last executing test programs:

12m26.086247233s ago: executing program 3 (id=196):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8804}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff2b)
getdents64(0xffffffffffffffff, &(0x7f0000002f40)=""/4098, 0x1002)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x5, &(0x7f00000001c0), 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x44810)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000020000000000000000000000095"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)=""/4077, 0xfed}], 0x1}, 0x9}], 0x1, 0x2000, 0x0)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="180100002e"], 0x118}], 0x1, 0x0, 0x0, 0x48085}, 0x0)

12m21.943921528s ago: executing program 3 (id=211):
openat$pidfd(0xffffffffffffff9c, 0x0, 0x75f081, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x2, 0x3a)
r3 = dup(r2)
bind$unix(r3, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000004300)={&(0x7f0000000240)={0x24, r5, 0x1, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x404c804}, 0x20000004)
ioctl$KVM_SET_BOOT_CPU_ID(r3, 0xae78, &(0x7f0000000000)=0x1)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000180), 0x3}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0)
unshare(0x400)
r6 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00')
lseek(r6, 0x4, 0x4)
r7 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f00000000c0)=0x20)
ioctl$SNDCTL_DSP_STEREO(r7, 0xc0045003, &(0x7f0000000600)=0x180004)
write$binfmt_elf32(r7, 0x0, 0x4cd)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r3, 0xc018937a, &(0x7f0000000280)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'})
syz_emit_ethernet(0x1b, &(0x7f0000000040)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2}, @void, {@llc_tr={0x11, {@snap={0xaa, 0xaa, 'S', "ee3de0", 0x892f, "ff81240921"}}}}}, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000000100)=0x1)
write$dsp(r7, &(0x7f0000000140)="755a5398d512d39077459e67ee110daaf0413bc745ef85b89f2141d513969bd8", 0xffaa)

12m13.791663056s ago: executing program 3 (id=219):
r0 = openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/smackfs/load-self2\x00', 0x2, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0', [{0x20, ')+'}, {0x20, '[k'}, {0x20, 'B-+'}, {0x20, 'hostdata'}, {0x20, '*'}], 0xa, '\vT'}, 0x22)
ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f0000000740)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffb}, 0x94)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000240)={0xb, <r2=>r1, 'id0\x00'})
ioctl$sock_ax25_SIOCADDRT(r2, 0x890b, &(0x7f00000003c0)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, 0x7, [@bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000800), 0x0, 0x48800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

12m11.815689427s ago: executing program 1 (id=224):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x24, r4, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x24}}, 0x20000000)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010027bd7000fcdbdf25020000000800010000"], 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r5}, 0x18)

12m11.805831398s ago: executing program 3 (id=225):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x9, 0x0, 0x0)
setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000000)=0x800, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x200}}, &(0x7f0000000100)='GPL\x00'}, 0x94)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0)
sendfile(r5, r4, 0x0, 0x6)
read$watch_queue(r5, &(0x7f0000000540)=""/4096, 0x1000)
r6 = gettid()
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)=<r7=>0x0)
timer_settime(r7, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r8 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x40200, 0x0)
preadv2(r8, &(0x7f0000000180)=[{&(0x7f0000000000)=""/167, 0xa7}], 0x1, 0x0, 0x4, 0x1)
r9 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000240)={&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000001540)="8c4a9cff497b9cdaf9d504d153e5adcbd9ac975419c349e65e8c6234d08f23df10b3df566db8342a4ee26a2d8f5e50c6cdc3ceb8495690a9364a12938f1171b6ea8513750424c93827357d7bba8ce3e6fdd5ac24330d3e66ea8639d9f1aa4cb93f460dd33f9c0b550f161bfaa7632b2ae73de4622c8161b71f82245e8f8f801b56d5035081cb020afe2513adfb5953e7b039c27c826a21178e54e2", 0x9b, r1}, 0x68)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYRES64=r9, @ANYBLOB], 0x10)
syz_open_dev$MSR(0x0, 0x0, 0x0)

12m6.410261231s ago: executing program 1 (id=226):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xa83b, 0x10, 0x2}, &(0x7f0000000340)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x342)
ioctl$USBDEVFS_SETINTERFACE(r5, 0x80085504, &(0x7f0000000180)={0x2000})
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, &(0x7f0000000440)=0x8, 0x4)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x8980}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a02001fc3fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r0, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
shutdown(r0, 0x0) (async)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xa83b, 0x10, 0x2}, &(0x7f0000000340), &(0x7f00000000c0)) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) (async)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x342) (async)
ioctl$USBDEVFS_SETINTERFACE(r5, 0x80085504, &(0x7f0000000180)={0x2000}) (async)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, &(0x7f0000000440)=0x8, 0x4) (async)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
sendmmsg$inet6(r4, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="af", 0x8980}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f789c4f13982b65996d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}, {&(0x7f00000003c0)="439e9c06fc666cabc8569d63a866b31ff3ceda1e28f23f455e96a02001fc3fb089ed9e5234", 0x25}], 0x2}}], 0x2, 0x0) (async)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r0, 0x0, 0x0, 0x0, 0x80000}) (async)
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) (async)

12m6.409607573s ago: executing program 2 (id=227):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair(0xa, 0x1, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000540)=@mangle={'mangle\x00', 0x64, 0x6, 0x7b0, 0x120, 0x568, 0x420, 0x568, 0x568, 0x6e0, 0x6e0, 0x6e0, 0x6e0, 0x6e0, 0x6, 0x0, {[{{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}, @common=@inet=@length={{0x28}, {0x7, 0xb0, 0x1}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00', {}, {0xff}}, 0x0, 0x1d0, 0x218, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@recent0={{0xf8}, {0x9, 0x58, 0x4, 0x1, 'syz0\x00', 0x9}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv6=@mcast2}}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x810)
sendto$inet6(r0, &(0x7f0000000080)="535ec5637c1d584f210ec8c50b445eeaa9b38da8a1332c5a7bba4f0f4ac97ecc2ad57487637d9f62606d6de6c7a8c409fb73b6c905f600b0172edacd0966897480ad6d67a20d1791f48b2482c060e10ab5b796", 0x53, 0x8001, 0x0, 0x0)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000100)={0xc})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="1c000000180081064e81f782db4cb904231d0800fe007c05e8fe55a1", 0x1c}], 0x1}, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f00000001c0)={0x9, 0x1, 0x0, "167e94e3cbad028b080b539d0b6723df0f531c39546c4793d1e0d12c5a9af456"})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), 0xffffffffffffffff)

12m6.377213172s ago: executing program 0 (id=228):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, 0x0, 0x0)
r2 = accept(r0, 0x0, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000300)=0x20000000)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="12000000040000"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000080), &(0x7f00000002c0)=@tcp=r2}, 0x20)
recvmsg$can_bcm(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000540)={'c6xdigio\x00', [0x109, 0x80008000, 0x86c, 0xa, 0x0, 0x0, 0x1, 0xf, 0x1000, 0x1, 0x8, 0x5, 0x6, 0x1, 0x1138fce9, 0x6, 0xffffffa7, 0x2000001, 0xfffffffd, 0x65c, 0x3ff, 0x10004, 0x800, 0xe2df, 0x9, 0x6, 0x4, 0x3, 0x7, 0xffffffff, 0x5]})
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x8, 0x12, r4, 0xfae76000)

