb62aded1fead11e34d76212cefdb4f49d0cdcfe57b61f1767ff643825c94a155185bb0d21c4be152c58dcad6b85d3d3447570e611f3803912c15be52e4e60a3774de8b8aacda3582f64a0cfd868187164f7abf93371272c74fc74cd90100e6eafe321ab19ca193a014b45652040f5cfff1682dd1b120fbccc8e01ee9d5a30e13ec6211f80ca29c23c884fb30f360b6f52620392cf602a6126f525ae39abc766030e571b47518e7f657a5b63a257643ca5df608634de55f5dbe3a", 0xce}, {&(0x7f0000001780)="7618f3d33cf71e83b3293686b1d70eb8df631c9f7ad579e22aab818af338a98794c615524b76c9a9f563fce5905cd433dbc6d315db1c7d6006a696b310ba5e2d46adc6458a4bb95264af4295c75a43ac23a4c355", 0x54}, {&(0x7f0000001800)="f529d6e3d76e058eaec1644c91f3dac6643f4c26aa9756d711783b096f533f5ba9ea44f263e7f23b8e0e011ae3a4f41e499271e1f24d22ef6594e9e69a8182d4385ac127b05a54249b0d26821327bec1572c9707ff070a652d5a237803b77cf452cb90b9e7a23bffb19eb18199a1325ffc65c48a787791b546404f5513a3fc9a6c302ca543dc73ac6c18a2ba5637353dae", 0x13f}, {&(0x7f00000018c0)="975aa3dad59993cdc57e80c45541a0dca4bf1a9dd622d2550b132ccaba94e0066dda3b46091d146a14c3a3ea2e7136dd8cf6e173ae4d6e46a042e259cf0694db73a7f3022d380beeb470039076823b16511a5038dc023fab36c86b3b5c971d4a28ffd71026e77f923e067bbf4b1da8cf183b672d60f0e75f466708db4f047a9d0e7510b85f66eab5f97d90b9ec7a5817781db9201e2a0144938d7cf98cc5046e922db68f9b94d69a7feb9e37ce735501ab983734adc7c49f1079528182493d0e9dd2874300ea56f650e20c392349a216fd438a66f9ceaf3bd4b4", 0xda}], 0x4}}], 0x3, 0x4004000)

3.051848167s ago: executing program 0 (id=1681):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) (async, rerun: 64)
r1 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) (async)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf) (async, rerun: 64)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) (async)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async, rerun: 64)
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) (async)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x4)

2.85887098s ago: executing program 5 (id=1682):
write$dsp(0xffffffffffffffff, &(0x7f0000000880), 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x2d)
r1 = syz_open_procfs(0x0, 0x0)
preadv(r1, &(0x7f0000000140)=[{0x0}], 0x1, 0xfffffffc, 0x104)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000100)='bfs\x00', 0x4, 0x0)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
mount(&(0x7f0000000180)=@filename='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)='pvfs2\x00', 0x11, 0x0)
umount2(&(0x7f00000000c0)='./file0\x00', 0x4)
socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x35, &(0x7f0000000340)=0x4, 0x4)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
userfaultfd(0x801)
syz_open_dev$loop(&(0x7f0000000080), 0x7ff, 0x683)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
accept4(r3, 0x0, 0x0, 0x0)

2.467922468s ago: executing program 6 (id=1683):
write$dsp(0xffffffffffffffff, &(0x7f0000000880), 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x2d)
r1 = syz_open_procfs(0x0, 0x0)
preadv(r1, &(0x7f0000000140)=[{0x0}], 0x1, 0xfffffffc, 0x104)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000100)='bfs\x00', 0x4, 0x0)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
mount(&(0x7f0000000180)=@filename='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)='pvfs2\x00', 0x11, 0x0)
umount2(&(0x7f00000000c0)='./file0\x00', 0x4)
socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x35, &(0x7f0000000340)=0x4, 0x4)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
userfaultfd(0x801)
syz_open_dev$loop(&(0x7f0000000080), 0x7ff, 0x683)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, 0x0, 0x0)
accept4(r3, 0x0, 0x0, 0x0)

2.467095254s ago: executing program 7 (id=1684):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
add_key$keyring(0x0, &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1ff, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r5, &(0x7f0000001d00)={&(0x7f00000017c0)={0x2, 0x0, @private=0x8a010101}, 0x10, 0x0, 0x0, &(0x7f0000000240)}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$EVIOCGKEY(r0, 0x80404518, 0x0)
ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000040)=0x1)
r6 = socket$nl_crypto(0x10, 0x3, 0x15)
connect$netlink(r6, &(0x7f0000000100), 0xc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x9, 0x4, 0x4, 0x2, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1}, 0x48)

2.466680369s ago: executing program 0 (id=1685):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x13, r0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'wpan0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
syz_genetlink_get_family_id$nfc(&(0x7f0000000780), 0xffffffffffffffff)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80006)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x44, 0x8, 0x0, 0x0}}, 0x10)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r3, &(0x7f0000000400), &(0x7f0000000440)=""/236}, 0x20)

1.431117695s ago: executing program 5 (id=1686):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x5, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x8, 0xfa, &(0x7f0000000140)=""/250}, 0x94)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x18, 0xb, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.243885333s ago: executing program 9 (id=1687):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="48bc12de64656661756c7420757365723a73797a2030303030303030303030303e303030303030393600b0a171d9cb96fa78925e2dbcdf0b4fc33acb4c64c82abafcc6e985aa61d5b88f1dd5b791c1113dfc42c0c8031234008098b77c6d6289c5fe69de60332a6e0d0f859c73da60c1fb1cd140d796e206b04320888bd66a68abb57d51793b456eabc3cc366fb0f0f8137d719d47a4b6656c352fb32629c6afcb824c27a8c532b8b6ce25cd4859868125af91b0bc10fa10ee63c47ffb48c6970d59dd872a01f35e82d9b1566be0a00de035d41a024ef442f5f3bb8277d622fefece96b58abfb5c4719f58e4733a601e612cdb3f874bc9755c352fe24afa2647e084e864ee98ef3de583a531e8cdbbb7d87ed63a84865c51e65a8006c1e0033bddcc98c6c6381baf272990"], 0x2a, 0x0)
keyctl$instantiate(0xc, 0x0, 0x0, 0x20, 0xfffffffffffffffd)
add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f8, 0x140, 0x5c, 0x160, 0x140, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'wg1\x00', {}, {0x222cecdb0fb5a62a}, 0x3a}, 0x5002, 0xd0, 0x118, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @private2, [], [0xff], 'veth1_to_hsr\x00', 'dummy0\x00', {}, {}, 0x88}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x358)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x80080, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
getpgrp(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r3 = syz_open_dev$sg(&(0x7f0000000200), 0x100, 0x401)
ioctl$BLKTRACESETUP(r3, 0xc0481273, 0x0)
ioctl$BLKTRACESTART(r3, 0x1274, 0x0)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)
r4 = fsopen(&(0x7f00000000c0)='cramfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0500000004000000df7f", @ANYRESHEX=r4, @ANYRES16=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/24], 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000380)={'syztnl2\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x29, 0x46, 0x0, 0x9, 0x0, @mcast1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x7e8, 0x80, 0x6, 0x8}})
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000325bd7000fbdbdf25050000000c000980080002000300000028000280080001"], 0x46}}, 0x4004)
mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)

254.345135ms ago: executing program 5 (id=1688):
r0 = socket$inet6(0xa, 0x2, 0x3a)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x7, 0x0, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000580), 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmmsg$inet6(r0, 0x0, 0x0, 0x40080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
process_vm_readv(0x0, &(0x7f0000000140), 0x100000000000028b, 0x0, 0x12, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
socket$phonet_pipe(0x23, 0x5, 0x2)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x112080c, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
r3 = gettid()
tkill(r3, 0x12)
io_setup(0x6, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40041}, 0x40010)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x84, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e26, 0x3, @private2, 0x4e}}, 0x3, 0x80}, 0x0)
r5 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r5, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10)
sendto$l2tp(r5, &(0x7f0000000040)="e5786a0d00000000", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_int(r5, 0x0, 0x8, &(0x7f0000000080)=0x3, 0x4)
quotactl$Q_QUOTAON(0xffffffff80000200, 0x0, 0x0, 0x0)

250.820606ms ago: executing program 6 (id=1689):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
ioctl$TUNSETGROUP(r1, 0x400454ce, 0x0)
r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x101000)
ioctl$VIDIOC_G_STD(r3, 0x80085617, 0x0)
ioctl$VIDIOC_ENUMSTD(r3, 0xc0485619, &(0x7f0000000040)={0xffff0000, 0x1, "f5a885928be266916f7822031125b893c0fbae33aff22599", {0x0, 0x2d6602dd}, 0x7fffffff})
sendto$inet6(r0, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x8, @empty}, 0x1c)
syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000034709d405f00f2f7cbd4fb708acc000000003fd48c1e000000001d0000006e196c1e4ae9946fdf246a5904c7b44584397638d065d52156db6d600f149711c989f1f9ad22cec5dc9d5fea6712459bb296e6b46e24efd40b9db1f9253a907db1708765d5a834a651ef77c2de824414f11afb06e40860f93c441ba74355099321b01fa03bda9b7888eb6e58e329082f54808cdc60d1f65643694a84c6c4b3b232f9f17b4c301b0c15bc4da7d4a8c27b6af945c07028fbff8e7186e502cf7b26ad9906766d31f8"], 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x55)
writev(r0, &(0x7f0000000880)=[{&(0x7f00000002c0)="c8", 0x1}], 0x1)

146.273214ms ago: executing program 7 (id=1690):
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='coredump_filter\x00')
prlimit64(0x0, 0x11, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0])
r1 = syz_io_uring_setup(0x2e3b, &(0x7f0000000240)={0x0, 0x69e1, 0x0, 0x0, 0x295, 0x0, r0}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000001040)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/9, 0x9}], 0x1})
io_uring_enter(r1, 0x567, 0xa1ff, 0x0, 0x0, 0x0)

0s ago: executing program 0 (id=1691):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4) (async)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x10, 0x0, @vifc_lcl_addr=@multicast2, @remote}, 0x10) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1, 0x0, 0x8}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000801}, 0x0) (async)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c)
setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x6, 0x4)
syz_emit_ethernet(0xb1, &(0x7f0000000080)={@broadcast, @remote, @void, {@generic={0x888e, "46e3c8484d438025ea404ed68a0ce13a53eeee4bc1f65055b3a3043858d4022c4904f7bad8df2be6ea3b04306476ff5e29577a6f4156b99e07ffa44779c78f8760bfa7ee030e455c658f33af6039c0af75b893bc0cfe5bfc27f47432d88683c4c153d0775c7cb5325a3d5a367b98c9486975f453b99d8914804f32ec1f5f47a3ed6dafb4362913832baacf519118267cf986baae38efb983cf36dc74d2d3c8366ecedb"}}}, &(0x7f0000000140)={0x1, 0x1, [0x9ac, 0x62b, 0x578, 0x8dd]})

kernel console output (not intermixed with test programs):

0] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.172781][ T9675] veth1_vlan: entered promiscuous mode
[  750.193184][ T9681] batman_adv: batadv0: Interface activated: batadv_slave_0
[  750.256316][ T9681] batman_adv: batadv0: Interface activated: batadv_slave_1
[  750.301192][ T5980] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.339992][ T9677] veth0_vlan: entered promiscuous mode
[  750.347157][ T9681] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  750.363326][ T9681] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  750.386654][ T9681] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  750.413711][ T9681] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  750.451288][ T9675] veth0_macvtap: entered promiscuous mode
[  750.471236][ T9675] veth1_macvtap: entered promiscuous mode
[  750.532121][ T9679] veth0_vlan: entered promiscuous mode
[  750.546522][ T9677] veth1_vlan: entered promiscuous mode
[  750.642148][ T9679] veth1_vlan: entered promiscuous mode
[  750.729489][ T9675] batman_adv: batadv0: Interface activated: batadv_slave_0
[  750.740774][ T5980] bridge_slave_1: left allmulticast mode
[  750.747952][ T5980] bridge_slave_1: left promiscuous mode
[  750.757894][ T5980] bridge0: port 2(bridge_slave_1) entered disabled state
[  750.770259][ T5980] bridge0: port 1(bridge_slave_0) entered disabled state
[  750.789807][ T5980] bridge_slave_1: left allmulticast mode
[  750.796233][ T5980] bridge_slave_1: left promiscuous mode
[  750.802643][ T5980] bridge0: port 2(bridge_slave_1) entered disabled state
[  750.813343][ T5980] bridge0: port 1(bridge_slave_0) entered disabled state
[  750.828074][ T5980] bridge_slave_1: left allmulticast mode
[  750.833933][ T5980] bridge_slave_1: left promiscuous mode
[  750.839663][ T5980] bridge0: port 2(bridge_slave_1) entered disabled state
[  750.850071][ T5980] bridge_slave_0: left allmulticast mode
[  750.858268][ T5980] bridge_slave_0: left promiscuous mode
[  750.864935][ T5980] bridge0: port 1(bridge_slave_0) entered disabled state
[  750.877709][ T5980] bridge_slave_1: left allmulticast mode
[  750.883424][ T5980] bridge_slave_1: left promiscuous mode
[  750.889233][ T5980] bridge0: port 2(bridge_slave_1) entered disabled state
[  750.898178][ T5980] bridge0: port 1(bridge_slave_0) entered disabled state
[  751.290429][ T5980] team0: Port device geneve0 removed
[  751.336458][ T5980] team0: Port device bridge1 removed
[  751.500911][ T5980] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  751.515166][ T5980] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  751.531832][ T5980] bond0 (unregistering): (slave team0): Releasing backup interface
[  751.540775][ T5980] bond0 (unregistering): Released all slaves
[  751.741815][ T5980] bridge0 (unregistering): left promiscuous mode
[  751.883146][ T5980] bond0 (unregistering): left promiscuous mode
[  751.889848][ T5980] bond_slave_0: left promiscuous mode
[  751.895683][ T5980] bond_slave_1: left promiscuous mode
[  751.919683][ T5980] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  751.929786][ T5980] bond_slave_0: left allmulticast mode
[  751.941908][ T5980] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  751.951130][ T5980] bond_slave_1: left allmulticast mode
[  751.959592][ T5980] bond0 (unregistering): Released all slaves
[  752.069828][ T5980] bond1 (unregistering): Released all slaves
[  752.397550][ T5980] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  752.409663][ T5980] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  752.420931][ T5980] bond0 (unregistering): (slave team0): Releasing backup interface
[  752.432751][ T5980] bond0 (unregistering): Released all slaves
[  752.480894][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  752.493691][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  752.818344][ T5980] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  752.831409][ T5980] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  752.843185][ T5980] bond0 (unregistering): (slave team0): Releasing backup interface
[  752.852988][ T5980] bond0 (unregistering): Released all slaves
[  752.896724][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  752.904668][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  752.926972][ T9675] batman_adv: batadv0: Interface activated: batadv_slave_1
[  752.996750][ T9675] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  753.011343][ T9675] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  753.027405][ T9675] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  753.036989][ T9675] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  753.074880][ T9677] veth0_macvtap: entered promiscuous mode
[  753.100176][ T9708] veth0_vlan: entered promiscuous mode
[  753.121033][ T9679] veth0_macvtap: entered promiscuous mode
[  753.129026][ T9677] veth1_macvtap: entered promiscuous mode
[  753.159268][ T9679] veth1_macvtap: entered promiscuous mode
[  753.182448][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  753.205837][ T9677] batman_adv: batadv0: Interface activated: batadv_slave_0
[  753.214391][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  753.230233][ T9708] veth1_vlan: entered promiscuous mode
[  753.252397][ T9677] batman_adv: batadv0: Interface activated: batadv_slave_1
[  753.321613][ T9677] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  753.338284][ T9677] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  753.347237][ T9677] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  753.357319][ T9677] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  753.394625][ T5981] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  753.402522][ T5981] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  753.443200][ T9679] batman_adv: batadv0: Interface activated: batadv_slave_0
[  753.483077][ T9679] batman_adv: batadv0: Interface activated: batadv_slave_1
[  753.531403][ T9679] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  753.540625][ T9679] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  753.552561][ T9679] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  753.562196][ T9679] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  753.588128][ T5981] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  753.687235][ T5981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  754.179616][ T9805] netlink: 60 bytes leftover after parsing attributes in process `syz.8.1019'.
[  754.576013][ T9708] veth0_macvtap: entered promiscuous mode
[  754.597916][ T9708] veth1_macvtap: entered promiscuous mode
[  754.612680][ T9802] netlink: 60 bytes leftover after parsing attributes in process `syz.8.1019'.
[  754.749030][ T9708] batman_adv: batadv0: Interface activated: batadv_slave_0
[  754.872548][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  754.876085][ T9708] batman_adv: batadv0: Interface activated: batadv_slave_1
[  754.883242][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  755.452358][ T9815] netlink: 'syz.5.1015': attribute type 4 has an invalid length.