12m5.68518924s ago: executing program 3 (id=229):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="9feb01001800000c0000000600000008000000000000081300bd5e1d786851244f35bae976c37704d900bce9bce901b2c223e38519f62cb71cac1e07b4d5128f3b1b1429c06d61eca1b71ae0ba"], &(0x7f00000004c0)=""/178, 0x2a, 0xb2, 0x1, 0xa3100000, 0x10000}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f000001b000)=ANY=[@ANYRES8=r0, @ANYBLOB="43d6e61cd99c14bf429ebcde2a2b6518df2eead77148eb1037e3ac1269acae40d45ad5eb059b7c152233da30b6cc90e47c17087b85371eb3d0bdd8be159e6f34210c4c312733a8bffba427fc6aebc308a17d6dc16fb2ae81e8c29d8acd74e45267aece53ac796b9e2c63ab2795205dcd8818bd3e476fa9be6b243d5178b41258133f5a86ee9f6a485b954c7d667d34603e02eec570cc1090fd8bd233ebd2acbc95d577b36ff49591331702b88f3eb1052a5d76f4f3a62d33d3cfe36e16a2de184be11e713cb2b65c6c4f16c27076ebcfdfd83432fb676152316e75f5580c0ee8897f8b843e5305530cbf6c067e7a67c47ff8cfb624c871ade8299ce14fe6b13bbed6c2089d0a4dd2f808ddd2b3faa360bf024bcd24b4683c7dab492d8259165a1221ca714fe2415a5c0414a17628afd8bad076b904f9e66cab1d5519d60e7b5f5e956f1001750705d7248e6f3e80b6d6740fe7b484523dce7f533779489723e96f09a73497e02360c1a585a66c0e4468372b73c82e79a4d450913c349c3d45ef909a43e14117f1f311de99158e5ce8b64926edbb0d2444f44cf1852f587a49fcb183f80ce06c6874725c420d2e09627293a6d6e0c25ffcd82bcd720ceae7e1601b057547932b24844c1be4446811c30a618c7373cc2c4a0ad7849339052fde03845b193bcc780d4a0af8e04aa94b4500d7479bdf050e7fde9fb65c6b8910e951fb93c92b36988cf0acdaf003f2afe5f6f12724a9eccf85ede7420f029933211efff235e1e45c1ab732183944e63628ac6fd4e8199ca23217097980dd4618c4218f7ac8870e05c20754b75aac8ef6b82861f9d18dbb1c532e29bd93af7d858cf9ad5a2bc1519911806c3b3162a5adaf03175ae1187d82f15a436db8ef531a4e19c20c167864ab8fc7072bc1f2012d21c2069816c81960cbc1b0e99daeb4fe910ac2965814efb6e3409874eef01b1c83ea791f4568bf8fee513710e70f81125cc92161f9835a2dfd283cd6f4082c48b56a79d943bdb63de990a8896c5cf97a6ad649bc1362123774a69f2302fab73a8f1d0672208a07dc080bd5dc2bcb1d5507dbd54ffb0bd49a9fb3f5a26eeca93b1614af7188bcd164cb5fbf8f4906a6d0c730d81098605ba22bf23dfd048079840301f63424304946ae4c26a80d9150f41eb22bfa58266da1f63fd6767fff57addd44195e30ed4f80b2ab31f199a9933f3276fe23026f9708ee4c36079046a920e64bfcf9285075b9d58f2bb569b4bbbb08c224e2cb30fabedd4d5f580f2f1702f309e939c61b714b173ae55d4498017c8c7f5776a9173e2066a2e63f59db2e6ad50519a94add662c846393d0ed36873e05f2f42053dc49e2efb0f7bcb7531ec67b93f4942a28fdff024eba780b914572374504bdbb85d5a730fb6f419ffbb9e131b4fd36772186572bc19825535b74003641a1ff7f00f770517b6817ea59d57fc89a81ac2fbd6ad072ca8068ae59d38a9c311925b91ce8f6e9177ba3d4b11869da29bc4b83658da6ac0376d0360aaf5888875c106ff0a85790b94406f2b7dd96f5f6f9c6da5d34ec8096f533e1090f41ffd8d8e3896785db705f8521f58b587935239e23ccee3e1cf5d58e460a2a7acb3fe53d31da0cac907107a765fa50eae46778960cfb68d32dd6e7c7e0355547dc248283b1c0d52034536cf23f0ad38eb9a4ed7928036434914f8f607aeed661bb648360456a9c7677adf09fc53392e436411c4dd539d05f3b3d321eafac0a6e6cdf3ea00b0c8ed38cc609797b6b0cbf67343edd1a85d5e6a069e1e50def53f94bebf34a564b66d76a97c43586156e77f8eab060e6673e8fe6c2888c4f276b6c3249e9fb7b308aeb68f9aea07570daa188f5150b5de26f59d28791a1e700cd2c834024e5d0ad969c014c4c2778caed443f758ffa7c9a77cdb162669570d2100ce472cb46f5d1aef8d4a0753864208a442555ae4a60a05bcb503b30eece289b5c20a90e33368328916a0e33d393c783ae7ecc3519626223535bdd98b0b5f74b4409969273ee336809c96cad5d47df8c0325203ee1b49f0f55d3df845d8be99e12c030a3117b989b6d22dd8697f0c198f74707607c8996e0554b07d9a60979ef4eedf865fe1806338f3d899c8b2ddec30c6176c97867267ed9eac7ac67bd136c894be78bb48632c3f64c4250203ee91ebecf51059c9533b1935bcd2b9523bd9dad7ceaded0b4c2b1217e96ba4543a34532e8c63d7e25a32d89edb6b327ac07b64cd9cefad2c6e3b71789cdf6d340e2baaf5d373e5a5cf134edc8c3e4717bd33fee7b80168e797c92e71e2dca7e80caa890d57ef37775b23c7f6b9e21dee6bdf415e0576fd3037d8852b467b6d3c380410537496659b79b10cf3d6e85030a9e77db3705294688530a7ae414219fa36cd4e1390090594d4c6855895f62e13e50eecd02fef8216b1b24ebc53265a55217411748e4cec6de6ad6b863f86ccda11a3b64362d459157954370c753ae3ea15964d3b6658f72fa80d9616624507cc083269f31e4fa7b383c46b32c57b9eb7290a2262d3961b4b8eb665545dca2ca0e154ad92252b24b0731a929404c6df0c8b6a2d4ee9837b4098522ec5eb1b469f14d11b2122766488bb477ba50f7302e92b8c61e8018ab14589bc957816ab203c394db069a508194a6c3c89f858cf96b87e94a37d92be1fdf5b80c78aaa7b91aa6ec37dad9bf7a6fa8009da5781a3f964fc15f7d0af663cdb573d65bd946089dd491adc4455b2e37074d38121c8a95fdcef8e2b651c600a5e1ff20bcdd4aaa9271b379b8540446852bfc443cf5ff98c601c8951423b04859c1c7e67527f52134ceee7462c15617054906fb40c796cb009425c9ba316c46a7f37ae89e4e5f036435ec9d6d6948d8", @ANYRES64, @ANYRESDEC=0x0, @ANYRES32, @ANYBLOB="00000000fcffffff0200"/28], 0x50)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000000201000000000000000000000000000008002640000020020600124000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x9)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SOUND_MIXER_READ_RECMASK(r3, 0x80044dfd, &(0x7f00000000c0))
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000ec03010000000000008b7bd1a89687b9230000000000000a28000000020a050500000000000000000300000408000240000000010c000440000000000000000414000000fb03010000000000000000000a00000a"], 0x50}, 0x1, 0x0, 0x0, 0x200000e5}, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r4, 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x1, 0x70bd28, 0x0, {{@in6=@local, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16, 0x0, 0xffffffffffffffff}, {@in=@rand_addr=0x64010102, 0x0, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {}, {0xd997}, {}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x67}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)