[  756.341059][ T5980] tipc: Disabling bearer <udp:syz2>
[  756.358023][ T5980] tipc: Left network mode
[  756.365744][ T9708] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  756.383200][ T9708] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  756.401504][ T9708] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  756.410510][ T9708] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  756.685188][ T5981] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  756.697162][ T5980] tipc: Disabling bearer <udp:syz2>
[  756.697376][ T5980] tipc: Left network mode
[  756.698897][ T5981] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  756.765662][ T5980] tipc: Disabling bearer <udp:syz2>
[  756.778603][ T5980] tipc: Left network mode
[  757.570306][   T55] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  757.826832][   T55] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  758.542911][ T9833] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1026'.
[  758.609162][ T9833] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1026'.
[  758.793919][ T9710] Bluetooth: hci3: command 0x0405 tx timeout
[  758.801878][ T9836] netlink: 'syz.5.1027': attribute type 10 has an invalid length.
[  759.017984][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  759.301579][   T55] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  759.323821][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  759.333985][   T55] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  759.431181][ T9836] 8021q: adding VLAN 0 to HW filter on device team0
[  759.449936][ T9836] bond0: (slave team0): Enslaving as an active interface with an up link
[  760.433538][ T9841] netlink: zone id is out of range
[  760.441946][ T9841] netlink: zone id is out of range
[  760.535206][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  760.573743][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  760.672281][ T9841] netlink: set zone limit has 4 unknown bytes
[  760.949703][ T9847] netlink: del zone limit has 4 unknown bytes
[  761.230287][ T9851] binder: Unknown parameter 'func'
[  765.020205][ T5951] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  766.403724][ T5951] usb 6-1: Using ep0 maxpacket: 16
[  766.872397][ T9881] netlink: 80 bytes leftover after parsing attributes in process `syz.7.1035'.
[  767.668265][ T5951] usb 6-1: unable to get BOS descriptor or descriptor too short
[  767.681446][ T5951] usb 6-1: unable to read config index 0 descriptor/start: -71
[  767.701674][ T5951] usb 6-1: can't read configurations, error -71
[  768.883730][ T9890] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  769.021390][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  769.021411][   T30] audit: type=1326 audit(1755842714.805:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9884 comm="syz.8.1036" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0234b8ebe9 code=0x0
[  769.787310][ T9900] tipc: Started in network mode
[  769.792441][ T9900] tipc: Node identity ac1414aa, cluster identity 4711
[  769.801911][ T9900] tipc: New replicast peer: 100.1.1.1
[  769.809549][ T9900] tipc: Enabled bearer <udp:syz2>, priority 10
[  770.597447][ T9906] netlink: zone id is out of range
[  770.777612][ T9904] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1041'.
[  770.903444][ T9908] netlink: del zone limit has 4 unknown bytes
[  770.926175][ T5909] tipc: Node number set to 2886997162
[  770.978564][ T9906] netlink: zone id is out of range
[  771.195229][ T9906] netlink: set zone limit has 4 unknown bytes
[  771.881597][ T9904] @: renamed from gre0 (while UP)
[  772.992627][ T9926] netlink: 'syz.9.1045': attribute type 10 has an invalid length.
[  773.058616][ T9927] loop7: detected capacity change from 0 to 16384
[  774.866953][ T9926] 8021q: adding VLAN 0 to HW filter on device team0
[  774.958627][ T9926] bond0: (slave team0): Enslaving as an active interface with an up link
[  775.040189][ T9933] tipc: Started in network mode
[  775.045306][ T9933] tipc: Node identity ac1414aa, cluster identity 4711
[  775.052477][ T9933] tipc: New replicast peer: 100.1.1.1
[  775.058268][ T9933] tipc: Enabled bearer <udp:syz2>, priority 10
[  775.839275][ T5980] hsr_slave_0: left promiscuous mode
[  775.871508][ T5980] hsr_slave_1: left promiscuous mode
[  775.893499][ T5980] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  775.933878][ T5980] batman_adv: batadv0: Removing interface: batadv_slave_0
[  775.977961][ T5980] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  775.997705][ T5980] batman_adv: batadv0: Removing interface: batadv_slave_1
[  776.174190][ T9751] tipc: Node number set to 2886997162
[  776.258692][ T5980] hsr_slave_0: left promiscuous mode
[  776.355133][ T9958] netlink: 80 bytes leftover after parsing attributes in process `syz.6.1052'.
[  777.099274][ T5980] hsr_slave_1: left promiscuous mode
[  777.168536][ T9960] netlink: 'syz.8.1054': attribute type 1 has an invalid length.
[  777.176553][ T9960] netlink: 224 bytes leftover after parsing attributes in process `syz.8.1054'.
[  777.342671][ T5980] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  777.476392][ T5980] batman_adv: batadv0: Removing interface: batadv_slave_0
[  777.571804][ T5980] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  777.620242][ T5980] batman_adv: batadv0: Removing interface: batadv_slave_1
[  777.775552][ T5980] hsr_slave_0: left promiscuous mode
[  777.804646][ T5980] hsr_slave_1: left promiscuous mode
[  777.814778][ T5980] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  777.829827][ T5980] batman_adv: batadv0: Removing interface: batadv_slave_0
[  777.865068][ T5980] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  777.877195][ T5980] batman_adv: batadv0: Removing interface: batadv_slave_1
[  777.902811][ T5980] hsr_slave_0: left promiscuous mode
[  777.912548][ T5980] hsr_slave_1: left promiscuous mode
[  777.921616][ T5980] batman_adv: batadv0: Removing interface: batadv_slave_0
[  777.935145][ T9967] netlink: zone id is out of range
[  777.947884][ T5980] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  777.957034][ T5980] batman_adv: batadv0: Removing interface: batadv_slave_1
[  777.972979][ T9967] netlink: zone id is out of range
[  778.421392][ T9967] netlink: set zone limit has 4 unknown bytes
[  778.435988][ T9968] netlink: del zone limit has 4 unknown bytes
[  778.867832][ T5980] veth1_macvtap: left promiscuous mode
[  778.873466][ T5980] veth0_macvtap: left promiscuous mode
[  778.879251][ T5980] veth1_vlan: left promiscuous mode
[  778.884759][ T5980] veth0_vlan: left promiscuous mode
[  778.899613][ T5980] veth1_macvtap: left promiscuous mode
[  778.908283][ T5980] veth0_macvtap: left promiscuous mode
[  778.920094][ T5980] veth1_vlan: left promiscuous mode
[  778.939638][ T5980] veth0_vlan: left promiscuous mode
[  779.028566][ T5980] veth1_macvtap: left promiscuous mode
[  779.054034][ T5980] veth0_macvtap: left promiscuous mode
[  779.073159][ T5980] veth1_vlan: left promiscuous mode
[  779.098206][ T5980] veth0_vlan: left promiscuous mode
[  779.154033][ T5980] veth1_macvtap: left promiscuous mode
[  779.168483][ T5980] veth0_macvtap: left promiscuous mode
[  779.174639][ T5980] veth1_vlan: left promiscuous mode
[  779.180712][ T5980] veth0_vlan: left promiscuous mode
[  780.832715][ T9984] netlink: 'syz.6.1058': attribute type 4 has an invalid length.
[  781.758699][ T9990] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1059'.
[  784.075813][ T5980] team0 (unregistering): Port device team_slave_1 removed
[  784.152061][ T5980] team0 (unregistering): Port device team_slave_0 removed
[  785.120578][ T5980] team0 (unregistering): Port device team_slave_1 removed
[  785.177238][ T5980] team0 (unregistering): Port device team_slave_0 removed
[  786.050463][ T5980] team0 (unregistering): Port device team_slave_1 removed
[  786.095347][ T5980] team0 (unregistering): Port device team_slave_0 removed
[  786.942080][ T5980] team0 (unregistering): Port device team_slave_1 removed
[  786.998181][ T5980] team0 (unregistering): Port device team_slave_0 removed
[  788.281927][T10012] netlink: 'syz.5.1065': attribute type 4 has an invalid length.
[  789.795396][T10022] netlink: 'syz.5.1066': attribute type 10 has an invalid length.
[  789.910688][T10022] loop7: detected capacity change from 0 to 16384
[  791.114343][T10030] hub 8-0:1.0: USB hub found
[  791.142331][T10030] hub 8-0:1.0: 1 port detected
[  792.143758][T10038] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1071'.
[  792.944235][   T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  793.067925][T10044] cgroup2: Unknown parameter 'fav�{�Qrdynmo�e��'
[  793.097390][T10042] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  793.283945][   T24] usb 7-1: Using ep0 maxpacket: 32
[  793.301428][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  793.320339][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  794.085160][   T24] usb 7-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  794.168485][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  794.195365][   T24] usb 7-1: config 0 descriptor??
[  795.042786][   T24] usbhid 7-1:0.0: can't add hid device: -32
[  795.054719][   T24] usbhid 7-1:0.0: probe with driver usbhid failed with error -32
[  795.071017][   T24] usb 7-1: USB disconnect, device number 2
[  795.113236][T10066] netlink: 60 bytes leftover after parsing attributes in process `syz.8.1079'.
[  795.132498][T10066] netlink: 60 bytes leftover after parsing attributes in process `syz.8.1079'.
[  795.366084][T10070] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1082'.
[  795.377017][T10070] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1082'.
[  795.656664][ T5980] IPVS: stop unused estimator thread 0...
[  796.877587][T10080] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1085'.
[  799.765149][T10098] FAULT_INJECTION: forcing a failure.
[  799.765149][T10098] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  799.827236][T10098] CPU: 0 UID: 0 PID: 10098 Comm: syz.5.1090 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  799.827260][T10098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  799.827271][T10098] Call Trace:
[  799.827278][T10098]  <TASK>
[  799.827286][T10098]  dump_stack_lvl+0x189/0x250
[  799.827316][T10098]  ? __pfx____ratelimit+0x10/0x10
[  799.827333][T10098]  ? __pfx_dump_stack_lvl+0x10/0x10
[  799.827350][T10098]  ? __pfx__printk+0x10/0x10
[  799.827372][T10098]  ? fs_reclaim_acquire+0x7d/0x100
[  799.827398][T10098]  should_fail_ex+0x414/0x560
[  799.827419][T10098]  prepare_alloc_pages+0x213/0x610
[  799.827444][T10098]  __alloc_frozen_pages_noprof+0x123/0x370
[  799.827467][T10098]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  799.827495][T10098]  ? policy_nodemask+0x27c/0x720
[  799.827515][T10098]  alloc_pages_mpol+0x232/0x4a0
[  799.827535][T10098]  vma_alloc_folio_noprof+0xe4/0x200
[  799.827556][T10098]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  799.827582][T10098]  folio_prealloc+0x30/0x180
[  799.827600][T10098]  do_wp_page+0x1231/0x5800
[  799.827640][T10098]  ? __pfx_do_wp_page+0x10/0x10
[  799.827662][T10098]  ? do_raw_spin_lock+0x121/0x290
[  799.827685][T10098]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  799.827713][T10098]  __handle_mm_fault+0x1144/0x5620
[  799.827753][T10098]  ? __pfx___handle_mm_fault+0x10/0x10
[  799.827793][T10098]  ? find_vma+0xe7/0x160
[  799.827807][T10098]  ? __pfx_find_vma+0x10/0x10
[  799.827824][T10098]  handle_mm_fault+0x2d5/0x7f0
[  799.827856][T10098]  do_user_addr_fault+0x764/0x1390
[  799.827892][T10098]  exc_page_fault+0x76/0xf0
[  799.827911][T10098]  asm_exc_page_fault+0x26/0x30
[  799.827925][T10098] RIP: 0010:__put_user_nocheck_4+0x3/0x10
[  799.827944][T10098] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 01 cb <89> 01 31 c9 0f 01 ca e9 51 3b 03 00 90 90 90 90 90 90 90 90 90 90
[  799.827958][T10098] RSP: 0018:ffffc9000b3978b8 EFLAGS: 00050246
[  799.827972][T10098] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00002000000066f0
[  799.827983][T10098] RDX: ffff888030a25a00 RSI: 0000000000000000 RDI: 00000000ffffffff
[  799.827993][T10098] RBP: ffffc9000b397a30 R08: ffffffff8fa0b3f7 R09: 1ffffffff1f4167e
[  799.828005][T10098] R10: dffffc0000000000 R11: fffffbfff1f4167f R12: 0000000000000000
[  799.828015][T10098] R13: dffffc0000000000 R14: 0000000000000000 R15: 00002000000066c0
[  799.828040][T10098]  ____sys_recvmsg+0x2ab/0x460
[  799.828064][T10098]  ? __pfx_____sys_recvmsg+0x10/0x10
[  799.828091][T10098]  ? import_iovec+0x74/0xa0
[  799.828116][T10098]  ___sys_recvmsg+0x1b5/0x510
[  799.828135][T10098]  ? __pfx____sys_recvmsg+0x10/0x10
[  799.828169][T10098]  ? __fget_files+0x3a0/0x420
[  799.828196][T10098]  do_recvmmsg+0x307/0x770
[  799.828217][T10098]  ? __pfx_do_recvmmsg+0x10/0x10
[  799.828249][T10098]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  799.828302][T10098]  __x64_sys_recvmmsg+0x190/0x240
[  799.828329][T10098]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  799.828346][T10098]  ? rcu_is_watching+0x15/0xb0
[  799.828367][T10098]  ? do_syscall_64+0xbe/0x3b0
[  799.828387][T10098]  do_syscall_64+0xfa/0x3b0
[  799.828403][T10098]  ? lockdep_hardirqs_on+0x9c/0x150
[  799.828418][T10098]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  799.828434][T10098]  ? clear_bhb_loop+0x60/0xb0
[  799.828452][T10098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  799.828466][T10098] RIP: 0033:0x7fefe618ebe9
[  799.828480][T10098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  799.828493][T10098] RSP: 002b:00007fefe6fb3038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  799.828508][T10098] RAX: ffffffffffffffda RBX: 00007fefe63b5fa0 RCX: 00007fefe618ebe9
[  799.828524][T10098] RDX: 0000000000000a0d RSI: 00002000000066c0 RDI: 0000000000000003
[  799.828538][T10098] RBP: 00007fefe6fb3090 R08: 0000000000000000 R09: 0000000000000000
[  799.828551][T10098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  799.828565][T10098] R13: 00007fefe63b6038 R14: 00007fefe63b5fa0 R15: 00007ffe4b3a88c8
[  799.828593][T10098]  </TASK>
[  800.230454][    C0] vkms_vblank_simulate: vblank timer overrun
[  800.308350][T10090] netlink: 'syz.6.1086': attribute type 2 has an invalid length.
[  800.316522][T10090] netlink: 'syz.6.1086': attribute type 8 has an invalid length.
[  800.402738][T10090] netlink: 132 bytes leftover after parsing attributes in process `syz.6.1086'.
[  800.739324][T10116] FAULT_INJECTION: forcing a failure.
[  800.739324][T10116] name failslab, interval 1, probability 0, space 0, times 0
[  800.763727][ T5909] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  800.777265][T10116] CPU: 0 UID: 0 PID: 10116 Comm: syz.9.1098 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  800.777298][T10116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  800.777310][T10116] Call Trace:
[  800.777318][T10116]  <TASK>
[  800.777327][T10116]  dump_stack_lvl+0x189/0x250
[  800.777355][T10116]  ? __pfx____ratelimit+0x10/0x10
[  800.777374][T10116]  ? __pfx_dump_stack_lvl+0x10/0x10
[  800.777394][T10116]  ? __pfx__printk+0x10/0x10
[  800.777423][T10116]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  800.777455][T10116]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  800.777490][T10116]  should_fail_ex+0x414/0x560
[  800.777518][T10116]  should_failslab+0xa8/0x100
[  800.777543][T10116]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  800.777564][T10116]  ? __alloc_skb+0x112/0x2d0
[  800.777596][T10116]  __alloc_skb+0x112/0x2d0
[  800.777628][T10116]  hci_cmd_sync_alloc+0x3d/0x380
[  800.777666][T10116]  hci_send_cmd+0x46/0x180
[  800.777694][T10116]  hci_conn_security+0x584/0x9c0
[  800.777731][T10116]  ? __pfx_hci_conn_security+0x10/0x10
[  800.777764][T10116]  ? l2cap_chan_check_security+0x330/0x570
[  800.777790][T10116]  l2cap_chan_connect+0xada/0xe30
[  800.777828][T10116]  ? __pfx_l2cap_chan_connect+0x10/0x10
[  800.777848][T10116]  ? __local_bh_enable_ip+0x12d/0x1c0
[  800.777870][T10116]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  800.777898][T10116]  ? bacmp+0xe/0x30
[  800.777928][T10116]  l2cap_sock_connect+0x5c5/0x7a0
[  800.777964][T10116]  ? __pfx_l2cap_sock_connect+0x10/0x10
[  800.778002][T10116]  ? bpf_lsm_socket_connect+0x9/0x20
[  800.778025][T10116]  __sys_connect+0x316/0x440
[  800.778052][T10116]  ? __fget_files+0x3a0/0x420
[  800.778076][T10116]  ? __pfx___sys_connect+0x10/0x10
[  800.778116][T10116]  ? __pfx_ksys_write+0x10/0x10
[  800.778132][T10116]  ? rcu_is_watching+0x15/0xb0
[  800.778160][T10116]  __x64_sys_connect+0x7a/0x90
[  800.778189][T10116]  do_syscall_64+0xfa/0x3b0
[  800.778213][T10116]  ? lockdep_hardirqs_on+0x9c/0x150
[  800.778235][T10116]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.778270][T10116]  ? clear_bhb_loop+0x60/0xb0
[  800.778295][T10116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.778316][T10116] RIP: 0033:0x7f6488f8ebe9
[  800.778335][T10116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  800.778353][T10116] RSP: 002b:00007f6489d5b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  800.778375][T10116] RAX: ffffffffffffffda RBX: 00007f64891b5fa0 RCX: 00007f6488f8ebe9
[  800.778391][T10116] RDX: 000000000000000e RSI: 0000200000000080 RDI: 0000000000000004
[  800.778405][T10116] RBP: 00007f6489d5b090 R08: 0000000000000000 R09: 0000000000000000
[  800.778417][T10116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  800.778430][T10116] R13: 00007f64891b6038 R14: 00007f64891b5fa0 R15: 00007ffc1627abe8
[  800.778464][T10116]  </TASK>
[  801.058702][    C0] vkms_vblank_simulate: vblank timer overrun
[  801.062653][   T24] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  801.072492][T10116] Bluetooth: hci3: no memory for command
[  801.267108][ T5909] usb 9-1: unable to get BOS descriptor or descriptor too short
[  801.277232][   T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  801.291744][ T5909] usb 9-1: not running at top speed; connect to a high speed hub
[  801.299973][   T24] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 79
[  801.310249][   T24] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  801.323558][   T24] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  801.333812][ T5909] usb 9-1: config 1 interface 0 altsetting 16 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  801.346134][ T5909] usb 9-1: config 1 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  801.346584][T10122] syzkaller0: entered promiscuous mode
[  801.359257][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  801.366666][   T24] usb 8-1: config 0 descriptor??
[  801.374595][T10122] syzkaller0: entered allmulticast mode
[  801.382682][ T5909] usb 9-1: config 1 interface 0 has no altsetting 0
[  801.402531][T10109] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  801.410919][ T5909] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  801.423776][ T5909] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  801.432469][ T5909] usb 9-1: Product: syz
[  801.444984][ T5909] usb 9-1: Manufacturer: syz
[  801.449836][ T5909] usb 9-1: SerialNumber: syz
[  801.465314][T10106] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  801.654160][   T24] ath6kl: Failed to submit usb control message: -71
[  801.660956][   T24] ath6kl: unable to send the bmi data to the device: -71
[  801.671556][   T24] ath6kl: Unable to send get target info: -71
[  801.686383][T10106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  801.698737][   T24] ath6kl: Failed to init ath6kl core: -71
[  801.713771][T10106] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  801.725232][   T24] ath6kl_usb 8-1:0.0: probe with driver ath6kl_usb failed with error -71
[  801.774741][   T24] usb 8-1: USB disconnect, device number 2
[  801.906323][T10136] netlink: 'syz.9.1103': attribute type 10 has an invalid length.
[  801.975701][T10129] loop7: detected capacity change from 0 to 16384
[  802.639334][ T5909] usb 9-1: bad CDC descriptors
[  802.735557][ T5909] usb 9-1: USB disconnect, device number 2
[  803.423040][T10157] FAULT_INJECTION: forcing a failure.
[  803.423040][T10157] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  803.437181][T10157] CPU: 1 UID: 0 PID: 10157 Comm: syz.9.1109 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  803.437213][T10157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  803.437236][T10157] Call Trace:
[  803.437245][T10157]  <TASK>
[  803.437254][T10157]  dump_stack_lvl+0x189/0x250
[  803.437286][T10157]  ? __pfx____ratelimit+0x10/0x10
[  803.437310][T10157]  ? __pfx_dump_stack_lvl+0x10/0x10
[  803.437335][T10157]  ? __pfx__printk+0x10/0x10
[  803.437380][T10157]  should_fail_ex+0x414/0x560
[  803.437408][T10157]  strncpy_from_user+0x36/0x290
[  803.437448][T10157]  getname_flags+0xf3/0x540
[  803.437480][T10157]  do_sys_openat2+0xbc/0x1c0
[  803.437513][T10157]  ? __pfx_do_sys_openat2+0x10/0x10
[  803.437548][T10157]  ? __x64_sys_openat+0x122/0x170
[  803.437584][T10157]  __x64_sys_openat+0x138/0x170
[  803.437620][T10157]  do_syscall_64+0xfa/0x3b0
[  803.437647][T10157]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  803.437668][T10157]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  803.437690][T10157]  ? clear_bhb_loop+0x60/0xb0
[  803.437717][T10157]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  803.437738][T10157] RIP: 0033:0x7f6488f8ebe9
[  803.437758][T10157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  803.437778][T10157] RSP: 002b:00007f6489d19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  803.437801][T10157] RAX: ffffffffffffffda RBX: 00007f64891b6180 RCX: 00007f6488f8ebe9
[  803.437817][T10157] RDX: 00000000000aad82 RSI: 0000200000000200 RDI: ffffffffffffff9c
[  803.437832][T10157] RBP: 00007f6489d19090 R08: 0000000000000000 R09: 0000000000000000
[  803.437847][T10157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  803.437859][T10157] R13: 00007f64891b6218 R14: 00007f64891b6180 R15: 00007ffc1627abe8
[  803.437894][T10157]  </TASK>
[  803.629757][T10157] lo speed is unknown, defaulting to 1000
[  803.637042][T10157] lo speed is unknown, defaulting to 1000
[  803.650317][T10157] lo speed is unknown, defaulting to 1000
[  803.719236][T10157] infiniband 3yz0: RDMA CMA: cma_listen_on_dev, error -98
[  803.851304][T10157] lo speed is unknown, defaulting to 1000
[  803.859142][T10157] lo speed is unknown, defaulting to 1000
[  803.866951][T10157] lo speed is unknown, defaulting to 1000
[  803.874789][T10157] lo speed is unknown, defaulting to 1000
[  803.882510][T10157] lo speed is unknown, defaulting to 1000
[  803.904310][ T5951] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  804.068107][ T5951] usb 8-1: Using ep0 maxpacket: 32
[  804.084454][ T5951] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  804.119187][ T5951] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  804.146192][T10161] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  804.156967][ T5951] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  804.167396][ T5951] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.183744][ T5951] usb 8-1: Product: syz
[  804.198247][ T5951] usb 8-1: Manufacturer: syz
[  804.202978][ T5951] usb 8-1: SerialNumber: syz
[  804.220998][ T5951] usb 8-1: config 0 descriptor??
[  805.473353][T10187] dlm: no locking on control device
[  805.652263][ T1210] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  805.794531][T10190] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$���UL�vy��آ
�D��UD�w�}�z
[  806.213964][ T1210] usb 9-1: Using ep0 maxpacket: 16
[  806.327597][ T1210] usb 9-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  806.337205][ T1210] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.345491][ T1210] usb 9-1: Product: syz
[  806.349712][ T1210] usb 9-1: Manufacturer: syz
[  806.354472][ T1210] usb 9-1: SerialNumber: syz
[  806.362290][ T1210] usb 9-1: config 0 descriptor??
[  806.406240][ T5902] usb 8-1: USB disconnect, device number 3
[  806.469460][T10192] fuse: Unknown parameter ''
[  806.647330][T10197] netlink: zone id is out of range
[  806.672434][T10197] netlink: zone id is out of range
[  807.294688][ T1210] dvb_usb_dtv5100 9-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110
[  807.383885][ T9165] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  808.016884][T10197] netlink: set zone limit has 4 unknown bytes
[  808.087947][T10199] netlink: del zone limit has 4 unknown bytes
[  810.758519][   T10] usb 9-1: USB disconnect, device number 3
[  812.465092][T10237] syzkaller0: entered promiscuous mode
[  812.470657][T10237] syzkaller0: entered allmulticast mode
[  812.724158][   T10] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  814.159689][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  814.166730][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  814.272250][   T10] usb 9-1: Using ep0 maxpacket: 32
[  814.590558][   T10] usb 9-1: device descriptor read/all, error -71
[  816.142725][T10255] netlink: 228 bytes leftover after parsing attributes in process `syz.7.1139'.
[  816.694091][T10263] bridge0: port 1(bridge_slave_0) entered disabled state
[  816.965757][ T6119] bridge0: port 1(bridge_slave_0) entered blocking state
[  816.973028][ T6119] bridge0: port 1(bridge_slave_0) entered forwarding state
[  817.592125][T10269] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1142'.
[  817.629898][   T30] audit: type=1326 audit(1755842763.415:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10277 comm="syz.7.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ebe9 code=0x7ffc0000
[  817.826154][T10278] FAULT_INJECTION: forcing a failure.
[  817.826154][T10278] name failslab, interval 1, probability 0, space 0, times 0
[  817.874459][T10278] CPU: 0 UID: 0 PID: 10278 Comm: syz.7.1147 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  817.874491][T10278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  817.874505][T10278] Call Trace:
[  817.874514][T10278]  <TASK>
[  817.874522][T10278]  dump_stack_lvl+0x189/0x250
[  817.874553][T10278]  ? __pfx____ratelimit+0x10/0x10
[  817.874576][T10278]  ? __pfx_dump_stack_lvl+0x10/0x10
[  817.874598][T10278]  ? __pfx__printk+0x10/0x10
[  817.874632][T10278]  ? __pfx___might_resched+0x10/0x10
[  817.874661][T10278]  should_fail_ex+0x414/0x560
[  817.874689][T10278]  should_failslab+0xa8/0x100
[  817.874725][T10278]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  817.874748][T10278]  ? __alloc_skb+0x112/0x2d0
[  817.874782][T10278]  __alloc_skb+0x112/0x2d0
[  817.874817][T10278]  audit_log_start+0x152/0x870
[  817.874850][T10278]  ? __pfx_audit_log_start+0x10/0x10
[  817.874881][T10278]  ? migrate_enable+0x29c/0x3c0
[  817.874914][T10278]  ? __pfx_migrate_enable+0x10/0x10
[  817.874947][T10278]  audit_seccomp+0x64/0x190
[  817.874977][T10278]  __seccomp_filter+0x9aa/0x1a40
[  817.875015][T10278]  ? __pfx___seccomp_filter+0x10/0x10
[  817.875035][T10278]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  817.875061][T10278]  ? __pfx_vfs_write+0x10/0x10
[  817.875085][T10278]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  817.875115][T10278]  ? __fget_files+0x3a0/0x420
[  817.875158][T10278]  ? __pfx_ksys_write+0x10/0x10
[  817.875177][T10278]  ? __secure_computing+0xe2/0x2a0
[  817.875203][T10278]  syscall_trace_enter+0xaa/0x160
[  817.875225][T10278]  do_syscall_64+0xd3/0x3b0
[  817.875248][T10278]  ? lockdep_hardirqs_on+0x9c/0x150
[  817.875271][T10278]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  817.875292][T10278]  ? clear_bhb_loop+0x60/0xb0
[  817.875318][T10278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  817.875339][T10278] RIP: 0033:0x7f6d19b8ebe9
[  817.875359][T10278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  817.875378][T10278] RSP: 002b:00007f6d1aa04038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b6
[  817.875400][T10278] RAX: ffffffffffffffda RBX: 00007f6d19db5fa0 RCX: 00007f6d19b8ebe9
[  817.875416][T10278] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  817.875428][T10278] RBP: 00007f6d1aa04090 R08: 0000000000000000 R09: 0000000000000000
[  817.875442][T10278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  817.875455][T10278] R13: 00007f6d19db6038 R14: 00007f6d19db5fa0 R15: 00007ffc1c6ccf28
[  817.875487][T10278]  </TASK>
[  817.875512][T10278] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  817.893756][   T30] audit: type=1326 audit(1755842763.615:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10277 comm="syz.7.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ebe9 code=0x7ffc0000
[  818.184969][T10278] audit: out of memory in audit_log_start
[  818.968942][T10288] FAULT_INJECTION: forcing a failure.
[  818.968942][T10288] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  818.985111][T10288] CPU: 1 UID: 0 PID: 10288 Comm: syz.8.1148 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  818.985141][T10288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  818.985155][T10288] Call Trace:
[  818.985165][T10288]  <TASK>
[  818.985175][T10288]  dump_stack_lvl+0x189/0x250
[  818.985206][T10288]  ? __pfx____ratelimit+0x10/0x10
[  818.985231][T10288]  ? __pfx_dump_stack_lvl+0x10/0x10
[  818.985257][T10288]  ? __pfx__printk+0x10/0x10
[  818.985301][T10288]  should_fail_ex+0x414/0x560
[  818.985331][T10288]  _copy_to_user+0x31/0xb0
[  818.985365][T10288]  llc_ui_getsockopt+0x451/0x500
[  818.985404][T10288]  ? __pfx_llc_ui_getsockopt+0x10/0x10
[  818.985444][T10288]  ? __pfx_llc_ui_getsockopt+0x10/0x10
[  818.985479][T10288]  do_sock_getsockopt+0x36f/0x450
[  818.985517][T10288]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  818.985551][T10288]  ? do_syscall_64+0x20/0x3b0
[  818.985574][T10288]  ? __fget_files+0x3a0/0x420
[  818.985599][T10288]  ? __fget_files+0x2a/0x420
[  818.985633][T10288]  __x64_sys_getsockopt+0x1a5/0x250
[  818.985674][T10288]  ? do_syscall_64+0x20/0x3b0
[  818.985701][T10288]  ? do_syscall_64+0x20/0x3b0
[  818.985731][T10288]  do_syscall_64+0xfa/0x3b0
[  818.985755][T10288]  ? lockdep_hardirqs_on+0x9c/0x150
[  818.985778][T10288]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  818.985800][T10288]  ? clear_bhb_loop+0x60/0xb0
[  818.985828][T10288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  818.985850][T10288] RIP: 0033:0x7f0234b8ebe9
[  818.985869][T10288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  818.985889][T10288] RSP: 002b:00007f02359fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  818.985912][T10288] RAX: ffffffffffffffda RBX: 00007f0234db5fa0 RCX: 00007f0234b8ebe9
[  818.985929][T10288] RDX: 0000000000000009 RSI: 000000000000010c RDI: 0000000000000004
[  818.985942][T10288] RBP: 00007f02359fe090 R08: 0000200000000280 R09: 0000000000000000
[  818.985957][T10288] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  818.985971][T10288] R13: 00007f0234db6038 R14: 00007f0234db5fa0 R15: 00007ffcaafde2d8
[  818.986007][T10288]  </TASK>
[  819.208761][   T30] audit: type=1326 audit(1755842763.615:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10277 comm="syz.7.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f6d19b8ebe9 code=0x7ffc0000
[  819.231801][   T30] audit: type=1326 audit(1755842763.615:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10277 comm="syz.7.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ebe9 code=0x7ffc0000
[  819.253899][   T30] audit: type=1326 audit(1755842763.615:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10277 comm="syz.7.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ebe9 code=0x7ffc0000
[  819.276440][   T30] audit: type=1326 audit(1755842763.615:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10277 comm="syz.7.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6d19b8d550 code=0x7ffc0000
[  819.298227][   T30] audit: type=1326 audit(1755842763.615:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10277 comm="syz.7.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f6d19b8d69f code=0x7ffc0000
[  819.321312][   T30] audit: type=1326 audit(1755842764.445:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10277 comm="syz.7.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f6d19b8d5fc code=0x7ffc0000
[  819.498674][T10296] syzkaller0: entered promiscuous mode
[  819.536507][T10296] syzkaller0: entered allmulticast mode
[  819.570255][T10300] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  820.350327][ T5902] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  820.603751][ T5902] usb 10-1: Using ep0 maxpacket: 32
[  820.625610][ T5902] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  820.648932][ T5902] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  820.687673][ T5902] usb 10-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  820.702144][ T5902] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  820.725139][ T5902] usb 10-1: Product: syz
[  820.733907][ T5902] usb 10-1: Manufacturer: syz
[  820.748278][ T5902] usb 10-1: SerialNumber: syz
[  820.768692][ T5902] usb 10-1: config 0 descriptor??
[  821.525818][T10314] FAULT_INJECTION: forcing a failure.