12m4.886149885s ago: executing program 0 (id=230):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000000)={0x7, 0x0, [{0x8cd, 0x0, 0x1}, {0xa76, 0x0, 0x7}, {0x40000093, 0x0, 0x8}, {0x8000002f, 0x0, 0x5}, {0xad953cbe427b124f, 0x0, 0x80000001}, {0x61c}, {0x83c, 0x0, 0x64c}]})
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
ioctl$UI_DEV_DESTROY(r1, 0x5502) (async)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
shutdown(r2, 0x0) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r4=>0x0}) (async)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)=<r5=>0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r6=>0x0})
r7 = syz_clone3(&(0x7f0000000380)={0x44010a00, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240), {0x37}, &(0x7f0000000280)=""/95, 0x5f, &(0x7f0000000300)=""/14, &(0x7f0000000340)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58)
r8 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r3, &(0x7f00000004c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x44, 0x0, 0x200, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x50}, @val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_PID={0x8, 0x52, r5}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_PID={0x8, 0x52, r7}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r8}]}, 0x44}}, 0x80)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r3)
sendmsg$NL80211_CMD_GET_SURVEY(r3, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x3a2553fd26a0155b}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x28, r9, 0x400, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0xfffffffa, 0x67}}}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x901}, 0x20000041) (async, rerun: 32)
lsetxattr$trusted_overlay_upper(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680), &(0x7f00000006c0)={0x0, 0xfb, 0xd3, 0x5, 0x40, "b82d570c30648765606914ee77832122", "f709794049c86023b7603a3a2a223e62f0fc4baf8b9639ca8dad03ba29d1423aa9fae7c3f3bb89d9ff3591a1c9bf3ad6ac0d0408b0d665445d81b8e62480bc10acde0728e3239dff1be4c0d0b960de272a9e1b95cedf3f8cbd67ae348731fb989f8e3f8d5e650bf10d872f45d1661435cd77cf8a6b37b4aa75e52cb8098846efe7b4c4d7e05fc7dced53d1d6723812a6f225b3f4a86ae347568a0ab13728d63385ef65621b6a067ffb23baa7f86e2bd7d2c663c350fe936557ce7be16793"}, 0xd3, 0x3) (rerun: 32)
openat$cgroup_int(r8, &(0x7f00000007c0)='cpuset.sched_load_balance\x00', 0x2, 0x0) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000840), r3)
sendmsg$TIPC_NL_LINK_GET(r10, &(0x7f0000000980)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000940)={&(0x7f0000000880)={0xa4, r11, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x90, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x13, 0x1, @l2={'eth', 0x3a, 'veth0_vlan\x00'}}, @TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffce4}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @local}}, {0x14, 0x2, @in={0x2, 0x4e23, @rand_addr=0x64010101}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000090}, 0x0) (async, rerun: 64)
r12 = socket$rds(0x15, 0x5, 0x0) (rerun: 64)
setsockopt$RDS_CANCEL_SENT_TO(r12, 0x114, 0x1, &(0x7f00000009c0)={0x2, 0x4e22, @rand_addr=0x64010102}, 0x10)
r13 = inotify_init1(0x0)
inotify_add_watch(r13, &(0x7f0000000a00)='./file0\x00', 0x26000021)
r14 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000a40), 0x1, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000ac0)={r7, r14, 0x0, 0x7, &(0x7f0000000a80)='TIPCv2\x00'}, 0x30) (async)
r15 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$LOOP_SET_FD(r14, 0x4c00, r15)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001b40)={&(0x7f0000000b00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x4, [@enum={0x0, 0x1, 0x0, 0x6, 0x4, [{0x7, 0xd}]}]}, {0x0, [0x30, 0x2e]}}, &(0x7f0000000b40)=""/4096, 0x30, 0x1000, 0x0, 0x3ff}, 0x28) (async, rerun: 64)
ioctl$TUNSETOFFLOAD(r14, 0x400454d0, 0xa) (rerun: 64)

12m4.573302038s ago: executing program 0 (id=231):
r0 = creat(&(0x7f00000000c0)='./file1\x00', 0x67)
close(r0)
r1 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x140, 0x5c, 0x160, 0x140, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'wg1\x00', {}, {0x222cecdb0fb5a62a}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}, @common=@unspec=@state={{0x28}, {0xfffffffd}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @private2, [], [0xff], 'veth1_to_hsr\x00', 'dummy0\x00', {}, {}, 0x88}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20004000)
listen(r1, 0x9)
bind$rds(r1, &(0x7f0000000440)={0x2, 0x4e24, @multicast1}, 0x10)
socket$inet_sctp(0x2, 0x5, 0x84)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @private2, @loopback, 0x800001, 0x6, 0x2, 0x500, 0x80000001, 0x6820213})
setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f00000000c0)=0x8, 0x4)
r4 = dup(r3)
bind$unix(r4, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x4e, &(0x7f0000000040)=0x7, 0x4)
r6 = dup(r5)
bind$unix(r6, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
bind$unix(r2, &(0x7f0000003000)=@file={0x1}, 0xc)
listen(r2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000001200), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="7472616e02000000000000006e6f3d", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=','])

12m4.572212151s ago: executing program 1 (id=232):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = syz_open_dev$media(&(0x7f00000001c0), 0x10, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r3, 0xc0487c04, &(0x7f0000000040)={0x0, 0x6, 0x0, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xfffffffd}, 0x50)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000600)={'team0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000800)=@newqdisc={0x9c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x6c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100], [0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0xc, 0x0, 0x1, [{0x4, 0x4}]}]}}]}, 0x9c}}, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000005c0)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x9, 0x1, 0x2, 0x2, 0xd, 0x6e}, 0x20)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r5, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000380)={0x0}}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x6}, {0x66, 0x0, 0x0, 0x80ffffff}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x1, 0x5, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000240)={0x6, r1, 'id1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r9, 0xc008561c, &(0x7f0000000040)={0xf0f080, 0x1})

12m3.886683806s ago: executing program 2 (id=233):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
futex_waitv(&(0x7f0000001080), 0x0, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newsa={0x138, 0x10, 0x1b020ba487bfd163, 0x70bd29, 0x25dfdbfd, {{@in6=@local, @in6=@local}, {@in6=@private1, 0x0, 0x33}, @in6=@empty, {0x0, 0x0, 0x4, 0x0, 0xb, 0x0, 0xffffffffffffffff, 0xfffffffffffffffc}, {0x0, 0x255d053e}, {0x0, 0x0, 0x40000000}, 0x3, 0x0, 0xa}, [@algo_auth={0x48, 0x1, {{'cmac(aes)\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x40000}, 0x4004)
r3 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0x20, 0x2, [@TCA_FLOW_EMATCHES={0x1c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x4}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0xc, 0x1, 0x0, 0x0, {{0x81}}}]}]}]}}]}, 0x50}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
socket$alg(0x26, 0x5, 0x0)
userfaultfd(0x80001)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x20800, 0x0)
ioctl$RTC_UIE_ON(r6, 0x7003)
ioctl$RTC_SET_TIME(r6, 0x4024700a, 0x0)

12m3.679747978s ago: executing program 0 (id=234):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_GETMODE(r0, 0x5601, &(0x7f0000000040))
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20040018}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000180)='./file1\x00', 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0)
mknodat(r2, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
mount$nfs(0x0, &(0x7f00000001c0)='./bus\x00', 0x0, 0x801021, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
truncate(&(0x7f0000000040)='./file1\x00', 0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x6000, 0x1)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)