[  821.525818][T10314] name failslab, interval 1, probability 0, space 0, times 0
[  821.540784][T10314] CPU: 0 UID: 0 PID: 10314 Comm: syz.7.1155 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  821.540816][T10314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  821.540829][T10314] Call Trace:
[  821.540838][T10314]  <TASK>
[  821.540847][T10314]  dump_stack_lvl+0x189/0x250
[  821.540877][T10314]  ? __pfx____ratelimit+0x10/0x10
[  821.540900][T10314]  ? __pfx_dump_stack_lvl+0x10/0x10
[  821.540924][T10314]  ? __pfx__printk+0x10/0x10
[  821.540956][T10314]  ? __pfx___might_resched+0x10/0x10
[  821.540984][T10314]  should_fail_ex+0x414/0x560
[  821.541012][T10314]  should_failslab+0xa8/0x100
[  821.541037][T10314]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  821.541060][T10314]  ? __alloc_skb+0x112/0x2d0
[  821.541092][T10314]  __alloc_skb+0x112/0x2d0
[  821.541126][T10314]  netlink_sendmsg+0x5c6/0xb30
[  821.541166][T10314]  ? __pfx_netlink_sendmsg+0x10/0x10
[  821.541205][T10314]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  821.541227][T10314]  ? __pfx_netlink_sendmsg+0x10/0x10
[  821.541260][T10314]  __sock_sendmsg+0x21c/0x270
[  821.541289][T10314]  ____sys_sendmsg+0x505/0x830
[  821.541329][T10314]  ? __pfx_____sys_sendmsg+0x10/0x10
[  821.541371][T10314]  ? import_iovec+0x74/0xa0
[  821.541413][T10314]  ___sys_sendmsg+0x21f/0x2a0
[  821.541449][T10314]  ? __pfx____sys_sendmsg+0x10/0x10
[  821.541521][T10314]  ? __fget_files+0x2a/0x420
[  821.541544][T10314]  ? __fget_files+0x3a0/0x420
[  821.541578][T10314]  __x64_sys_sendmsg+0x19b/0x260
[  821.541614][T10314]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  821.541659][T10314]  ? __pfx_ksys_write+0x10/0x10
[  821.541677][T10314]  ? rcu_is_watching+0x15/0xb0
[  821.541706][T10314]  ? do_syscall_64+0xbe/0x3b0
[  821.541736][T10314]  do_syscall_64+0xfa/0x3b0
[  821.541758][T10314]  ? lockdep_hardirqs_on+0x9c/0x150
[  821.541781][T10314]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  821.541803][T10314]  ? clear_bhb_loop+0x60/0xb0
[  821.541829][T10314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  821.541851][T10314] RIP: 0033:0x7f6d19b8ebe9
[  821.541870][T10314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  821.541890][T10314] RSP: 002b:00007f6d1aa04038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  821.541913][T10314] RAX: ffffffffffffffda RBX: 00007f6d19db5fa0 RCX: 00007f6d19b8ebe9
[  821.541929][T10314] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000005
[  821.541943][T10314] RBP: 00007f6d1aa04090 R08: 0000000000000000 R09: 0000000000000000
[  821.541957][T10314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  821.541970][T10314] R13: 00007f6d19db6038 R14: 00007f6d19db5fa0 R15: 00007ffc1c6ccf28
[  821.542005][T10314]  </TASK>
[  822.429462][T10325] xt_CT: No such helper "snmp"
[  822.469533][T10325] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1160'.
[  822.471032][ T5909] usb 10-1: USB disconnect, device number 2
[  822.478688][T10325] tipc: Started in network mode
[  822.478722][T10325] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  822.478871][T10325] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  822.560261][T10335] syzkaller0: entered promiscuous mode
[  822.614680][T10335] syzkaller0: entered allmulticast mode
[  823.121810][T10348] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  823.258183][T10351] FAULT_INJECTION: forcing a failure.
[  823.258183][T10351] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  823.276079][T10351] CPU: 0 UID: 0 PID: 10351 Comm: syz.7.1168 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  823.276111][T10351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  823.276126][T10351] Call Trace:
[  823.276136][T10351]  <TASK>
[  823.276146][T10351]  dump_stack_lvl+0x189/0x250
[  823.276178][T10351]  ? __pfx____ratelimit+0x10/0x10
[  823.276202][T10351]  ? __pfx_dump_stack_lvl+0x10/0x10
[  823.276228][T10351]  ? __pfx__printk+0x10/0x10
[  823.276271][T10351]  should_fail_ex+0x414/0x560
[  823.276301][T10351]  _copy_to_user+0x31/0xb0
[  823.276335][T10351]  simple_read_from_buffer+0xe1/0x170
[  823.276365][T10351]  proc_fail_nth_read+0x1df/0x250
[  823.276397][T10351]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  823.276429][T10351]  ? rw_verify_area+0x258/0x650
[  823.276463][T10351]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  823.276492][T10351]  vfs_read+0x200/0x980
[  823.276533][T10351]  ? __pfx___mutex_lock+0x10/0x10
[  823.276559][T10351]  ? __pfx_vfs_read+0x10/0x10
[  823.276595][T10351]  ? __fget_files+0x2a/0x420
[  823.276626][T10351]  ? __fget_files+0x3a0/0x420
[  823.276650][T10351]  ? __fget_files+0x2a/0x420
[  823.276686][T10351]  ksys_read+0x145/0x250
[  823.276709][T10351]  ? __pfx_ksys_read+0x10/0x10
[  823.276737][T10351]  ? do_syscall_64+0xbe/0x3b0
[  823.276766][T10351]  do_syscall_64+0xfa/0x3b0
[  823.276790][T10351]  ? lockdep_hardirqs_on+0x9c/0x150
[  823.276813][T10351]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  823.276835][T10351]  ? clear_bhb_loop+0x60/0xb0
[  823.276863][T10351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  823.276885][T10351] RIP: 0033:0x7f6d19b8d5fc
[  823.276913][T10351] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  823.276933][T10351] RSP: 002b:00007f6d1aa04030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  823.276956][T10351] RAX: ffffffffffffffda RBX: 00007f6d19db5fa0 RCX: 00007f6d19b8d5fc
[  823.276972][T10351] RDX: 000000000000000f RSI: 00007f6d1aa040a0 RDI: 0000000000000003
[  823.276986][T10351] RBP: 00007f6d1aa04090 R08: 0000000000000000 R09: 0000000000000000
[  823.277000][T10351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  823.277012][T10351] R13: 00007f6d19db6038 R14: 00007f6d19db5fa0 R15: 00007ffc1c6ccf28
[  823.277048][T10351]  </TASK>
[  825.110932][ T5917] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  825.274178][ T5917] usb 7-1: Using ep0 maxpacket: 16
[  825.292830][ T5917] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[  825.321571][ T5917] usb 7-1: config 0 has no interface number 0
[  825.334000][ T5917] usb 7-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  825.376050][ T5917] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  825.397954][ T5917] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  825.405744][T10375] bridge0: port 1(bridge_slave_0) entered disabled state
[  825.412278][ T5917] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  825.434546][ T5917] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  825.460756][ T9600] bridge0: port 1(bridge_slave_0) entered blocking state
[  825.468118][ T9600] bridge0: port 1(bridge_slave_0) entered forwarding state
[  825.477748][ T5917] usb 7-1: Product: syz
[  825.482002][ T5917] usb 7-1: SerialNumber: syz
[  825.505586][ T5917] usb 7-1: config 0 descriptor??
[  825.536890][ T5917] cm109 7-1:0.8: invalid payload size 0, expected 4
[  825.560884][ T5917] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.8/input/input28
[  825.933685][ T5902] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  826.824082][ T5902] usb 6-1: Using ep0 maxpacket: 32
[  826.840747][ T5902] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  826.867283][ T5902] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  826.890198][ T5902] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  826.900601][T10386] syzkaller0: entered promiscuous mode
[  826.906480][T10386] syzkaller0: entered allmulticast mode
[  826.912270][ T5902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  826.942187][ T5902] usb 6-1: Product: syz
[  826.989862][ T5902] usb 6-1: Manufacturer: syz
[  827.274107][ T5902] usb 6-1: SerialNumber: syz
[  827.576918][ T5902] usb 6-1: config 0 descriptor??
[  827.650959][    C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[  827.660304][    C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[  827.665352][   T10] usb 7-1: USB disconnect, device number 3
[  827.667299][    C1] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  827.695234][   T10] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  827.742062][ T5902] usb 6-1: can't set config #0, error -71
[  827.773538][ T5902] usb 6-1: USB disconnect, device number 4
[  828.446610][T10408] netlink: 80 bytes leftover after parsing attributes in process `syz.5.1184'.
[  829.148278][T10404] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  832.518538][T10428] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  833.313218][T10432] netlink: 'syz.5.1190': attribute type 10 has an invalid length.
[  833.399272][T10432] loop7: detected capacity change from 0 to 16384
[  834.043203][T10441] syzkaller0: entered promiscuous mode
[  834.059133][T10441] syzkaller0: entered allmulticast mode
[  834.270193][T10449] FAULT_INJECTION: forcing a failure.
[  834.270193][T10449] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  834.313192][T10451] bridge0: port 1(bridge_slave_0) entered disabled state
[  834.323778][T10449] CPU: 0 UID: 0 PID: 10449 Comm: syz.9.1196 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  834.323809][T10449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  834.323830][T10449] Call Trace:
[  834.323839][T10449]  <TASK>
[  834.323848][T10449]  dump_stack_lvl+0x189/0x250
[  834.323879][T10449]  ? __pfx____ratelimit+0x10/0x10
[  834.323903][T10449]  ? __pfx_dump_stack_lvl+0x10/0x10
[  834.323928][T10449]  ? __pfx__printk+0x10/0x10
[  834.323956][T10449]  ? __might_fault+0xb0/0x130
[  834.323989][T10449]  should_fail_ex+0x414/0x560
[  834.324017][T10449]  _copy_from_user+0x2d/0xb0
[  834.324046][T10449]  ucma_resolve_ip+0x9a/0x280
[  834.324082][T10449]  ? __pfx_ucma_resolve_ip+0x10/0x10
[  834.324131][T10449]  ucma_write+0x249/0x2e0
[  834.324164][T10449]  ? __pfx_ucma_write+0x10/0x10
[  834.324192][T10449]  ? security_file_permission+0x75/0x290
[  834.324217][T10449]  ? rw_verify_area+0x258/0x650
[  834.324248][T10449]  ? __pfx_ucma_write+0x10/0x10
[  834.324279][T10449]  vfs_write+0x27e/0xa90
[  834.324309][T10449]  ? __pfx_vfs_write+0x10/0x10
[  834.324331][T10449]  ? __fget_files+0x2a/0x420
[  834.324360][T10449]  ? __fget_files+0x2a/0x420
[  834.324383][T10449]  ? __fget_files+0x3a0/0x420
[  834.324405][T10449]  ? __fget_files+0x2a/0x420
[  834.324440][T10449]  ksys_write+0x145/0x250
[  834.324463][T10449]  ? __pfx_ksys_write+0x10/0x10
[  834.324481][T10449]  ? rcu_is_watching+0x15/0xb0
[  834.324510][T10449]  ? do_syscall_64+0xbe/0x3b0
[  834.324540][T10449]  do_syscall_64+0xfa/0x3b0
[  834.324563][T10449]  ? lockdep_hardirqs_on+0x9c/0x150
[  834.324585][T10449]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  834.324607][T10449]  ? clear_bhb_loop+0x60/0xb0
[  834.324633][T10449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  834.324654][T10449] RIP: 0033:0x7f6488f8ebe9
[  834.324673][T10449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  834.324693][T10449] RSP: 002b:00007f6489d5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  834.324716][T10449] RAX: ffffffffffffffda RBX: 00007f64891b5fa0 RCX: 00007f6488f8ebe9
[  834.324732][T10449] RDX: 0000000000000048 RSI: 0000200000000100 RDI: 0000000000000004
[  834.324746][T10449] RBP: 00007f6489d5b090 R08: 0000000000000000 R09: 0000000000000000
[  834.324759][T10449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  834.324771][T10449] R13: 00007f64891b6038 R14: 00007f64891b5fa0 R15: 00007ffc1627abe8
[  834.324806][T10449]  </TASK>
[  834.337337][T10451] bridge0: port 1(bridge_slave_0) entered blocking state
[  834.586022][T10451] bridge0: port 1(bridge_slave_0) entered forwarding state
[  834.792831][ T5902] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  835.665264][ T5902] usb 9-1: Using ep0 maxpacket: 32
[  835.679526][ T5902] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  835.706341][ T5902] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  835.729811][ T5902] usb 9-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  835.747336][ T5902] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  835.764004][ T5902] usb 9-1: Product: syz
[  835.768269][ T5902] usb 9-1: Manufacturer: syz
[  835.772908][ T5902] usb 9-1: SerialNumber: syz
[  835.799602][ T5902] usb 9-1: config 0 descriptor??
[  836.397692][T10476] netlink: 'syz.9.1202': attribute type 4 has an invalid length.
[  837.060085][  T980] lo speed is unknown, defaulting to 1000
[  837.077539][  T980] 3yz0: Port: 1 Link DOWN
[  837.163806][T10478] netlink: 'syz.6.1204': attribute type 10 has an invalid length.
[  837.293750][T10477] loop7: detected capacity change from 0 to 16384
[  837.462381][T10478] 8021q: adding VLAN 0 to HW filter on device team0
[  837.488912][T10478] bond0: (slave team0): Enslaving as an active interface with an up link
[  837.675722][   T10] usb 9-1: USB disconnect, device number 6
[  837.722414][T10482] fuse: blksize only supported for fuseblk
[  838.488022][T10489] syzkaller0: entered promiscuous mode
[  838.497008][T10489] syzkaller0: entered allmulticast mode
[  839.490933][T10508] netlink: 228 bytes leftover after parsing attributes in process `syz.7.1212'.
[  840.987631][T10520] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  841.663902][ T5902] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  841.792264][T10535] netlink: 'syz.8.1219': attribute type 10 has an invalid length.
[  841.828120][T10535] 8021q: adding VLAN 0 to HW filter on device team0
[  841.863666][T10536] loop7: detected capacity change from 0 to 16384
[  841.888406][T10535] bond0: (slave team0): Enslaving as an active interface with an up link
[  842.238016][ T5902] usb 7-1: Using ep0 maxpacket: 32
[  842.254653][ T5902] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  842.264951][ T5902] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  842.286407][ T5902] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  842.295628][ T5902] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  842.303965][ T5902] usb 7-1: Product: syz
[  842.308179][ T5902] usb 7-1: Manufacturer: syz
[  842.312803][ T5902] usb 7-1: SerialNumber: syz
[  842.326972][ T5902] usb 7-1: config 0 descriptor??
[  844.896533][ T5917] usb 7-1: USB disconnect, device number 4
[  845.219204][T10562] netlink: 228 bytes leftover after parsing attributes in process `syz.9.1225'.
[  846.716771][ T9710] Bluetooth: hci2: command 0x0406 tx timeout
[  847.144469][T10582] netlink: 'syz.8.1230': attribute type 10 has an invalid length.
[  847.215209][T10582] loop7: detected capacity change from 0 to 16384
[  849.065309][T10588] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1233'.
[  849.239887][T10591] FAULT_INJECTION: forcing a failure.
[  849.239887][T10591] name failslab, interval 1, probability 0, space 0, times 0
[  849.252633][T10591] CPU: 0 UID: 0 PID: 10591 Comm: syz.8.1235 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  849.252654][T10591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  849.252664][T10591] Call Trace:
[  849.252670][T10591]  <TASK>
[  849.252676][T10591]  dump_stack_lvl+0x189/0x250
[  849.252699][T10591]  ? __pfx____ratelimit+0x10/0x10
[  849.252717][T10591]  ? __pfx_dump_stack_lvl+0x10/0x10
[  849.252734][T10591]  ? __pfx__printk+0x10/0x10
[  849.252758][T10591]  ? __pfx___might_resched+0x10/0x10
[  849.252779][T10591]  should_fail_ex+0x414/0x560
[  849.252799][T10591]  should_failslab+0xa8/0x100
[  849.252818][T10591]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  849.252834][T10591]  ? __alloc_skb+0x112/0x2d0
[  849.252859][T10591]  __alloc_skb+0x112/0x2d0
[  849.252884][T10591]  netlink_sendmsg+0x5c6/0xb30
[  849.252914][T10591]  ? __pfx_netlink_sendmsg+0x10/0x10
[  849.252942][T10591]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  849.252957][T10591]  ? __pfx_netlink_sendmsg+0x10/0x10
[  849.252980][T10591]  __sock_sendmsg+0x21c/0x270
[  849.253001][T10591]  ____sys_sendmsg+0x505/0x830
[  849.253029][T10591]  ? __pfx_____sys_sendmsg+0x10/0x10
[  849.253060][T10591]  ? import_iovec+0x74/0xa0
[  849.253084][T10591]  ___sys_sendmsg+0x21f/0x2a0
[  849.253110][T10591]  ? __pfx____sys_sendmsg+0x10/0x10
[  849.253139][T10591]  ? rcu_read_lock_any_held+0xb3/0x120
[  849.253167][T10591]  ? sb_end_write+0xe9/0x1c0
[  849.253195][T10591]  ? __pfx_vfs_write+0x10/0x10
[  849.253217][T10591]  __x64_sys_sendmsg+0x19b/0x260
[  849.253243][T10591]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  849.253275][T10591]  ? __pfx_ksys_write+0x10/0x10
[  849.253292][T10591]  ? rcu_is_watching+0x15/0xb0
[  849.253312][T10591]  ? do_syscall_64+0xbe/0x3b0
[  849.253333][T10591]  do_syscall_64+0xfa/0x3b0
[  849.253349][T10591]  ? lockdep_hardirqs_on+0x9c/0x150
[  849.253365][T10591]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.253381][T10591]  ? clear_bhb_loop+0x60/0xb0
[  849.253400][T10591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.253415][T10591] RIP: 0033:0x7f0234b8ebe9
[  849.253429][T10591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  849.253443][T10591] RSP: 002b:00007f02359fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  849.253460][T10591] RAX: ffffffffffffffda RBX: 00007f0234db5fa0 RCX: 00007f0234b8ebe9
[  849.253472][T10591] RDX: 0000000000000000 RSI: 00002000000012c0 RDI: 0000000000000007
[  849.253481][T10591] RBP: 00007f02359fe090 R08: 0000000000000000 R09: 0000000000000000
[  849.253491][T10591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  849.253500][T10591] R13: 00007f0234db6038 R14: 00007f0234db5fa0 R15: 00007ffcaafde2d8
[  849.253523][T10591]  </TASK>
[  850.784234][T10610] netlink: 228 bytes leftover after parsing attributes in process `syz.5.1238'.
[  851.415474][ T5917] usb 9-1: new full-speed USB device number 7 using dummy_hcd
[  851.681757][ T5917] usb 9-1: config 0 has an invalid interface number: 133 but max is 0
[  851.716409][ T5917] usb 9-1: config 0 has no interface number 0
[  851.750676][ T5917] usb 9-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  851.760397][ T5917] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  851.772931][ T5917] usb 9-1: Product: syz
[  851.819925][ T5917] usb 9-1: Manufacturer: syz
[  851.830732][ T5917] usb 9-1: SerialNumber: syz
[  852.073376][   T24] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  852.094179][ T5917] usb 9-1: config 0 descriptor??
[  852.163693][T10598] Bluetooth: hci5: command 0x0406 tx timeout
[  852.169816][T10598] Bluetooth: hci6: command 0x0406 tx timeout
[  852.181400][T10598] Bluetooth: hci1: command 0x0406 tx timeout
[  852.229697][T10618] fuse: Bad value for 'fd'
[  852.449895][   T24] usb 8-1: Using ep0 maxpacket: 32
[  852.466324][ T5917] keyspan 9-1:0.133: Keyspan 1 port adapter converter detected
[  852.479940][   T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  852.559874][T10623] netlink: 80 bytes leftover after parsing attributes in process `syz.9.1241'.
[  853.149908][ T5917] keyspan 9-1:0.133: found no endpoint descriptor for endpoint 81
[  853.158099][   T24] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  853.185240][ T5917] keyspan 9-1:0.133: found no endpoint descriptor for endpoint 1
[  853.247943][ T5917] keyspan 9-1:0.133: found no endpoint descriptor for endpoint 2
[  853.281915][   T24] usb 8-1: string descriptor 0 read error: -71
[  853.311409][   T24] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  853.320879][ T5917] usb 9-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  853.357168][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  853.385294][ T5902] usb 9-1: USB disconnect, device number 7
[  853.407399][   T24] usb 8-1: config 0 descriptor??
[  853.417071][   T24] usb 8-1: can't set config #0, error -71
[  853.428156][ T5902] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  853.446199][ T5902] keyspan 9-1:0.133: device disconnected
[  853.461302][   T24] usb 8-1: USB disconnect, device number 4
[  855.554667][T10639] netlink: 'syz.9.1246': attribute type 10 has an invalid length.
[  855.610846][T10639] loop7: detected capacity change from 0 to 16384
[  857.669984][T10660] netlink: 228 bytes leftover after parsing attributes in process `syz.8.1250'.
[  858.516113][T10661] (unnamed net_device) (uninitialized): peer notification delay (9) is not a multiple of miimon (5), value rounded to 5 ms
[  858.743735][T10661] 8021q: adding VLAN 0 to HW filter on device bond1
[  859.244514][T10666] netlink: 'syz.8.1254': attribute type 4 has an invalid length.
[  859.413700][   T24] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  859.445492][T10669] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  859.614971][   T24] usb 8-1: Using ep0 maxpacket: 32
[  859.615214][T10675] netlink: 'syz.8.1257': attribute type 10 has an invalid length.
[  859.662550][T10675] loop7: detected capacity change from 0 to 16384
[  860.067110][   T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  860.265650][   T24] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  860.807632][   T24] usb 8-1: string descriptor 0 read error: -71
[  860.814433][   T24] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  860.823531][   T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  860.859124][   T24] usb 8-1: config 0 descriptor??
[  860.878182][   T24] usb 8-1: can't set config #0, error -71
[  860.888772][   T24] usb 8-1: USB disconnect, device number 5
[  860.963366][T10680] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1261'.
[  861.986401][T10689] siw: device registration error -23
[  865.649464][T10739] netlink: 'syz.7.1273': attribute type 4 has an invalid length.
[  866.197316][ T1210] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  866.253672][ T5895] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  866.566605][T10744] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1276'.
[  866.584916][T10744] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  866.587131][ T5895] usb 6-1: Using ep0 maxpacket: 32
[  866.594229][T10744] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  866.608200][T10744] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  866.618953][T10744] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  866.624699][ T5895] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  866.638378][T10744] vxlan0: entered promiscuous mode
[  866.643664][T10744] vxlan0: entered allmulticast mode
[  866.928711][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  866.928738][   T30] audit: type=1326 audit(1755842812.685:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10742 comm="syz.7.1277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ebe9 code=0x7ffc0000
[  866.930539][ T5895] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  866.935071][   T30] audit: type=1326 audit(1755842812.685:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10742 comm="syz.7.1277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ebe9 code=0x7ffc0000
[  866.935124][   T30] audit: type=1326 audit(1755842812.685:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10742 comm="syz.7.1277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6d19b8ebe9 code=0x7ffc0000
[  867.150408][ T1210] usb 7-1: config 0 has an invalid interface number: 255 but max is 0
[  867.167558][ T1210] usb 7-1: config 0 has no interface number 0
[  867.183819][ T1210] usb 7-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  867.214304][ T1210] usb 7-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  867.273338][   T30] audit: type=1326 audit(1755842812.685:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10742 comm="syz.7.1277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ebe9 code=0x7ffc0000
[  867.305983][   T30] audit: type=1326 audit(1755842812.685:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10742 comm="syz.7.1277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d19b8ebe9 code=0x7ffc0000
[  867.331487][ T5895] usb 6-1: string descriptor 0 read error: -71
[  867.354980][ T5895] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  867.364679][ T1210] usb 7-1: config 0 interface 255 has no altsetting 0
[  867.433700][ T1210] usb 7-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  867.463667][ T5895] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  867.495208][   T30] audit: type=1326 audit(1755842812.685:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10742 comm="syz.7.1277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6d19b90b07 code=0x7ffc0000
[  867.503248][ T1210] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  867.517065][   T30] audit: type=1326 audit(1755842812.685:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10742 comm="syz.7.1277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f6d19b90a7c code=0x7ffc0000
[  867.548194][   T30] audit: type=1326 audit(1755842812.685:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10742 comm="syz.7.1277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f6d19b909b4 code=0x7ffc0000
[  867.569890][   T30] audit: type=1326 audit(1755842812.685:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10742 comm="syz.7.1277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f6d19b909b4 code=0x7ffc0000
[  867.571297][ T5895] usb 6-1: config 0 descriptor??
[  867.663856][ T1210] usb 7-1: config 0 descriptor??
[  868.018192][   T30] audit: type=1326 audit(1755842812.685:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10742 comm="syz.7.1277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6d19b8d84a code=0x7ffc0000
[  868.039973][ T5895] usb 6-1: can't set config #0, error -71
[  868.061063][ T5895] usb 6-1: USB disconnect, device number 5
[  868.456675][T10754] 9pnet_fd: Insufficient options for proto=fd
[  868.489627][T10757] lo speed is unknown, defaulting to 1000
[  870.441948][T10773] FAULT_INJECTION: forcing a failure.
[  870.441948][T10773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  870.455412][T10773] CPU: 0 UID: 0 PID: 10773 Comm: syz.5.1281 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  870.455444][T10773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  870.455459][T10773] Call Trace:
[  870.455468][T10773]  <TASK>
[  870.455478][T10773]  dump_stack_lvl+0x189/0x250
[  870.455509][T10773]  ? __pfx____ratelimit+0x10/0x10
[  870.455534][T10773]  ? __pfx_dump_stack_lvl+0x10/0x10
[  870.455560][T10773]  ? __pfx__printk+0x10/0x10
[  870.455603][T10773]  should_fail_ex+0x414/0x560
[  870.455633][T10773]  _copy_to_user+0x31/0xb0
[  870.455667][T10773]  simple_read_from_buffer+0xe1/0x170
[  870.455696][T10773]  proc_fail_nth_read+0x1df/0x250
[  870.455728][T10773]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  870.455759][T10773]  ? rw_verify_area+0x258/0x650
[  870.455793][T10773]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  870.455822][T10773]  vfs_read+0x200/0x980
[  870.455863][T10773]  ? __pfx___mutex_lock+0x10/0x10
[  870.455889][T10773]  ? __pfx_vfs_read+0x10/0x10
[  870.455924][T10773]  ? __fget_files+0x2a/0x420
[  870.455954][T10773]  ? __fget_files+0x3a0/0x420
[  870.455978][T10773]  ? __fget_files+0x2a/0x420
[  870.456013][T10773]  ksys_read+0x145/0x250
[  870.456037][T10773]  ? __pfx_ksys_read+0x10/0x10
[  870.456062][T10773]  ? __x64_sys_read+0x2d/0x90
[  870.456088][T10773]  do_syscall_64+0xfa/0x3b0
[  870.456114][T10773]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.456136][T10773]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  870.456157][T10773]  ? clear_bhb_loop+0x60/0xb0
[  870.456185][T10773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.456206][T10773] RIP: 0033:0x7fefe618d5fc
[  870.456225][T10773] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  870.456245][T10773] RSP: 002b:00007fefe6f71030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  870.456268][T10773] RAX: ffffffffffffffda RBX: 00007fefe63b6180 RCX: 00007fefe618d5fc
[  870.456285][T10773] RDX: 000000000000000f RSI: 00007fefe6f710a0 RDI: 0000000000000009
[  870.456299][T10773] RBP: 00007fefe6f71090 R08: 0000000000000000 R09: 0000000000000000
[  870.456313][T10773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  870.456326][T10773] R13: 00007fefe63b6218 R14: 00007fefe63b6180 R15: 00007ffe4b3a88c8
[  870.456371][T10773]  </TASK>
[  870.907661][T10772] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  870.993740][T10775] syzkaller0: entered promiscuous mode
[  871.001555][T10775] syzkaller0: entered allmulticast mode
[  871.260663][ T1210] usb 7-1: string descriptor 0 read error: -71
[  871.280370][T10775] tipc: Resetting bearer <eth:syzkaller0>
[  871.291067][ T1210] ums-realtek 7-1:0.255: USB Mass Storage device detected
[  872.069896][T10775] tipc: Disabling bearer <eth:syzkaller0>
[  872.150228][ T1210] usb 7-1: USB disconnect, device number 5
[  875.384556][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  875.391452][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  875.852900][T10822] misc userio: The device must be registered before sending interrupts
[  875.967342][T10822] dummy0: entered promiscuous mode
[  876.003431][T10822] dummy0: left promiscuous mode
[  877.468181][T10836] loop7: detected capacity change from 0 to 16384
[  879.530850][T10861] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  880.067137][ T5951] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  880.233894][ T5951] usb 6-1: Using ep0 maxpacket: 16
[  880.256821][ T5951] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  880.291831][ T5951] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  880.341546][ T5951] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  880.351030][ T5951] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  880.381250][ T5951] usb 6-1: Product: syz
[  880.385799][ T5951] usb 6-1: Manufacturer: syz
[  880.390442][ T5951] usb 6-1: SerialNumber: syz
[  880.424653][ T5951] usb 6-1: config 0 descriptor??
[  880.433731][ T5951] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  880.453835][ T5951] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  881.051586][ T5951] em28xx 6-1:0.0: unknown em28xx chip ID (41)
[  882.083354][ T5951] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[  882.222745][ T5951] em28xx 6-1:0.0: AC97 chip type couldn't be determined
[  882.266063][ T5951] em28xx 6-1:0.0: No AC97 audio processor
[  882.301143][ T5951] usb 6-1: USB disconnect, device number 6
[  882.315090][ T5951] em28xx 6-1:0.0: Disconnecting em28xx
[  882.337643][ T5951] em28xx 6-1:0.0: Freeing device
[  883.374626][ T5917] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  883.845794][ T5917] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  883.879752][ T5917] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  883.954592][T10903] netlink: 80 bytes leftover after parsing attributes in process `syz.9.1320'.
[  884.563700][ T5917] usb 9-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  884.582072][ T5917] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  884.614010][ T5917] usb 9-1: config 0 descriptor??
[  888.461240][ T5917] cm6533_jd 0003:0D8C:0022.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.8-1/input0
[  888.604973][ T5917] usb 9-1: USB disconnect, device number 8
[  890.045691][T10939] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  890.651322][T10947] FAULT_INJECTION: forcing a failure.
[  890.651322][T10947] name failslab, interval 1, probability 0, space 0, times 0
[  890.674044][T10947] CPU: 1 UID: 0 PID: 10947 Comm: syz.6.1330 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  890.674077][T10947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  890.674091][T10947] Call Trace:
[  890.674099][T10947]  <TASK>
[  890.674109][T10947]  dump_stack_lvl+0x189/0x250
[  890.674141][T10947]  ? __pfx____ratelimit+0x10/0x10
[  890.674164][T10947]  ? __pfx_dump_stack_lvl+0x10/0x10
[  890.674189][T10947]  ? __pfx__printk+0x10/0x10
[  890.674223][T10947]  ? __pfx___might_resched+0x10/0x10
[  890.674253][T10947]  should_fail_ex+0x414/0x560
[  890.674280][T10947]  should_failslab+0xa8/0x100
[  890.674308][T10947]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  890.674332][T10947]  ? __alloc_skb+0x112/0x2d0
[  890.674367][T10947]  __alloc_skb+0x112/0x2d0
[  890.674401][T10947]  netlink_sendmsg+0x5c6/0xb30
[  890.674444][T10947]  ? __pfx_netlink_sendmsg+0x10/0x10
[  890.674485][T10947]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  890.674507][T10947]  ? __pfx_netlink_sendmsg+0x10/0x10
[  890.674538][T10947]  __sock_sendmsg+0x21c/0x270
[  890.674567][T10947]  ____sys_sendmsg+0x505/0x830
[  890.674607][T10947]  ? __pfx_____sys_sendmsg+0x10/0x10
[  890.674652][T10947]  ? import_iovec+0x74/0xa0
[  890.674687][T10947]  ___sys_sendmsg+0x21f/0x2a0
[  890.674724][T10947]  ? __pfx____sys_sendmsg+0x10/0x10
[  890.674799][T10947]  ? __fget_files+0x2a/0x420
[  890.674822][T10947]  ? __fget_files+0x3a0/0x420
[  890.674859][T10947]  __x64_sys_sendmsg+0x19b/0x260
[  890.674896][T10947]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  890.674941][T10947]  ? __pfx_ksys_write+0x10/0x10
[  890.674958][T10947]  ? rcu_is_watching+0x15/0xb0
[  890.674988][T10947]  ? do_syscall_64+0xbe/0x3b0
[  890.675018][T10947]  do_syscall_64+0xfa/0x3b0
[  890.675047][T10947]  ? lockdep_hardirqs_on+0x9c/0x150
[  890.675069][T10947]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  890.675091][T10947]  ? clear_bhb_loop+0x60/0xb0
[  890.675117][T10947]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  890.675138][T10947] RIP: 0033:0x7f37b258ebe9
[  890.675158][T10947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  890.675176][T10947] RSP: 002b:00007f37b33d4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  890.675200][T10947] RAX: ffffffffffffffda RBX: 00007f37b27b5fa0 RCX: 00007f37b258ebe9
[  890.675216][T10947] RDX: 0000000000008000 RSI: 0000200000000180 RDI: 0000000000000004
[  890.675230][T10947] RBP: 00007f37b33d4090 R08: 0000000000000000 R09: 0000000000000000
[  890.675243][T10947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  890.675255][T10947] R13: 00007f37b27b6038 R14: 00007f37b27b5fa0 R15: 00007ffdf0be6678
[  890.675291][T10947]  </TASK>
[  890.944909][    C1] vkms_vblank_simulate: vblank timer overrun
[  892.124937][T10967] netlink: 80 bytes leftover after parsing attributes in process `syz.5.1334'.
[  893.674053][ T5917] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  894.404135][ T5917] usb 8-1: Using ep0 maxpacket: 32
[  894.449214][ T5917] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  894.713705][ T5917] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  894.883474][ T5917] usb 8-1: string descriptor 0 read error: -71
[  894.920820][ T5917] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  894.947176][ T5917] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  895.298345][ T5917] usb 8-1: config 0 descriptor??
[  895.313049][ T5917] usb 8-1: can't set config #0, error -71
[  895.556011][ T5917] usb 8-1: USB disconnect, device number 6
[  896.393951][T11042] bridge0: port 1(bridge_slave_0) entered disabled state
[  896.438005][T10996] bridge0: port 1(bridge_slave_0) entered blocking state
[  896.445208][T10996] bridge0: port 1(bridge_slave_0) entered forwarding state
[  900.818144][T11069] netlink: 80 bytes leftover after parsing attributes in process `syz.6.1350'.
[  901.933090][T11071] netlink: 'syz.5.1352': attribute type 10 has an invalid length.
[  901.966716][T11071] loop7: detected capacity change from 0 to 16384
[  902.624440][T11078] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  904.216999][T11086] loop2: detected capacity change from 0 to 7
[  904.237637][T11086] Dev loop2: unable to read RDB block 7
[  904.262377][T11086]  loop2: unable to read partition table
[  904.292323][T11086] loop2: partition table beyond EOD, truncated
[  904.322737][T11092] bridge0: port 1(bridge_slave_0) entered disabled state
[  904.374033][T11004] bridge0: port 1(bridge_slave_0) entered blocking state
[  904.381244][T11004] bridge0: port 1(bridge_slave_0) entered forwarding state
[  904.396819][T11086] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  905.096569][T11106] netlink: 228 bytes leftover after parsing attributes in process `syz.9.1361'.