12m0.215420656s ago: executing program 1 (id=235):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r0)
write$dsp(0xffffffffffffffff, &(0x7f0000000880), 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000040)={0x1, 0xff, 0x1f})
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(r1, 0x0, 0x0)
ioctl$SNDCTL_SEQ_PANIC(r2, 0x5111)
ioctl$SNDCTL_SEQ_PANIC(r2, 0x5100)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(&(0x7f0000000180)=@filename='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)='pvfs2\x00', 0x11, 0x0)
syz_emit_ethernet(0xfdef, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "92c01f", 0x8, 0x2f, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @private}, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x6558, 0x0, 0x12}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21}, {}, {0x8, 0x88be, 0x4305000f}}}}}}}, 0x0)

11m59.597369314s ago: executing program 2 (id=236):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x24, r4, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x24}}, 0x20000000)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010027bd7000fcdbdf25020000000800010000"], 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0xc0)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r5}, 0x18)

11m59.592676871s ago: executing program 3 (id=237):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000)
mbind(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x1, 0x0, 0xc, 0x0)
get_mempolicy(0x0, 0x0, 0x100000020000200, &(0x7f0000ff7000/0x2000)=nil, 0x2)
prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000004000/0x3000)=nil)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = eventfd(0x0)
io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xc2, r1, 0x0, 0x0, 0x36}])
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0x4018aee2, &(0x7f0000000040))
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x80, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_tunnel_key={0x68, 0x1, 0x0, 0x0, {{0xf}, {0x38, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xc, @local}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}}, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0xea, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000280)={<r5=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000240)={r5, 0x0, r3})

11m59.014289068s ago: executing program 0 (id=238):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8804}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff2b)
getdents64(0xffffffffffffffff, &(0x7f0000002f40)=""/4098, 0x1002)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x5, &(0x7f00000001c0), 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x44810)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000020000000000000000000000095"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)=""/4077, 0xfed}], 0x1}, 0x9}], 0x1, 0x2000, 0x0)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="180100002e"], 0x118}], 0x1, 0x0, 0x0, 0x48085}, 0x0)

11m57.433047907s ago: executing program 32 (id=221):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xe8381, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000740)={0x409, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", <r4=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000028c0)={'vxcan1\x00', &(0x7f0000000780)=@ethtool_rx_ntuple={0x35, {0x6, @sctp_ip4_spec={@multicast1, @loopback, 0x4e20, 0x4e23, 0xf}, @tcp_ip4_spec={@multicast2, @local, 0x4e24, 0x4e21, 0x5a}, 0x7ff, 0xf, 0xbfa, 0x4, 0xfffffffffffffffe}}})
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000300)={<r5=>0x0, 0x6, 0x0, [0x1d7c, 0x4, 0x9, 0x7, 0x8e], [0x8000400, 0x6, 0x4, 0x3, 0xfffffffffffffff1, 0x95e, 0x7, 0xa8, 0x3, 0xffffffffffffff9c, 0x6, 0x0, 0x6, 0x4, 0x930, 0x7, 0x65a, 0x9, 0x2, 0xff, 0x4, 0x80, 0x3, 0x5, 0x1, 0xfff, 0x5, 0x200, 0x400, 0x5, 0x5, 0x8, 0x5, 0x33, 0x9, 0x1f0, 0x0, 0x1, 0x2, 0x1, 0x1, 0x8, 0x101, 0x25c, 0x9, 0x3, 0x9, 0x9, 0x100, 0x8, 0x6, 0x7, 0x9, 0xffffffffffffffff, 0x1, 0x5, 0x400005, 0x7, 0x7, 0x5, 0x1ff, 0x7fffffffffffffff, 0x4, 0x80000000, 0x7000000000000000, 0x7, 0x20405, 0x40, 0x7, 0x7, 0x18000000000, 0xb81, 0x3, 0xf909, 0xfc, 0x5, 0x3, 0xfff, 0x8, 0x8, 0x8, 0x7, 0xfffffffffffffc0e, 0x7, 0xffffffffffffffff, 0x8, 0xd, 0x80000000, 0xffffffff, 0xffff, 0x9, 0x0, 0x6, 0x8000, 0x6, 0xc, 0x0, 0x7, 0x586, 0xfffffffffffffffe, 0x2, 0x8001, 0x9, 0xe7, 0x5, 0xe55, 0x7, 0x620, 0x300, 0x3, 0x5, 0x380000000000000, 0x100, 0x7b08, 0x2, 0x8, 0x5, 0x401, 0x0, 0xffffffffffffffff, 0x100000001]})
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000bc0)={r5, 0x6, 0x0, [0x81, 0x751d, 0x2, 0x505, 0x4], [0x10, 0xa, 0x10001, 0x1, 0x1800000000000, 0xe, 0x101, 0x0, 0x1, 0x4, 0x1, 0x7, 0x2, 0x3, 0x7, 0x0, 0x1, 0x401, 0x6, 0x3, 0x200, 0x3, 0x7, 0x0, 0x80000000, 0xfdd, 0x7d, 0x9, 0x15b, 0x81, 0x4, 0x1, 0x8, 0x9, 0x9, 0x80, 0x6f4e, 0x4000000, 0x400, 0x4, 0x7, 0x7, 0xfffffffffffffff8, 0x2, 0x6000000000000000, 0x5e, 0x6, 0x7fff, 0x6, 0x8, 0x3, 0x5, 0x3, 0x2, 0x80000001, 0x5, 0xea, 0x7ff, 0x9, 0x800, 0x4, 0x3, 0x1, 0x0, 0x1a567dcd, 0x1, 0x4, 0xd, 0x6, 0x200, 0x8, 0x0, 0xbc5, 0x7fffffffffffffff, 0x0, 0x400, 0x1, 0x200, 0x7fffffff, 0xfffffffffffffff7, 0x0, 0x1c21, 0x3, 0x0, 0x2cb8, 0x80, 0x0, 0x2, 0x3, 0x5, 0x30000000000, 0x10001, 0x8797, 0x3, 0x2, 0x550ff0ef, 0x9, 0xfffffffffffffffb, 0x7, 0x9, 0x2, 0xde4, 0x7, 0xa, 0x800, 0xf8, 0x3, 0x7851d42b, 0x8, 0xb, 0x5, 0x2, 0x1000, 0x7fffffff, 0x4, 0x9, 0x8000000000000001, 0x1, 0x8, 0x7f, 0x8]})
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_es_shrink_scan_exit\x00', r6, 0x0, 0xb}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x40)
epoll_create(0x3)
r9 = socket(0x15, 0x5, 0x0)
getsockopt(r9, 0x200000000114, 0x2710, 0x0, &(0x7f0000000000))
connect$inet6(r9, &(0x7f0000000180)={0xa, 0x0, 0xffffffff, @mcast2, 0x8}, 0x1c)
ioctl$SYNC_IOC_FILE_INFO(r4, 0xc0383e04, &(0x7f00000001c0)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$KVM_SET_IRQCHIP(r2, 0x4048aec9, &(0x7f0000000980)={0x1, 0x0, @ioapic={0xfee00, 0x296a, 0x4, 0x3, 0x0, [{0x98, 0x37, 0x81, '\x00', 0x7f}, {0x41, 0x8, 0x81, '\x00', 0xf5}, {0xe9, 0x1, 0x9, '\x00', 0x11}, {0x7, 0x9, 0x3, '\x00', 0x8f}, {0x3, 0x7f, 0x91, '\x00', 0xa}, {0xf, 0xe3, 0x8, '\x00', 0xaa}, {0x6, 0x8, 0x6, '\x00', 0x8}, {0x1, 0x3, 0x2, '\x00', 0x67}, {0x2, 0x7, 0xa, '\x00', 0x8}, {0x8, 0x3, 0x43, '\x00', 0x9f}, {0xf, 0x8, 0x6, '\x00', 0x3}, {0x2, 0x4c, 0x3, '\x00', 0xa}, {0x7, 0x6, 0x3, '\x00', 0xa6}, {0x8, 0x0, 0x8, '\x00', 0x9}, {0x2, 0x4c, 0xaa, '\x00', 0x1}, {0x8, 0x5e, 0x4, '\x00', 0x3}, {0x5, 0xa0, 0x47, '\x00', 0x6}, {0x7, 0x3, 0x2, '\x00', 0x8}, {0x5, 0x0, 0xf, '\x00', 0x7}, {0x5e, 0xa, 0xb, '\x00', 0x3}, {0x7f, 0x6, 0x7, '\x00', 0x2}, {0x93, 0x44, 0x9, '\x00', 0x10}, {0x2, 0x8, 0x2, '\x00', 0xfc}, {0x6, 0xc, 0xc6, '\x00', 0x8}]}})
close_range(r0, 0xffffffffffffffff, 0x0)