[  905.733791][ T5917] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  905.999232][ T5917] usb 8-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  906.023803][ T5917] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  906.055150][ T5917] usb 8-1: config 0 descriptor??
[  906.987276][ T5917] kaweth 8-1:0.0: Firmware present in device.
[  907.000788][ T5917] kaweth 8-1:0.0: Error reading configuration (-71), no net device created
[  907.030422][ T5917] kaweth 8-1:0.0: probe with driver kaweth failed with error -5
[  907.194195][ T5917] usb 8-1: USB disconnect, device number 7
[  907.532858][T11123] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[  908.382679][T11128] bridge0: port 1(bridge_slave_0) entered disabled state
[  908.428727][T11000] bridge0: port 1(bridge_slave_0) entered blocking state
[  908.436048][T11000] bridge0: port 1(bridge_slave_0) entered forwarding state
[  908.595840][ T5917] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  908.938651][ T5917] usb 8-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  908.948107][ T5917] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  908.956430][ T5917] usb 8-1: Product: syz
[  908.960621][ T5917] usb 8-1: Manufacturer: syz
[  908.966442][ T5917] usb 8-1: SerialNumber: syz
[  908.974819][ T5917] usb 8-1: config 0 descriptor??
[  909.002889][ T5917] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  909.069308][T11137] netlink: 228 bytes leftover after parsing attributes in process `syz.5.1373'.
[  911.822338][ T1210] usb 8-1: USB disconnect, device number 8
[  912.339402][ T9165] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  912.352356][ T9165] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  912.360786][ T9165] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  912.372402][ T9165] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  912.408727][ T9165] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  912.619850][T11156] lo speed is unknown, defaulting to 1000
[  913.650435][T11168] loop7: detected capacity change from 0 to 16384
[  914.540345][ T9165] Bluetooth: hci0: command tx timeout
[  914.903290][T11170] bridge0: port 1(bridge_slave_0) entered disabled state
[  915.029690][T11156] chnl_net:caif_netlink_parms(): no params data found
[  915.190024][ T5981] bridge0: port 1(bridge_slave_0) entered blocking state
[  915.197301][ T5981] bridge0: port 1(bridge_slave_0) entered forwarding state
[  915.383834][T11180] snd_dummy snd_dummy.0: control 3:4:-2:syz0:2147483647 is already present
[  915.396870][T11180] autofs: Bad value for 'fd'
[  916.553909][ T9165] Bluetooth: hci0: command tx timeout
[  917.015427][T11179] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  917.024967][T11179] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  917.034751][T11179] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  917.181942][T11194] netlink: 'syz.6.1387': attribute type 3 has an invalid length.
[  917.189826][T11194] netlink: 'syz.6.1387': attribute type 1 has an invalid length.
[  917.197682][T11194] netlink: 216 bytes leftover after parsing attributes in process `syz.6.1387'.
[  917.208510][T11194] NCSI netlink: No device for ifindex 33022
[  917.663884][ T5895] IPVS: starting estimator thread 0...
[  917.933715][T11209] IPVS: using max 24 ests per chain, 57600 per kthread
[  918.008490][T11156] bridge0: port 1(bridge_slave_0) entered blocking state
[  918.235783][T11156] bridge0: port 1(bridge_slave_0) entered disabled state
[  918.574944][T11156] bridge_slave_0: entered allmulticast mode
[  918.595633][T11156] bridge_slave_0: entered promiscuous mode
[  918.614276][T11156] bridge0: port 2(bridge_slave_1) entered blocking state
[  918.621674][T11156] bridge0: port 2(bridge_slave_1) entered disabled state
[  918.627320][T11022] syz.8.1338 (11022): drop_caches: 1
[  918.629607][T11156] bridge_slave_1: entered allmulticast mode
[  918.642409][ T9165] Bluetooth: hci0: command tx timeout
[  918.650682][T11156] bridge_slave_1: entered promiscuous mode
[  919.835045][T11224] netlink: 'syz.7.1393': attribute type 10 has an invalid length.
[  920.100533][T11224] 8021q: adding VLAN 0 to HW filter on device team0
[  920.116724][T11224] bond0: (slave team0): Enslaving as an active interface with an up link
[  920.138338][T11224] loop7: detected capacity change from 0 to 16384
[  920.142127][T11156] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  920.417194][T11156] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  921.024010][ T9165] Bluetooth: hci0: command tx timeout
[  921.555507][T11156] team0: Port device team_slave_0 added
[  921.603080][T11156] team0: Port device team_slave_1 added
[  923.062958][T11156] batman_adv: batadv0: Adding interface: batadv_slave_0
[  923.203982][T11156] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  923.533421][T11156] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  923.565849][T11156] batman_adv: batadv0: Adding interface: batadv_slave_1
[  923.757364][T11156] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  924.456687][T11156] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  925.777388][T11156] hsr_slave_0: entered promiscuous mode
[  925.790962][T11156] hsr_slave_1: entered promiscuous mode
[  927.671391][T11000] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  927.943502][T11000] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  928.741957][ T9165] Bluetooth: hci3: command 0x0405 tx timeout
[  928.767050][T11000] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  928.854053][T11304] bridge0: port 1(bridge_slave_0) entered disabled state
[  928.877402][T11305] bridge0: port 1(bridge_slave_0) entered blocking state
[  928.884678][T11305] bridge0: port 1(bridge_slave_0) entered forwarding state
[  929.158411][T11000] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  929.531522][T11317] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  930.694022][T11000] bridge_slave_1: left allmulticast mode
[  930.699758][T11000] bridge_slave_1: left promiscuous mode
[  930.721864][T11000] bridge0: port 2(bridge_slave_1) entered disabled state
[  930.754668][T11000] bridge0: port 1(bridge_slave_0) entered disabled state
[  931.035381][T11331] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  933.235409][T11000] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  933.249182][T11000] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  933.260416][T11000] bond0 (unregistering): (slave team0): Releasing backup interface
[  933.270917][T11000] bond0 (unregistering): Released all slaves
[  933.400203][T11000] tipc: Disabling bearer <udp:syz2>
[  933.434315][T11000] tipc: Left network mode
[  935.542423][T11357] bond0: entered promiscuous mode
[  935.603856][T11357] bond_slave_0: entered promiscuous mode
[  935.634112][T11357] bond_slave_1: entered promiscuous mode
[  935.654173][T11357] team0: entered promiscuous mode
[  935.660111][T11357] team_slave_0: entered promiscuous mode
[  935.672173][T11357] team_slave_1: entered promiscuous mode
[  935.867708][T11000] hsr_slave_0: left promiscuous mode
[  935.907536][T11000] hsr_slave_1: left promiscuous mode
[  936.253084][T11000] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  936.311889][T11000] batman_adv: batadv0: Removing interface: batadv_slave_0
[  936.420255][T11000] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  936.548854][T11000] batman_adv: batadv0: Removing interface: batadv_slave_1
[  936.820583][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  937.045295][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  937.119883][T11000] veth1_macvtap: left promiscuous mode
[  937.126085][T11000] veth0_macvtap: left promiscuous mode
[  937.131866][T11000] veth1_vlan: left promiscuous mode
[  937.143734][T11000] veth0_vlan: left promiscuous mode
[  938.220630][T11000] team0 (unregistering): Port device team_slave_1 removed
[  938.388171][T11000] team0 (unregistering): Port device team_slave_0 removed
[  939.307600][T11156] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  939.321883][T11156] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  939.343435][T11156] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  939.379285][T11156] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  939.682583][T11156] 8021q: adding VLAN 0 to HW filter on device bond0
[  939.806338][T11156] 8021q: adding VLAN 0 to HW filter on device team0
[  940.714385][T11416] overlay: Unknown parameter 'y^\@\+\'
[  940.786262][ T6118] bridge0: port 1(bridge_slave_0) entered blocking state
[  940.793492][ T6118] bridge0: port 1(bridge_slave_0) entered forwarding state
[  940.976361][ T9600] bridge0: port 2(bridge_slave_1) entered blocking state
[  940.983716][ T9600] bridge0: port 2(bridge_slave_1) entered forwarding state
[  941.137986][T11420] bridge0: port 2(bridge_slave_1) entered disabled state
[  941.148135][T11420] bridge0: port 1(bridge_slave_0) entered disabled state
[  942.735728][T11438] netlink: 'syz.9.1447': attribute type 3 has an invalid length.
[  942.793824][T11438] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  943.175211][T11156] 8021q: adding VLAN 0 to HW filter on device batadv0
[  944.756621][T11156] veth0_vlan: entered promiscuous mode
[  944.827748][T11156] veth1_vlan: entered promiscuous mode
[  944.993415][T11156] veth0_macvtap: entered promiscuous mode
[  945.085441][T11156] veth1_macvtap: entered promiscuous mode
[  945.159179][T11156] batman_adv: batadv0: Interface activated: batadv_slave_0
[  945.180364][T11156] batman_adv: batadv0: Interface activated: batadv_slave_1
[  945.209499][T11156] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  945.226525][T11156] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  945.244169][T11156] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  945.265899][T11156] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  946.415214][T11016] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  946.423120][T11016] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  947.139212][T11478] xt_nat: multiple ranges no longer supported
[  947.190484][T11000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  947.229111][T11000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  947.888047][T11493] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1372'.
[  949.214242][T11507] FAULT_INJECTION: forcing a failure.
[  949.214242][T11507] name failslab, interval 1, probability 0, space 0, times 0
[  949.226980][T11507] CPU: 0 UID: 0 PID: 11507 Comm: syz.9.1464 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  949.227000][T11507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  949.227010][T11507] Call Trace:
[  949.227017][T11507]  <TASK>
[  949.227024][T11507]  dump_stack_lvl+0x189/0x250
[  949.227047][T11507]  ? __pfx____ratelimit+0x10/0x10
[  949.227064][T11507]  ? __pfx_dump_stack_lvl+0x10/0x10
[  949.227081][T11507]  ? __pfx__printk+0x10/0x10
[  949.227106][T11507]  ? __pfx___might_resched+0x10/0x10
[  949.227132][T11507]  should_fail_ex+0x414/0x560
[  949.227153][T11507]  should_failslab+0xa8/0x100
[  949.227171][T11507]  __kmalloc_cache_node_noprof+0x73/0x3d0
[  949.227189][T11507]  ? __get_vm_area_node+0x13f/0x300
[  949.227207][T11507]  __get_vm_area_node+0x13f/0x300
[  949.227227][T11507]  __vmalloc_node_range_noprof+0x301/0x12f0
[  949.227245][T11507]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  949.227271][T11507]  ? is_bpf_text_address+0x26/0x2b0
[  949.227306][T11507]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  949.227322][T11507]  ? __might_fault+0xb0/0x130
[  949.227338][T11507]  ? _parse_integer_limit+0x1ae/0x1f0
[  949.227360][T11507]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  949.227382][T11507]  __vmalloc_noprof+0xb1/0xf0
[  949.227399][T11507]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  949.227425][T11507]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[  949.227453][T11507]  bpf_prog_alloc+0x3c/0x1a0
[  949.227479][T11507]  bpf_prog_load+0x735/0x1930
[  949.227512][T11507]  ? __pfx_bpf_prog_load+0x10/0x10
[  949.227553][T11507]  ? bpf_lsm_bpf+0x9/0x20
[  949.227570][T11507]  ? security_bpf+0x7e/0x300
[  949.227591][T11507]  __sys_bpf+0x5f1/0x860
[  949.227615][T11507]  ? __pfx___sys_bpf+0x10/0x10
[  949.227647][T11507]  ? ksys_write+0x22a/0x250
[  949.227663][T11507]  ? __pfx_ksys_write+0x10/0x10
[  949.227675][T11507]  ? rcu_is_watching+0x15/0xb0
[  949.227698][T11507]  __x64_sys_bpf+0x7c/0x90
[  949.227719][T11507]  do_syscall_64+0xfa/0x3b0
[  949.227736][T11507]  ? lockdep_hardirqs_on+0x9c/0x150
[  949.227752][T11507]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  949.227767][T11507]  ? clear_bhb_loop+0x60/0xb0
[  949.227785][T11507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  949.227800][T11507] RIP: 0033:0x7f6488f8ebe9
[  949.227814][T11507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  949.227828][T11507] RSP: 002b:00007f6489d5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  949.227844][T11507] RAX: ffffffffffffffda RBX: 00007f64891b5fa0 RCX: 00007f6488f8ebe9
[  949.227855][T11507] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005
[  949.227865][T11507] RBP: 00007f6489d5b090 R08: 0000000000000000 R09: 0000000000000000
[  949.227875][T11507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  949.227884][T11507] R13: 00007f64891b6038 R14: 00007f64891b5fa0 R15: 00007ffc1627abe8
[  949.227907][T11507]  </TASK>
[  949.228089][T11507] syz.9.1464: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1
[  949.532514][T11507] CPU: 0 UID: 0 PID: 11507 Comm: syz.9.1464 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  949.532535][T11507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  949.532545][T11507] Call Trace:
[  949.532553][T11507]  <TASK>
[  949.532560][T11507]  dump_stack_lvl+0x189/0x250
[  949.532585][T11507]  ? __pfx_dump_stack_lvl+0x10/0x10
[  949.532603][T11507]  ? __pfx__printk+0x10/0x10
[  949.532623][T11507]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  949.532644][T11507]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  949.532665][T11507]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  949.532686][T11507]  warn_alloc+0x214/0x310
[  949.532710][T11507]  ? __pfx_warn_alloc+0x10/0x10
[  949.532729][T11507]  ? __get_vm_area_node+0x13f/0x300
[  949.532748][T11507]  ? __get_vm_area_node+0x2b5/0x300
[  949.532770][T11507]  __vmalloc_node_range_noprof+0x326/0x12f0
[  949.532789][T11507]  ? is_bpf_text_address+0x26/0x2b0
[  949.532824][T11507]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  949.532840][T11507]  ? __might_fault+0xb0/0x130
[  949.532856][T11507]  ? _parse_integer_limit+0x1ae/0x1f0
[  949.532878][T11507]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  949.532901][T11507]  __vmalloc_noprof+0xb1/0xf0
[  949.532917][T11507]  ? bpf_prog_alloc_no_stats+0x4a/0x4b0
[  949.532944][T11507]  bpf_prog_alloc_no_stats+0x4a/0x4b0
[  949.532972][T11507]  bpf_prog_alloc+0x3c/0x1a0
[  949.532998][T11507]  bpf_prog_load+0x735/0x1930
[  949.533031][T11507]  ? __pfx_bpf_prog_load+0x10/0x10
[  949.533071][T11507]  ? bpf_lsm_bpf+0x9/0x20
[  949.533094][T11507]  ? security_bpf+0x7e/0x300
[  949.533115][T11507]  __sys_bpf+0x5f1/0x860
[  949.533139][T11507]  ? __pfx___sys_bpf+0x10/0x10
[  949.533172][T11507]  ? ksys_write+0x22a/0x250
[  949.533189][T11507]  ? __pfx_ksys_write+0x10/0x10
[  949.533201][T11507]  ? rcu_is_watching+0x15/0xb0
[  949.533223][T11507]  __x64_sys_bpf+0x7c/0x90
[  949.533245][T11507]  do_syscall_64+0xfa/0x3b0
[  949.533262][T11507]  ? lockdep_hardirqs_on+0x9c/0x150
[  949.533279][T11507]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  949.533294][T11507]  ? clear_bhb_loop+0x60/0xb0
[  949.533312][T11507]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  949.533327][T11507] RIP: 0033:0x7f6488f8ebe9
[  949.533342][T11507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  949.533355][T11507] RSP: 002b:00007f6489d5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  949.533371][T11507] RAX: ffffffffffffffda RBX: 00007f64891b5fa0 RCX: 00007f6488f8ebe9
[  949.533382][T11507] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005
[  949.533392][T11507] RBP: 00007f6489d5b090 R08: 0000000000000000 R09: 0000000000000000
[  949.533401][T11507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  949.533411][T11507] R13: 00007f64891b6038 R14: 00007f64891b5fa0 R15: 00007ffc1627abe8
[  949.533435][T11507]  </TASK>
[  949.533452][T11507] Mem-Info:
[  949.821952][T11507] active_anon:12 inactive_anon:9369 isolated_anon:0
[  949.821952][T11507]  active_file:3920 inactive_file:509 isolated_file:0
[  949.821952][T11507]  unevictable:768 dirty:201 writeback:0
[  949.821952][T11507]  slab_reclaimable:11011 slab_unreclaimable:100908
[  949.821952][T11507]  mapped:36522 shmem:7083 pagetables:1020
[  949.821952][T11507]  sec_pagetables:0 bounce:0
[  949.821952][T11507]  kernel_misc_reclaimable:0
[  949.821952][T11507]  free:1360848 free_pcp:8612 free_cma:0
[  949.868373][T11507] Node 0 active_anon:48kB inactive_anon:37476kB active_file:15668kB inactive_file:1900kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:146076kB dirty:804kB writeback:0kB shmem:26796kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12008kB pagetables:3956kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  949.901848][T11507] Node 1 active_anon:0kB inactive_anon:0kB active_file:12kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:12kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  949.933506][T11507] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  949.962403][T11507] lowmem_reserve[]: 0 2500 2502 2502 2502
[  949.968211][T11507] Node 0 DMA32 free:1509072kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:37304kB active_file:14136kB inactive_file:1884kB unevictable:1536kB writepending:804kB present:3129332kB managed:2560996kB mlocked:0kB bounce:0kB free_pcp:30392kB local_pcp:7572kB free_cma:0kB
[  950.001629][T11507] lowmem_reserve[]: 0 0 1 1 1
[  950.006408][T11507] Node 0 Normal free:28kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:172kB active_file:1532kB inactive_file:16kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:152kB local_pcp:92kB free_cma:0kB
[  950.049533][T11507] lowmem_reserve[]: 0 0 0 0 0
[  950.054510][T11507] Node 1 Normal free:3918932kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:12kB inactive_file:136kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:3904kB local_pcp:2912kB free_cma:0kB
[  950.087280][T11507] lowmem_reserve[]: 0 0 0 0 0
[  950.092043][T11507] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  950.104918][T11507] Node 0 DMA32: 1927*4kB (UM) 386*8kB (UME) 961*16kB (UM) 1343*32kB (UME) 918*64kB (UME) 538*128kB (UME) 236*256kB (UM) 169*512kB (UM) 102*1024kB (UME) 42*2048kB (UME) 238*4096kB (UME) = 1509020kB
[  950.124400][T11507] Node 0 Normal: 3*4kB (M) 3*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 36kB
[  950.136805][T11507] Node 1 Normal: 193*4kB (U) 56*8kB (UE) 31*16kB (UME) 231*32kB (UME) 95*64kB (UME) 28*128kB (UM) 9*256kB (UM) 5*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 950*4096kB (M) = 3918932kB
[  950.154816][T11507] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  950.164421][T11507] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  950.175286][T11507] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  950.184912][T11507] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  950.194232][T11507] 11529 total pagecache pages
[  950.198925][T11507] 0 pages in swap cache
[  950.203080][T11507] Free swap  = 124996kB
[  950.207308][T11507] Total swap = 124996kB
[  950.211465][T11507] 2097051 pages RAM
[  950.215367][T11507] 0 pages HighMem/MovableOnly
[  950.220047][T11507] 424695 pages reserved
[  950.224229][T11507] 0 pages cma reserved
[  953.331678][T11528] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  953.374094][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  953.374113][   T30] audit: type=1326 audit(1755842899.155:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11523 comm="syz.0.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f4a18ebe9 code=0x7fc00000
[  953.410363][   T30] audit: type=1326 audit(1755842899.195:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11523 comm="syz.0.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f4a18ebe9 code=0x7fc00000
[  953.544783][   T30] audit: type=1326 audit(1755842899.195:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11523 comm="syz.0.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f4a18ebe9 code=0x7fc00000
[  953.600918][   T30] audit: type=1326 audit(1755842899.195:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11523 comm="syz.0.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f4a18ebe9 code=0x7fc00000
[  953.924524][T11540] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  954.472826][   T30] audit: type=1326 audit(1755842899.195:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11523 comm="syz.0.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f4a18ebe9 code=0x7fc00000
[  954.543676][   T30] audit: type=1326 audit(1755842899.195:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11523 comm="syz.0.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f4a18ebe9 code=0x7fc00000
[  954.572128][   T30] audit: type=1326 audit(1755842899.195:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11523 comm="syz.0.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f4a18ebe9 code=0x7fc00000
[  955.006921][   T30] audit: type=1326 audit(1755842899.195:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11523 comm="syz.0.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f4a18ebe9 code=0x7fc00000
[  955.203148][   T30] audit: type=1326 audit(1755842899.205:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11523 comm="syz.0.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f4a18ebe9 code=0x7fc00000
[  955.260388][   T30] audit: type=1326 audit(1755842899.205:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11523 comm="syz.0.1470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f4a18ebe9 code=0x7fc00000
[  955.426372][T11554] veth3: entered promiscuous mode
[  955.450756][T11553] netlink: 'syz.6.1477': attribute type 1 has an invalid length.