11m57.281610163s ago: executing program 1 (id=240):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x8000, 0x1f7)
r2 = fanotify_init(0x200, 0x0)
fanotify_mark(r2, 0x201, 0x4800003e, r1, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f0000000400)=[{0x28, 0x0, 0x0, 0xfffff020}, {0x6, 0x0, 0x0, 0x6}]}, 0x10)
r5 = fanotify_init(0xf00, 0x0)
fanotify_mark(r5, 0x1, 0x10001011, r3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x801)
rt_sigqueueinfo(0x0, 0x17, &(0x7f0000000300)={0x27, 0x5, 0xfffffff9})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0xfdef, 0x0, 0x0)
request_key(&(0x7f00000000c0)='cifs.spnego\x00', &(0x7f0000000480)={'syz', 0x1}, &(0x7f00000004c0)='msdos\x00', 0xfffffffffffffffa)
socket$inet_mptcp(0x2, 0x1, 0x106)

11m56.758283204s ago: executing program 2 (id=241):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x3233c3, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@private0, 0x0, 0x0, 0xff, 0x1, 0x0, 0x2}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r5, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x1007d0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc80, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0xf7fffffe, 0x0, 0x0, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x6], 0x1, 0x400})
ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(r5, 0x7b0, &(0x7f00000003c0)={@hyper, 0x1})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x200, 0x0, 0x3, 0x7, 0x13ec, 0x1}, 0x20)
syz_io_uring_setup(0x7e35, &(0x7f0000000340)={0x0, 0x5867, 0x1000, 0x0, 0x8c}, 0x0, 0x0)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6000, 0x0)

11m52.843251495s ago: executing program 2 (id=242):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xb4, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x8c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x54, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x14}, @NFTA_BITWISE_XOR={0x1c, 0x5, 0x0, 0x1, [@NFTA_DATA_VALUE={0x15, 0x1, "8faad8723e6e7fa481f44723334b061f44"}]}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "8a95"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x128}, 0x1, 0x0, 0x0, 0x80}, 0x0)

11m48.200924472s ago: executing program 0 (id=243):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair(0xa, 0x1, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000540)=@mangle={'mangle\x00', 0x64, 0x6, 0x7b0, 0x120, 0x568, 0x420, 0x568, 0x568, 0x6e0, 0x6e0, 0x6e0, 0x6e0, 0x6e0, 0x6, 0x0, {[{{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}, @common=@inet=@length={{0x28}, {0x7, 0xb0, 0x1}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00', {}, {0xff}}, 0x0, 0x1d0, 0x218, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@recent0={{0xf8}, {0x9, 0x58, 0x4, 0x1, 'syz0\x00', 0x9}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv6=@mcast2}}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x810)
sendto$inet6(r0, &(0x7f0000000080)="535ec5637c1d584f210ec8c50b445eeaa9b38da8a1332c5a7bba4f0f4ac97ecc2ad57487637d9f62606d6de6c7a8c409fb73b6c905f600b0172edacd0966897480ad6d67a20d1791f48b2482c060e10ab5b796", 0x53, 0x8001, 0x0, 0x0)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000100)={0xc})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="1c000000180081064e81f782db4cb904231d0800fe007c05e8fe55a1", 0x1c}], 0x1}, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f00000001c0)={0x9, 0x1, 0x0, "167e94e3cbad028b080b539d0b6723df0f531c39546c4793d1e0d12c5a9af456"})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), 0xffffffffffffffff)

11m48.190955353s ago: executing program 1 (id=244):
r0 = creat(&(0x7f00000000c0)='./file1\x00', 0x67)
close(r0)
r1 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x140, 0x5c, 0x160, 0x140, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'wg1\x00', {}, {0x222cecdb0fb5a62a}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}, @common=@unspec=@state={{0x28}, {0xfffffffd}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @private2, [], [0xff], 'veth1_to_hsr\x00', 'dummy0\x00', {}, {}, 0x88}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20004000)
listen(r1, 0x9)
bind$rds(r1, &(0x7f0000000440)={0x2, 0x4e24, @multicast1}, 0x10)
socket$inet_sctp(0x2, 0x5, 0x84)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @private2, @loopback, 0x800001, 0x6, 0x2, 0x500, 0x80000001, 0x6820213})
setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f00000000c0)=0x8, 0x4)
r4 = dup(r3)
bind$unix(r4, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x4e, &(0x7f0000000040)=0x7, 0x4)
r6 = dup(r5)
bind$unix(r6, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
bind$unix(r2, &(0x7f0000003000)=@file={0x1}, 0xc)
listen(r2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000001200), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="7472616e02000000000000006e6f3d", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=','])

11m47.157398313s ago: executing program 2 (id=245):
openat$pidfd(0xffffffffffffff9c, 0x0, 0x75f081, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x2, 0x3a)
r3 = dup(r2)
bind$unix(r3, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000004300)={&(0x7f0000000240)={0x24, r5, 0x1, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x404c804}, 0x20000004)
ioctl$KVM_SET_BOOT_CPU_ID(r3, 0xae78, &(0x7f0000000000)=0x1)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000180), 0x3}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0)
unshare(0x400)
r6 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00')
lseek(r6, 0x4, 0x4)
r7 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f00000000c0)=0x20)
ioctl$SNDCTL_DSP_STEREO(r7, 0xc0045003, &(0x7f0000000600)=0x180004)
write$binfmt_elf32(r7, 0x0, 0x4cd)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r3, 0xc018937a, &(0x7f0000000280)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'})
syz_emit_ethernet(0x1b, &(0x7f0000000040)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2}, @void, {@llc_tr={0x11, {@snap={0xaa, 0xaa, 'S', "ee3de0", 0x892f, "ff81240921"}}}}}, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000000100)=0x1)
write$dsp(r7, &(0x7f0000000140)="755a5398d512d39077459e67ee110daaf0413bc745ef85b89f2141d513969bd8", 0xffaa)

11m25.052477279s ago: executing program 33 (id=243):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair(0xa, 0x1, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000540)=@mangle={'mangle\x00', 0x64, 0x6, 0x7b0, 0x120, 0x568, 0x420, 0x568, 0x568, 0x6e0, 0x6e0, 0x6e0, 0x6e0, 0x6e0, 0x6, 0x0, {[{{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x6}}, @common=@inet=@length={{0x28}, {0x7, 0xb0, 0x1}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00', {}, {0xff}}, 0x0, 0x1d0, 0x218, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@recent0={{0xf8}, {0x9, 0x58, 0x4, 0x1, 'syz0\x00', 0x9}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv6=@mcast2}}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x810)
sendto$inet6(r0, &(0x7f0000000080)="535ec5637c1d584f210ec8c50b445eeaa9b38da8a1332c5a7bba4f0f4ac97ecc2ad57487637d9f62606d6de6c7a8c409fb73b6c905f600b0172edacd0966897480ad6d67a20d1791f48b2482c060e10ab5b796", 0x53, 0x8001, 0x0, 0x0)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000100)={0xc})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)="1c000000180081064e81f782db4cb904231d0800fe007c05e8fe55a1", 0x1c}], 0x1}, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f00000001c0)={0x9, 0x1, 0x0, "167e94e3cbad028b080b539d0b6723df0f531c39546c4793d1e0d12c5a9af456"})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), 0xffffffffffffffff)

11m24.829930598s ago: executing program 34 (id=244):
r0 = creat(&(0x7f00000000c0)='./file1\x00', 0x67)
close(r0)
r1 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x140, 0x5c, 0x160, 0x140, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'wg1\x00', {}, {0x222cecdb0fb5a62a}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}, @common=@unspec=@state={{0x28}, {0xfffffffd}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @private2, [], [0xff], 'veth1_to_hsr\x00', 'dummy0\x00', {}, {}, 0x88}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20004000)
listen(r1, 0x9)
bind$rds(r1, &(0x7f0000000440)={0x2, 0x4e24, @multicast1}, 0x10)
socket$inet_sctp(0x2, 0x5, 0x84)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @private2, @loopback, 0x800001, 0x6, 0x2, 0x500, 0x80000001, 0x6820213})
setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f00000000c0)=0x8, 0x4)
r4 = dup(r3)
bind$unix(r4, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x4e, &(0x7f0000000040)=0x7, 0x4)
r6 = dup(r5)
bind$unix(r6, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
bind$unix(r2, &(0x7f0000003000)=@file={0x1}, 0xc)
listen(r2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000001200), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="7472616e02000000000000006e6f3d", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=','])

11m24.613249129s ago: executing program 35 (id=245):
openat$pidfd(0xffffffffffffff9c, 0x0, 0x75f081, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x2, 0x3a)
r3 = dup(r2)
bind$unix(r3, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0)
sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000004300)={&(0x7f0000000240)={0x24, r5, 0x1, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x404c804}, 0x20000004)
ioctl$KVM_SET_BOOT_CPU_ID(r3, 0xae78, &(0x7f0000000000)=0x1)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000180), 0x3}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0)
unshare(0x400)
r6 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00')
lseek(r6, 0x4, 0x4)
r7 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f00000000c0)=0x20)
ioctl$SNDCTL_DSP_STEREO(r7, 0xc0045003, &(0x7f0000000600)=0x180004)
write$binfmt_elf32(r7, 0x0, 0x4cd)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r3, 0xc018937a, &(0x7f0000000280)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'})
syz_emit_ethernet(0x1b, &(0x7f0000000040)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2}, @void, {@llc_tr={0x11, {@snap={0xaa, 0xaa, 'S', "ee3de0", 0x892f, "ff81240921"}}}}}, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000000100)=0x1)
write$dsp(r7, &(0x7f0000000140)="755a5398d512d39077459e67ee110daaf0413bc745ef85b89f2141d513969bd8", 0xffaa)

11m24.440654652s ago: executing program 36 (id=237):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000)
mbind(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x1, 0x0, 0xc, 0x0)
get_mempolicy(0x0, 0x0, 0x100000020000200, &(0x7f0000ff7000/0x2000)=nil, 0x2)
prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000004000/0x3000)=nil)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = eventfd(0x0)
io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xc2, r1, 0x0, 0x0, 0x36}])
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0x4018aee2, &(0x7f0000000040))
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x80, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_tunnel_key={0x68, 0x1, 0x0, 0x0, {{0xf}, {0x38, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xc, @local}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}}, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0xea, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000280)={<r5=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000240)={r5, 0x0, r3})

10m9.971541667s ago: executing program 7 (id=358):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x10, 0x800, 0xbbbe, 0x0, 0x2, 0x4, {0x0, 0x0, 0x1}, {0x7, 0xfffffffd, 0xfffffffe}, {0x0, 0xffff0000}, {0x1000000}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4})
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f0000000380)={'broute\x00', 0x0, 0x0, 0x0, [0x4, 0xc, 0x8000, 0x2, 0x7, 0xfffffffffffffffb]}, &(0x7f00000001c0)=0x78)

10m9.08007521s ago: executing program 7 (id=361):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r0, 0x29, 0x7, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000200)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x20040051}, 0x2004c010)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r3=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
statx(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x1000, 0x100, &(0x7f0000000680))
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
bind$can_raw(r2, &(0x7f00000005c0), 0x10)
recvmmsg(r2, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000040)=""/5, 0xf}, {0x0}], 0x2}}], 0x400025a, 0x600100a2, 0x0)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r2, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4)
sendmsg$can_raw(r2, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r3}, 0x10, &(0x7f0000000480)={&(0x7f0000000140)=@can={{0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, "5b7ba3698f28aaf0"}, 0x10}}, 0x4040)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x40000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c)
mknod$loop(&(0x7f00000190c0)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000000)='./file0\x00', &(0x7f00000191c0)={[&(0x7f0000000380)=' T\xfc\x81\x8e\x9f5\x0e \x043[B\xad\x13\x9f\xae\x8f\xbb\x9a\x0f\x9f\x03\xa5\xfc9\xbb\xa4.\xf4\xeb\x03\xf1\xb6\x8c\xc4E\x93\n&k\xec\xc8\xdch\xd6\x1e\xcb\fA\\da/O\xdcn7\x1b@\xbf\xfb\x17J\xaaD\xe4\x01\xbc', &(0x7f0000019080)='\x00']}, &(0x7f0000019280)={[&(0x7f0000000200)=' ']})

10m8.754165838s ago: executing program 7 (id=363):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8804}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0xffffffffffffff2b)
getdents64(0xffffffffffffffff, &(0x7f0000002f40)=""/4098, 0x1002)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x5, &(0x7f00000001c0), 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x44810)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000020000000000000000000000095"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)=""/4077, 0xfed}], 0x1}, 0x9}], 0x1, 0x2000, 0x0)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="180100002e"], 0x118}], 0x1, 0x0, 0x0, 0x48085}, 0x0)

10m3.163937854s ago: executing program 7 (id=377):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @remote, 0x15, 0x3, 'none\x00', 0x1, 0x4, 0x72}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000300)={{0x84, @broadcast, 0x4e21, 0x3, 'lc\x00', 0xb, 0x80000000, 0x25}, {@rand_addr=0x64010102, 0x4e23, 0x10000, 0xc3, 0x12d5c, 0x12d5c}}, 0x44) (fail_nth: 4)

10m1.485661455s ago: executing program 7 (id=381):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = syz_open_dev$media(&(0x7f00000001c0), 0x10, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r3, 0xc0487c04, &(0x7f0000000040)={0x0, 0x6, 0x0, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xfffffffd}, 0x50)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000600)={'team0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000800)=@newqdisc={0x9c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x6c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100], [0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x8, 0xc, 0x0, 0x1, [{0x4, 0x4}]}]}}]}, 0x9c}}, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000005c0)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x9, 0x1, 0x2, 0x2, 0xd, 0x6e}, 0x20)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r5, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000380)={&(0x7f0000000500)={0x58, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x3c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x47}]}, 0x58}}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x6}, {0x66, 0x0, 0x0, 0x80ffffff}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x1, 0x5, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000240)={0x6, r1, 'id1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r9, 0xc008561c, &(0x7f0000000040)={0xf0f080, 0x1})