[  956.135814][T11559] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  957.796842][T11571] syzkaller0: entered promiscuous mode
[  957.839036][T11572] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  958.546053][T11571] syzkaller0: entered allmulticast mode
[  961.810810][T11604] FAULT_INJECTION: forcing a failure.
[  961.810810][T11604] name failslab, interval 1, probability 0, space 0, times 0
[  961.917496][T11609] netlink: 'syz.9.1493': attribute type 10 has an invalid length.
[  961.934812][T11609] loop7: detected capacity change from 0 to 16384
[  962.124988][T11604] CPU: 1 UID: 0 PID: 11604 Comm: syz.0.1492 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  962.125022][T11604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  962.125038][T11604] Call Trace:
[  962.125048][T11604]  <TASK>
[  962.125058][T11604]  dump_stack_lvl+0x189/0x250
[  962.125091][T11604]  ? __pfx_dump_stack_lvl+0x10/0x10
[  962.125124][T11604]  should_fail_ex+0x414/0x560
[  962.125145][T11604]  should_failslab+0xa8/0x100
[  962.125164][T11604]  __kmalloc_noprof+0xcb/0x4f0
[  962.125179][T11604]  ? kvm_io_bus_register_dev+0x14a/0x620
[  962.125206][T11604]  kvm_io_bus_register_dev+0x14a/0x620
[  962.125231][T11604]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  962.125246][T11604]  ? kvm_assign_ioeventfd_idx+0x94/0xa20
[  962.125273][T11604]  kvm_assign_ioeventfd_idx+0x603/0xa20
[  962.125309][T11604]  kvm_ioeventfd+0x1ee/0x330
[  962.125333][T11604]  kvm_vm_ioctl+0x942/0xc60
[  962.125350][T11604]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  962.125369][T11604]  ? do_vfs_ioctl+0xf37/0x1990
[  962.125403][T11604]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  962.125431][T11604]  ? kasan_quarantine_put+0xdd/0x220
[  962.125463][T11604]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  962.125481][T11604]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  962.125500][T11604]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  962.125519][T11604]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  962.125544][T11604]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  962.125588][T11604]  ? __lock_acquire+0xab9/0xd20
[  962.125610][T11604]  ? __asan_memset+0x22/0x50
[  962.125631][T11604]  ? smack_file_ioctl+0x302/0x340
[  962.125648][T11604]  ? __pfx_smack_file_ioctl+0x10/0x10
[  962.125671][T11604]  ? __fget_files+0x2a/0x420
[  962.125687][T11604]  ? __fget_files+0x3a0/0x420
[  962.125705][T11604]  ? __fget_files+0x2a/0x420
[  962.125725][T11604]  ? bpf_lsm_file_ioctl+0x9/0x20
[  962.125743][T11604]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  962.125758][T11604]  __se_sys_ioctl+0xfc/0x170
[  962.125784][T11604]  do_syscall_64+0xfa/0x3b0
[  962.125801][T11604]  ? lockdep_hardirqs_on+0x9c/0x150
[  962.125818][T11604]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  962.125833][T11604]  ? clear_bhb_loop+0x60/0xb0
[  962.125852][T11604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  962.125870][T11604] RIP: 0033:0x7f4f4a18ebe9
[  962.125885][T11604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  962.125899][T11604] RSP: 002b:00007f4f4b061038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  962.125916][T11604] RAX: ffffffffffffffda RBX: 00007f4f4a3b5fa0 RCX: 00007f4f4a18ebe9
[  962.125928][T11604] RDX: 0000200000000080 RSI: 000000004040ae79 RDI: 0000000000000004
[  962.125938][T11604] RBP: 00007f4f4b061090 R08: 0000000000000000 R09: 0000000000000000
[  962.125953][T11604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  962.125962][T11604] R13: 00007f4f4a3b6038 R14: 00007f4f4a3b5fa0 R15: 00007ffdfb9d6b88
[  962.125986][T11604]  </TASK>
[  963.146097][T11614] netlink: 'syz.7.1494': attribute type 4 has an invalid length.
[  963.162553][T11614] netlink: 'syz.7.1494': attribute type 4 has an invalid length.
[  964.856815][T11624] syzkaller0: entered promiscuous mode
[  964.863392][T11624] syzkaller0: entered allmulticast mode
[  966.963802][  T980] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  967.287166][  T980] usb 10-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  967.329949][  T980] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  967.400169][  T980] usb 10-1: config 0 descriptor??
[  967.652584][  T980] kaweth 10-1:0.0: Firmware present in device.
[  968.055895][  T980] kaweth 10-1:0.0: Statistics collection: a711405d
[  968.102649][  T980] kaweth 10-1:0.0: Multicast filter limit: 5ecb
[  968.162812][  T980] kaweth 10-1:0.0: MTU: 59971
[  968.186558][  T980] kaweth 10-1:0.0: Read MAC address 75:d6:87:8d:5d:12
[  968.325617][T11676] FAULT_INJECTION: forcing a failure.
[  968.325617][T11676] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  968.342706][T11676] CPU: 0 UID: 0 PID: 11676 Comm: syz.7.1513 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  968.342739][T11676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  968.342753][T11676] Call Trace:
[  968.342762][T11676]  <TASK>
[  968.342772][T11676]  dump_stack_lvl+0x189/0x250
[  968.342804][T11676]  ? __pfx____ratelimit+0x10/0x10
[  968.342828][T11676]  ? __pfx_dump_stack_lvl+0x10/0x10
[  968.342853][T11676]  ? __pfx__printk+0x10/0x10
[  968.342882][T11676]  ? __might_fault+0xb0/0x130
[  968.342916][T11676]  should_fail_ex+0x414/0x560
[  968.342946][T11676]  _copy_from_user+0x2d/0xb0
[  968.342978][T11676]  btf_new_fd+0x33a/0xc90
[  968.343015][T11676]  ? __pfx_btf_new_fd+0x10/0x10
[  968.343041][T11676]  ? bpf_token_put+0x143/0x160
[  968.343073][T11676]  ? bpf_btf_load+0x126/0x190
[  968.343096][T11676]  __sys_bpf+0x635/0x860
[  968.343130][T11676]  ? __pfx___sys_bpf+0x10/0x10
[  968.343176][T11676]  ? ksys_write+0x22a/0x250
[  968.343201][T11676]  ? __pfx_ksys_write+0x10/0x10
[  968.343234][T11676]  __x64_sys_bpf+0x7c/0x90
[  968.343265][T11676]  do_syscall_64+0xfa/0x3b0
[  968.343288][T11676]  ? lockdep_hardirqs_on+0x9c/0x150
[  968.343311][T11676]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  968.343333][T11676]  ? clear_bhb_loop+0x60/0xb0
[  968.343360][T11676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  968.343382][T11676] RIP: 0033:0x7f6d19b8ebe9
[  968.343408][T11676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  968.343428][T11676] RSP: 002b:00007f6d1aa04038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  968.343452][T11676] RAX: ffffffffffffffda RBX: 00007f6d19db5fa0 RCX: 00007f6d19b8ebe9
[  968.343469][T11676] RDX: 0000000000000028 RSI: 00002000000000c0 RDI: 0000000000000012
[  968.343483][T11676] RBP: 00007f6d1aa04090 R08: 0000000000000000 R09: 0000000000000000
[  968.343497][T11676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  968.343510][T11676] R13: 00007f6d19db6038 R14: 00007f6d19db5fa0 R15: 00007ffc1c6ccf28
[  968.343542][T11676]  </TASK>
[  968.569559][T11647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  968.578527][T11647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  968.768401][  T980] kaweth 10-1:0.0: Error setting SOFS wait
[  968.794214][  T980] kaweth 10-1:0.0: probe with driver kaweth failed with error -5
[  968.827082][  T980] usb 10-1: USB disconnect, device number 3
[  970.463960][T11695] bridge0: port 2(bridge_slave_1) entered disabled state
[  971.309776][T11705] loop4: detected capacity change from 0 to 7
[  971.321674][T11705] Dev loop4: unable to read RDB block 7
[  971.327472][T11705]  loop4: unable to read partition table
[  971.333366][T11705] loop4: partition table beyond EOD, truncated
[  971.339668][T11705] loop_reread_partitions: partition scan of loop4 (�被x������ ) failed (rc=-5)
[  971.363204][T11710] FAULT_INJECTION: forcing a failure.
[  971.363204][T11710] name failslab, interval 1, probability 0, space 0, times 0
[  971.402934][T11710] CPU: 1 UID: 0 PID: 11710 Comm: syz.9.1520 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  971.402967][T11710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  971.402980][T11710] Call Trace:
[  971.402989][T11710]  <TASK>
[  971.402998][T11710]  dump_stack_lvl+0x189/0x250
[  971.403029][T11710]  ? __pfx____ratelimit+0x10/0x10
[  971.403052][T11710]  ? __pfx_dump_stack_lvl+0x10/0x10
[  971.403086][T11710]  ? __pfx__printk+0x10/0x10
[  971.403121][T11710]  ? __pfx___might_resched+0x10/0x10
[  971.403144][T11710]  ? fs_reclaim_acquire+0x7d/0x100
[  971.403175][T11710]  should_fail_ex+0x414/0x560
[  971.403204][T11710]  should_failslab+0xa8/0x100
[  971.403230][T11710]  __kmalloc_noprof+0xcb/0x4f0
[  971.403251][T11710]  ? inotify_handle_inode_event+0x19b/0x5f0
[  971.403285][T11710]  inotify_handle_inode_event+0x19b/0x5f0
[  971.403322][T11710]  inotify_ignored_and_remove_idr+0x29/0x70
[  971.403352][T11710]  inotify_handle_inode_event+0x45d/0x5f0
[  971.403389][T11710]  fsnotify+0x1671/0x1a80
[  971.403412][T11710]  ? take_dentry_name_snapshot+0x157/0x500
[  971.403454][T11710]  ? fsnotify+0x735/0x1a80
[  971.403476][T11710]  ? __pfx_fsnotify+0x10/0x10
[  971.403503][T11710]  ? take_dentry_name_snapshot+0x29/0x500
[  971.403540][T11710]  __fsnotify_parent+0x3fe/0x540
[  971.403568][T11710]  ? __pfx___fsnotify_parent+0x10/0x10
[  971.403596][T11710]  ? opipe_prep+0xae/0x420
[  971.403620][T11710]  ? do_tee+0x4b4/0xe00
[  971.403661][T11710]  ? kill_fasync+0xa8/0x4d0
[  971.403695][T11710]  do_tee+0xa2a/0xe00
[  971.403747][T11710]  __se_sys_tee+0x93/0x130
[  971.403772][T11710]  do_syscall_64+0xfa/0x3b0
[  971.403796][T11710]  ? lockdep_hardirqs_on+0x9c/0x150
[  971.403818][T11710]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.403840][T11710]  ? clear_bhb_loop+0x60/0xb0
[  971.403867][T11710]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.403889][T11710] RIP: 0033:0x7f6488f8ebe9
[  971.403909][T11710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  971.403928][T11710] RSP: 002b:00007f6489d5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000114
[  971.403952][T11710] RAX: ffffffffffffffda RBX: 00007f64891b5fa0 RCX: 00007f6488f8ebe9
[  971.403967][T11710] RDX: 0000000000000003 RSI: 0000000000000009 RDI: 0000000000000007
[  971.403980][T11710] RBP: 00007f6489d5b090 R08: 0000000000000000 R09: 0000000000000000
[  971.403993][T11710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  971.404006][T11710] R13: 00007f64891b6038 R14: 00007f64891b5fa0 R15: 00007ffc1627abe8
[  971.404041][T11710]  </TASK>
[  971.797591][T11719] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1519'.
[  971.806590][T11719] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1519'.
[  971.823229][T11719] vlan2: entered allmulticast mode
[  973.149620][T11727] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  974.002432][T11734] netlink: 96 bytes leftover after parsing attributes in process `syz.7.1528'.
[  974.046950][T11734] netlink: 268 bytes leftover after parsing attributes in process `syz.7.1528'.
[  974.056462][T11734] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1528'.
[  976.240084][T11755] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  976.566344][T11753] netlink: 'syz.7.1531': attribute type 8 has an invalid length.
[  976.681558][T11760] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 4080
[  978.724312][T11778] netlink: 4400 bytes leftover after parsing attributes in process `syz.6.1538'.
[  979.313643][ T5902] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  979.385464][T11796] netlink: 'syz.7.1545': attribute type 10 has an invalid length.
[  979.953696][ T5902] usb 7-1: Using ep0 maxpacket: 16
[  979.959826][T11795] loop7: detected capacity change from 0 to 16384
[  980.037465][ T5902] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  980.058850][ T5902] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  980.099083][ T5902] usb 7-1: Product: syz
[  980.110325][ T5902] usb 7-1: Manufacturer: syz
[  980.131160][ T5902] usb 7-1: SerialNumber: syz
[  980.170177][ T5902] r8152-cfgselector 7-1: Unknown version 0x0000
[  980.201932][ T5902] r8152-cfgselector 7-1: config 0 descriptor??
[  981.465280][T11810] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1543'.
[  982.358204][ T5902] r8152-cfgselector 7-1: USB disconnect, device number 6
[  982.649372][T11823] overlayfs: upper fs does not support file handles, falling back to index=off.