10m0.466476463s ago: executing program 7 (id=382):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0x3cfa, 0x0, 0x2, 0x69}, &(0x7f0000000200)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x2, 0x6000, @fd_index=0x5, 0x5, &(0x7f0000000680)=""/51, 0x33, 0x1c, 0x1})
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "1d8f2a0002f3c9b3", "0b3ea90ac47b25d7624cd362581725c7", "0100", "00000000000200"}, 0x28)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
fstat(r4, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
setuid(r5)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x48)
poll(0x0, 0x0, 0x83)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000009000000000000000020000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1, 0xff3f})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb01001800000000000000140000001400000002000000000000000100000d0000ec7ebfc9ed612da0aef8473b00060d000400020000400000"], &(0x7f0000000f40)=""/4096, 0x2e, 0x1000, 0x9}, 0x28)
shutdown(r0, 0x1)
r8 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x41)
r9 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000000000))
io_setup(0x1, &(0x7f0000000b80)=<r10=>0x0)
io_submit(r10, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r9, 0x0}])
syz_clone3(&(0x7f0000000600)={0x201000080, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x2c}, &(0x7f0000001f40)=""/4096, 0x1000, &(0x7f00000004c0)=""/212, &(0x7f00000005c0)=[0x0], 0x1}, 0x58)
eventfd(0x8)
r11 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fcntl$notify(r11, 0x402, 0x8000003d)
fcntl$setsig(r11, 0xa, 0x21)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000008c0)='net/protocols\x00')

9m45.02371679s ago: executing program 37 (id=382):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000300)={0x0, 0x3cfa, 0x0, 0x2, 0x69}, &(0x7f0000000200)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x2, 0x6000, @fd_index=0x5, 0x5, &(0x7f0000000680)=""/51, 0x33, 0x1c, 0x1})
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "1d8f2a0002f3c9b3", "0b3ea90ac47b25d7624cd362581725c7", "0100", "00000000000200"}, 0x28)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
fstat(r4, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
setuid(r5)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x48)
poll(0x0, 0x0, 0x83)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000009000000000000000020000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1, 0xff3f})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb01001800000000000000140000001400000002000000000000000100000d0000ec7ebfc9ed612da0aef8473b00060d000400020000400000"], &(0x7f0000000f40)=""/4096, 0x2e, 0x1000, 0x9}, 0x28)
shutdown(r0, 0x1)
r8 = open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x41)
r9 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000000000))
io_setup(0x1, &(0x7f0000000b80)=<r10=>0x0)
io_submit(r10, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r9, 0x0}])
syz_clone3(&(0x7f0000000600)={0x201000080, &(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480), {0x2c}, &(0x7f0000001f40)=""/4096, 0x1000, &(0x7f00000004c0)=""/212, &(0x7f00000005c0)=[0x0], 0x1}, 0x58)
eventfd(0x8)
r11 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0)
fcntl$notify(r11, 0x402, 0x8000003d)
fcntl$setsig(r11, 0xa, 0x21)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000008c0)='net/protocols\x00')

2m29.666142968s ago: executing program 4 (id=1569):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x6}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0xd, 0xfff3}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x5}]}}]}, 0x3c}}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="430000004ec6"})

2m27.988016527s ago: executing program 6 (id=1570):
syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1a010c005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99080805", @ANYRES16], &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="6000000002060101000000000000000001000000140007800800124000000005050015000c0000000500010006000000050005000a00000005000400000000000900020073797a300000000012000300686173683a6e65742c706f7274"], 0x60}, 0x1, 0x0, 0x0, 0xc0d1}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r4, @ANYBLOB="0800260090150000080057"], 0x2c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r9=>0x0})
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x5}}, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r10}, 0x10)
r11 = syz_open_dev$evdev(&(0x7f0000000240), 0x0, 0x0)
ioctl$EVIOCGLED(r11, 0x80284511, 0x0)
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r12=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r13=>0x0})
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r2, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x48, r5, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r9}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r12}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r13}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x78}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x101, 0x7a}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000000}, 0x4000800)
readv(r0, &(0x7f00000006c0)=[{&(0x7f00000002c0)=""/111, 0x6f}, {0x0}], 0x2)

2m23.989375804s ago: executing program 6 (id=1576):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x82803, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
setrlimit(0x1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x2000000000000220, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c40)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8}, @NFTA_RANGE_OP={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_RANGE_TO_DATA={0x4}, @NFTA_RANGE_FROM_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, 'C'}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x8c}}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
syz_open_dev$usbfs(0x0, 0x76, 0x101b01)
ioctl$SNDCTL_SEQ_CTRLRATE(r0, 0xc0045103, &(0x7f00000002c0)=0x10001)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={0x0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
syz_open_dev$cec(&(0x7f0000000200), 0x0, 0x100)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x70bd27, 0x0, {0xa, 0x0, 0x2}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x8000)

2m21.878500105s ago: executing program 4 (id=1579):
openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81)
r0 = mq_open(&(0x7f00000002c0)='\x00', 0x0, 0x40, 0x0)
mq_timedreceive(r0, &(0x7f0000000340)=""/238, 0xee, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001aa40)=""/102400, 0x19000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0xe, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e1208000b0000000401a80016000800014009001100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360d070100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', 0x0, 0x0, 0x0)
sendmmsg$inet(r2, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)

2m21.873382749s ago: executing program 6 (id=1580):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x3ffffffffffffffd, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x359b171663d45917}, 0x0)
ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000005c0)={0x0, 0x0, r7, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000440)={r8, 0x0, 0x0, 0x0, 0x0, [<r9=>0x0], [0x7, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0xfffffffc], [0x6, 0x4, 0x4]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000200)={r9, 0x80000, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000000)={0x0, 0x0, r10})
close_range(r3, 0xffffffffffffffff, 0x0)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r12 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r13 = syz_open_procfs(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r13}, 0x2c, {'wfdno', 0x3d, r12}})
sendmsg$nl_xfrm(r11, 0x0, 0x0)
r14 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r14, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x0, {}, [{0x50, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x5, 0x0, 0x0, 0x80000008}, 0x5}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)

2m20.752048445s ago: executing program 6 (id=1581):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x3)
r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, &(0x7f0000000300)=[{0x3}], 0x1, 0x0, 0x0, 0x0, 0x0, 0x5c})
close(r1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x1)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r5)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x6}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r8, {}, {0x2, 0xb}, {0xd, 0xfff3}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x2}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x5}]}}]}, 0x44}}, 0x4008000)
ioctl$SIOCSIFHWADDR(r5, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

2m20.562489214s ago: executing program 4 (id=1582):
write$FUSE_OPEN(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000000)=0x7, 0xfffffffffffffcb2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f0000000000), 0x0}, 0x20)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000060000000000000000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fcntl$setlease(r2, 0x400, 0x1)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000001080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r1}, 0x10)
mount$9p_unix(0x0, &(0x7f0000000040)='.\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000100)={'trans=unix,', {[{@msize}]}})
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0)
ioctl$AUTOFS_IOC_FAIL(r6, 0x4c80, 0x7000000)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

2m19.638964717s ago: executing program 5 (id=1584):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRES64=0x0, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x40)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)