[  985.110376][T11835] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  985.117002][T11835] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  985.143732][T11835] vhci_hcd vhci_hcd.0: Device attached
[  985.289891][T11837] vhci_hcd: connection closed
[  985.290462][ T6118] vhci_hcd: stop threads
[  985.336041][ T1210] vhci_hcd: vhci_device speed not set
[  985.393347][ T6118] vhci_hcd: release socket
[  985.432773][ T6118] vhci_hcd: disconnect device
[  985.601260][T11842] netlink: 'syz.6.1556': attribute type 4 has an invalid length.
[  985.631178][T11842] netlink: 'syz.6.1556': attribute type 4 has an invalid length.
[  986.133894][ T1210] usb 33-1: new full-speed USB device number 3 using vhci_hcd
[  986.141517][ T1210] usb 33-1: enqueue for inactive port 0
[  986.299027][ T1210] vhci_hcd: vhci_device speed not set
[  986.759346][T11854] loop7: detected capacity change from 0 to 7
[  986.873437][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  986.882971][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  987.966883][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  987.976088][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  988.009848][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  988.019130][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  988.032836][T11860] netlink: 'syz.9.1561': attribute type 10 has an invalid length.
[  988.053609][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  988.053870][T11860] netlink: 40 bytes leftover after parsing attributes in process `syz.9.1561'.
[  988.062829][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  988.085184][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  988.094410][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  988.113767][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  988.123030][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  988.125658][T11860] dummy0: entered promiscuous mode
[  988.137100][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  988.146339][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  988.155256][T11854] ldm_validate_partition_table(): Disk read failed.
[  988.162250][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  988.171500][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  988.195176][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  988.204417][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  988.223859][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  988.233078][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  988.249637][T11854] Dev loop7: unable to read RDB block 0
[  988.258663][T11854]  loop7: unable to read partition table
[  988.290914][T11854] loop7: partition table beyond EOD, truncated
[  988.439520][T11867] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  988.517954][T11867] fuse: Bad value for 'group_id'
[  988.523119][T11867] fuse: Bad value for 'group_id'
[  988.820752][T11860] bridge0: port 3(dummy0) entered blocking state
[  988.853791][T11854] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  988.883765][T11860] bridge0: port 3(dummy0) entered disabled state
[  988.890397][T11860] dummy0: entered allmulticast mode
[  988.902918][T11860] bridge0: port 3(dummy0) entered blocking state
[  988.909518][T11860] bridge0: port 3(dummy0) entered forwarding state
[  991.832186][T11892] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1569'.
[  992.654181][T11897] netlink: 'syz.5.1571': attribute type 3 has an invalid length.
[  994.997628][T11911] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1574'.
[  997.867665][T11949] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  998.244859][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  998.251363][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1000.341054][T11969] netlink: 'syz.9.1589': attribute type 21 has an invalid length.
[ 1000.384079][T11969] netlink: 128 bytes leftover after parsing attributes in process `syz.9.1589'.
[ 1000.411528][T11969] netlink: 'syz.9.1589': attribute type 5 has an invalid length.
[ 1000.454053][T11969] netlink: 3 bytes leftover after parsing attributes in process `syz.9.1589'.
[ 1001.559542][T11984] netlink: 40 bytes leftover after parsing attributes in process `syz.9.1594'.
[ 1003.939750][T12002] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.1599'.
[ 1003.983423][T12002] debugfs: Directory '�`]��I�q�!�>�s���*��!' with parent 'ieee80211' already present!
[ 1004.165119][T12011] syzkaller0: entered promiscuous mode
[ 1004.170955][T12011] syzkaller0: entered allmulticast mode
[ 1004.330174][T12013] syzkaller0: mtu greater than device maximum
[ 1007.841382][T12043] netlink: 28 bytes leftover after parsing attributes in process `syz.9.1610'.
[ 1007.890778][T12043] bridge0: port 4(syz_tun) entered blocking state
[ 1007.902392][T12043] bridge0: port 4(syz_tun) entered disabled state
[ 1007.912466][T12043] syz_tun: entered allmulticast mode
[ 1007.926389][T12043] syz_tun: entered promiscuous mode
[ 1007.938575][T12043] bridge0: port 4(syz_tun) entered blocking state
[ 1007.945295][T12043] bridge0: port 4(syz_tun) entered forwarding state
[ 1011.455753][T12083] overlayfs: failed to resolve './file1': -2
[ 1011.758492][T12089] loop4: detected capacity change from 0 to 7
[ 1011.767438][T12089] Dev loop4: unable to read RDB block 7
[ 1011.773134][T12089]  loop4: unable to read partition table
[ 1011.779260][T12089] loop4: partition table beyond EOD, truncated
[ 1011.785638][T12089] loop_reread_partitions: partition scan of loop4 (�被x������ ) failed (rc=-5)
[ 1011.863412][   T30] kauditd_printk_skb: 664 callbacks suppressed
[ 1011.863433][   T30] audit: type=1800 audit(1755842957.645:1020): pid=12091 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.9.1626" name="file0" dev="overlay" ino=685 res=0 errno=0
[ 1017.870158][T12146] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1639'.
[ 1017.879356][T12146] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1639'.
[ 1019.523647][ T5902] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[ 1019.572107][T12168] bridge0: entered allmulticast mode
[ 1019.581949][T12168] netlink: 'syz.0.1645': attribute type 49 has an invalid length.
[ 1019.627779][T12168] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1645'.
[ 1019.639424][T12168] bridge_slave_1: left allmulticast mode
[ 1019.647614][T12168] bridge_slave_1: left promiscuous mode
[ 1019.656016][T12168] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1019.670121][T12168] bridge_slave_0: left allmulticast mode
[ 1019.678745][T12168] bridge_slave_0: left promiscuous mode
[ 1019.687761][ T5902] usb 10-1: Using ep0 maxpacket: 8
[ 1019.699627][T12168] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1019.717836][ T5902] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1019.735154][ T5902] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1019.767096][ T5902] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1019.793924][ T5902] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1019.833757][ T5902] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1019.843012][ T5902] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1019.888356][T12168] bridge0 (unregistering): left allmulticast mode
[ 1020.170336][ T5902] usb 10-1: GET_CAPABILITIES returned 0
[ 1020.188558][ T5902] usbtmc 10-1:16.0: can't read capabilities
[ 1020.203233][T12179] loop4: detected capacity change from 0 to 7
[ 1020.214853][T12179] Dev loop4: unable to read RDB block 7
[ 1020.222174][T12179]  loop4: unable to read partition table
[ 1020.228048][T12179] loop4: partition table beyond EOD, truncated
[ 1020.234261][T12179] loop_reread_partitions: partition scan of loop4 (�被x������ ) failed (rc=-5)
[ 1020.575855][T12182] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1652'.
[ 1020.585028][T12182] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1652'.
[ 1023.348596][   T10] usb 10-1: USB disconnect, device number 4
[ 1027.677024][T12245] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1033.296551][T12293] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[ 1033.744456][T12285] orangefs_mount: mount request failed with -4
[ 1034.171433][T12294] orangefs_mount: mount request failed with -4
[ 1035.790387][T12310] 
[ 1035.792763][T12310] ======================================================
[ 1035.799794][T12310] WARNING: possible circular locking dependency detected
[ 1035.806827][T12310] 6.16.0-syzkaller #0 Not tainted
[ 1035.811874][T12310] ------------------------------------------------------
[ 1035.818930][T12310] syz.9.1687/12310 is trying to acquire lock:
[ 1035.825033][T12310] ffff88814234b358 (&disk->open_mutex){+.+.}-{4:4}, at: __del_gendisk+0x129/0x9e0
[ 1035.834294][T12310] 
[ 1035.834294][T12310] but task is already holding lock:
[ 1035.841688][T12310] ffff88814234a368 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160
[ 1035.851300][T12310] 
[ 1035.851300][T12310] which lock already depends on the new lock.
[ 1035.851300][T12310] 
[ 1035.861735][T12310] 
[ 1035.861735][T12310] the existing dependency chain (in reverse order) is:
[ 1035.870769][T12310] 
[ 1035.870769][T12310] -> #2 (&set->update_nr_hwq_lock){++++}-{4:4}:
[ 1035.879236][T12310]        lock_acquire+0x120/0x360
[ 1035.884294][T12310]        down_write+0x96/0x1f0
[ 1035.889083][T12310]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[ 1035.895359][T12310]        nbd_start_device+0x16c/0xac0
[ 1035.900758][T12310]        nbd_ioctl+0x636/0xeb0
[ 1035.905547][T12310]        blkdev_ioctl+0x5a8/0x6d0
[ 1035.910589][T12310]        __se_sys_ioctl+0xfc/0x170
[ 1035.915723][T12310]        do_syscall_64+0xfa/0x3b0
[ 1035.920768][T12310]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1035.927199][T12310] 
[ 1035.927199][T12310] -> #1 (&nbd->config_lock){+.+.}-{4:4}:
[ 1035.935057][T12310]        lock_acquire+0x120/0x360
[ 1035.940098][T12310]        __mutex_lock+0x182/0xe80
[ 1035.945140][T12310]        refcount_dec_and_mutex_lock+0x30/0xa0
[ 1035.951343][T12310]        nbd_config_put+0x2c/0x790
[ 1035.956474][T12310]        nbd_release+0xfe/0x140
[ 1035.961340][T12310]        bdev_release+0x533/0x650
[ 1035.966383][T12310]        blkdev_release+0x15/0x20
[ 1035.971430][T12310]        __fput+0x449/0xa70
[ 1035.975957][T12310]        fput_close_sync+0x119/0x200
[ 1035.981258][T12310]        __x64_sys_close+0x7f/0x110
[ 1035.986522][T12310]        do_syscall_64+0xfa/0x3b0
[ 1035.991566][T12310]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1035.997995][T12310] 
[ 1035.997995][T12310] -> #0 (&disk->open_mutex){+.+.}-{4:4}:
[ 1036.005845][T12310]        validate_chain+0xb9b/0x2140
[ 1036.011159][T12310]        __lock_acquire+0xab9/0xd20
[ 1036.016371][T12310]        lock_acquire+0x120/0x360
[ 1036.021409][T12310]        __mutex_lock+0x182/0xe80
[ 1036.026450][T12310]        __del_gendisk+0x129/0x9e0
[ 1036.031608][T12310]        del_gendisk+0xe8/0x160
[ 1036.036499][T12310]        loop_remove+0x42/0xc0
[ 1036.041309][T12310]        loop_control_ioctl+0x4ac/0x5a0
[ 1036.046888][T12310]        __se_sys_ioctl+0xfc/0x170
[ 1036.052029][T12310]        do_syscall_64+0xfa/0x3b0
[ 1036.057074][T12310]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1036.063594][T12310] 
[ 1036.063594][T12310] other info that might help us debug this:
[ 1036.063594][T12310] 
[ 1036.073829][T12310] Chain exists of:
[ 1036.073829][T12310]   &disk->open_mutex --> &nbd->config_lock --> &set->update_nr_hwq_lock
[ 1036.073829][T12310] 
[ 1036.088032][T12310]  Possible unsafe locking scenario:
[ 1036.088032][T12310] 
[ 1036.095500][T12310]        CPU0                    CPU1
[ 1036.100872][T12310]        ----                    ----
[ 1036.106294][T12310]   rlock(&set->update_nr_hwq_lock);
[ 1036.111605][T12310]                                lock(&nbd->config_lock);
[ 1036.118757][T12310]                                lock(&set->update_nr_hwq_lock);
[ 1036.126518][T12310]   lock(&disk->open_mutex);
[ 1036.131123][T12310] 
[ 1036.131123][T12310]  *** DEADLOCK ***
[ 1036.131123][T12310] 
[ 1036.139283][T12310] 1 lock held by syz.9.1687/12310:
[ 1036.144404][T12310]  #0: ffff88814234a368 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160
[ 1036.154447][T12310] 
[ 1036.154447][T12310] stack backtrace:
[ 1036.160352][T12310] CPU: 0 UID: 0 PID: 12310 Comm: syz.9.1687 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1036.160374][T12310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1036.160385][T12310] Call Trace:
[ 1036.160396][T12310]  <TASK>
[ 1036.160405][T12310]  dump_stack_lvl+0x189/0x250
[ 1036.160429][T12310]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1036.160449][T12310]  ? __pfx__printk+0x10/0x10
[ 1036.160472][T12310]  ? print_lock_name+0xde/0x100
[ 1036.160494][T12310]  print_circular_bug+0x2ee/0x310
[ 1036.160518][T12310]  check_noncircular+0x134/0x160
[ 1036.160541][T12310]  validate_chain+0xb9b/0x2140
[ 1036.160561][T12310]  ? trace_sched_exit_tp+0x38/0x120
[ 1036.160586][T12310]  ? __schedule+0x16c8/0x4c90
[ 1036.160610][T12310]  __lock_acquire+0xab9/0xd20
[ 1036.160628][T12310]  ? __del_gendisk+0x129/0x9e0
[ 1036.160649][T12310]  lock_acquire+0x120/0x360
[ 1036.160664][T12310]  ? __del_gendisk+0x129/0x9e0
[ 1036.160692][T12310]  __mutex_lock+0x182/0xe80
[ 1036.160710][T12310]  ? __del_gendisk+0x129/0x9e0
[ 1036.160731][T12310]  ? trace_irq_disable+0x37/0x110
[ 1036.160756][T12310]  ? preempt_schedule_irq+0xde/0x150
[ 1036.160772][T12310]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1036.160791][T12310]  ? __del_gendisk+0x129/0x9e0
[ 1036.160814][T12310]  ? __pfx___mutex_lock+0x10/0x10
[ 1036.160837][T12310]  ? __del_gendisk+0xc1/0x9e0
[ 1036.160858][T12310]  ? disk_del_events+0xb5/0x210
[ 1036.160881][T12310]  ? __del_gendisk+0xc1/0x9e0
[ 1036.160903][T12310]  __del_gendisk+0x129/0x9e0
[ 1036.160926][T12310]  ? del_gendisk+0xe0/0x160
[ 1036.160949][T12310]  ? __pfx___del_gendisk+0x10/0x10
[ 1036.160972][T12310]  ? down_read+0x1ad/0x2e0
[ 1036.160993][T12310]  del_gendisk+0xe8/0x160
[ 1036.161015][T12310]  loop_remove+0x42/0xc0
[ 1036.161043][T12310]  loop_control_ioctl+0x4ac/0x5a0
[ 1036.161061][T12310]  ? __pfx_loop_control_ioctl+0x10/0x10
[ 1036.161075][T12310]  ? __fget_files+0x2a/0x420
[ 1036.161096][T12310]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1036.161116][T12310]  ? __pfx_loop_control_ioctl+0x10/0x10
[ 1036.161131][T12310]  __se_sys_ioctl+0xfc/0x170
[ 1036.161166][T12310]  do_syscall_64+0xfa/0x3b0
[ 1036.161186][T12310]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1036.161204][T12310]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1036.161221][T12310]  ? clear_bhb_loop+0x60/0xb0
[ 1036.161240][T12310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1036.161258][T12310] RIP: 0033:0x7f6488f8ebe9
[ 1036.161275][T12310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1036.161292][T12310] RSP: 002b:00007f6489d3a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1036.161310][T12310] RAX: ffffffffffffffda RBX: 00007f64891b6090 RCX: 00007f6488f8ebe9
[ 1036.161323][T12310] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000005
[ 1036.161334][T12310] RBP: 00007f6489011e19 R08: 0000000000000000 R09: 0000000000000000
[ 1036.161345][T12310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1036.161355][T12310] R13: 00007f64891b6128 R14: 00007f64891b6090 R15: 00007ffc1627abe8
[ 1036.161375][T12310]  </TASK>
[ 1036.666222][T12313] syzkaller1: entered promiscuous mode
[ 1036.672024][T12313] syzkaller1: entered allmulticast mode
[ 1036.724994][T12316] pimreg: entered allmulticast mode
[ 1036.740606][ T5902] kernel write not supported for file /506/coredump_filter (pid: 5902 comm: kworker/0:6)
[ 1037.013854][ T5917] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[ 1037.166618][ T5917] usb 7-1: too many configurations: 204, using maximum allowed: 8
[ 1037.175817][ T5917] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1037.183420][ T5917] usb 7-1: can't read configurations, error -61
[ 1037.323668][ T5917] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[ 1037.474286][ T5917] usb 7-1: too many configurations: 204, using maximum allowed: 8
[ 1037.483570][ T5917] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1037.491214][ T5917] usb 7-1: can't read configurations, error -61
[ 1037.497853][ T5917] usb usb7-port1: attempt power cycle
[ 1037.844850][ T5917] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1037.864800][ T5917] usb 7-1: too many configurations: 204, using maximum allowed: 8
[ 1037.874262][ T5917] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1037.881955][ T5917] usb 7-1: can't read configurations, error -61
[ 1038.013734][ T5917] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1038.034660][ T5917] usb 7-1: too many configurations: 204, using maximum allowed: 8
[ 1038.044632][ T5917] usb 7-1: unable to read config index 0 descriptor/start: -61
[ 1038.052262][ T5917] usb 7-1: can't read configurations, error -61
[ 1038.059160][ T5917] usb usb7-port1: unable to enumerate USB device