2m19.244179118s ago: executing program 5 (id=1585):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a30000000005c000000060a010400000000000000000100000008000b40000000000900010073797a300000000034000480300001"], 0xd0}}, 0x0) (fail_nth: 4)

2m18.984994184s ago: executing program 4 (id=1586):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00'}, 0x18)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x240000c4)

2m18.682015321s ago: executing program 5 (id=1588):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0xa08000, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58) (async)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r4=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="310300000000000000000800000008000300", @ANYRES32=r4, @ANYBLOB="0800060059"], 0x24}}, 0x0) (async, rerun: 32)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) (async, rerun: 32)
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000), 0x4) (async)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x1, 0x5, 0x4}, 0x50) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000600)={0x401, <r6=>0x0}, 0x8) (async)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x4, &(0x7f0000000640)=@raw=[@jmp={0x5, 0x0, 0x4, 0x2, 0x6, 0x100, 0x10}, @jmp={0x5, 0x1, 0xa, 0x3, 0x7, 0xfffffffffffffff4, 0x4}, @cb_func={0x18, 0x7, 0x4, 0x0, 0x3}], &(0x7f0000000680)='syzkaller\x00', 0x3, 0xe5, &(0x7f00000006c0)=""/229, 0x41100, 0x9, '\x00', r4, 0x0, r1, 0x8, &(0x7f00000007c0)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000800)={0x4, 0x3, 0x26, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r1], 0x0, 0x10, 0x2}, 0x94) (async)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000940)={0x1b, 0x0, 0x0, 0xbe4, 0x0, r1, 0x8, '\x00', 0x0, r1, 0x0, 0x4, 0x4}, 0x50) (async)
r9 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r9, 0x0, 0xffffffffffffff9c, 0x0, 0x244) (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x1a, 0x26, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000240)='GPL\x00', 0xd, 0x55, &(0x7f0000000500)=""/85, 0x41100, 0x8, '\x00', r4, @fallback=0x39, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x1, 0x5}, 0x8, 0x10, &(0x7f00000005c0)={0x2, 0x8, 0x0, 0x7fff}, 0x10, r6, r7, 0x5, &(0x7f00000009c0)=[r1, r8, r1, r1, r9, r1, r1], &(0x7f0000000a00)=[{0x2, 0x4, 0x4, 0x5}, {0x4, 0x1, 0x2, 0x1}, {0x3, 0x4, 0xc, 0x1}, {0x2, 0x1, 0x6, 0x7}, {0x5, 0x3, 0x10, 0x3}], 0x10, 0x4}, 0x94) (rerun: 64)
chdir(&(0x7f00000001c0)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x48940, 0x0)

2m18.553055939s ago: executing program 4 (id=1589):
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22)
writev(r3, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2003f}], 0x1) (fail_nth: 4)

2m18.286944337s ago: executing program 5 (id=1590):
io_uring_setup(0x1612, &(0x7f0000000200)={0x0, 0x0, 0x3040, 0xffffffff, 0x3cf})
syz_open_dev$media(&(0x7f0000000040), 0xcf7, 0x0)
socket(0x11, 0x3, 0x3a)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000300))
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x12, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000062102000100000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES16=r0], 0x54}}, 0x20000000)

2m17.41142638s ago: executing program 4 (id=1592):
syz_usb_connect(0x3, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010102bfa315087d077a6201000102030109022d00013212100609044b2a0303d0ed659f4d8bb6e16ff87c030905020220008041800b050d0108000209682fa93e13d987fed0b4296d8c16d426e7e48382d6617cb91f52ce55f899c6a5f081ad5b3e490e3fdf14"], 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00'})
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4048081)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
prlimit64(0x0, 0x0, &(0x7f0000000180)={0x40000000}, 0x0) (async)
prlimit64(0x0, 0x0, &(0x7f0000000180)={0x40000000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
getpid() (async)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) (async)
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
io_uring_setup(0x745b, &(0x7f0000000340)={0x0, 0xfb66, 0x38c1, 0x4, 0xf0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000ac000/0x2000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xfff1}, {0xffff}, {0x0, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x8081) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xfff1}, {0xffff}, {0x0, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x8081)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r5, 0xc01064c1, &(0x7f0000000100))
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
fcntl$getownex(r6, 0x10, &(0x7f0000000000)={0x0, <r7=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x3, r7, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0xa)
getpid() (async)
getpid()

2m17.397526239s ago: executing program 5 (id=1593):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x7dc0, 0x0, &(0x7f0000000780), 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8000, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x2}, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a020000050000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180), &(0x7f00000001c0)="837b", 0x75, r3}, 0x38)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000008e224e00"/33, @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000070000009500000000000000"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r4}, 0x10)
remap_file_pages(&(0x7f0000456000/0x1000)=nil, 0x1000, 0x0, 0x0, 0xf0ffffff)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r6, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r6, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)

2m8.02844316s ago: executing program 5 (id=1597):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c0000000000000000"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xc4, 0x19, 0x1, 0xfffffffc, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x2c}, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x0, 0xa, 0x0, 0x60}, {0x0, 0x1000000000000401, 0xfffffffffffffffe, 0x40000000, 0x0, 0x1a, 0x1, 0xfffffffffffffffe}, {0x7a, 0x5, 0x0, 0x7fff}, 0x8, 0x0, 0x1, 0x0, 0x3}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x8044)
sendto$inet6(r2, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c)
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x6, 0x4b, 0x38, 0x10, 0x46d, 0x990, 0x41ba, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x6, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x99, 0x0, 0x0, 0x1, 0x1, 0xad}}]}}]}}, 0x0)

2m7.798459732s ago: executing program 6 (id=1598):
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
dup(r0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="38000000031401002abd7000fcdbdf250900020073797a300000000008004100736977001438000000673100000000000000000000000000c8251a21d88324c7b2b40e678b80b830cfb6bff5679c3d8d3564604a5c9ac5904f591d9ed2d54c2384"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)

2m0.155460037s ago: executing program 38 (id=1592):
syz_usb_connect(0x3, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010102bfa315087d077a6201000102030109022d00013212100609044b2a0303d0ed659f4d8bb6e16ff87c030905020220008041800b050d0108000209682fa93e13d987fed0b4296d8c16d426e7e48382d6617cb91f52ce55f899c6a5f081ad5b3e490e3fdf14"], 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00'})
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4048081)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
prlimit64(0x0, 0x0, &(0x7f0000000180)={0x40000000}, 0x0) (async)
prlimit64(0x0, 0x0, &(0x7f0000000180)={0x40000000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
getpid() (async)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) (async)
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
io_uring_setup(0x745b, &(0x7f0000000340)={0x0, 0xfb66, 0x38c1, 0x4, 0xf0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f00000ac000/0x2000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xfff1}, {0xffff}, {0x0, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x8081) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xfff1}, {0xffff}, {0x0, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x8081)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r5, 0xc01064c1, &(0x7f0000000100))
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
fcntl$getownex(r6, 0x10, &(0x7f0000000000)={0x0, <r7=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x3, r7, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0xa)
getpid() (async)
getpid()

1m58.060785876s ago: executing program 6 (id=1603):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0x5, &(0x7f0000000200)={0x8, 0x8a}, 0x0) (async)
prlimit64(0x0, 0x5, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x2)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000001c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000001c0)={r3, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000180)={&(0x7f0000000300)=[<r5=>0x0], &(0x7f0000000140), 0x1, r4})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000280)={0x300, 0x1, &(0x7f0000000040)=[r4], &(0x7f0000000600)=[0x2], &(0x7f0000000140)=[r5, r5], &(0x7f0000000580)}) (async)
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000280)={0x300, 0x1, &(0x7f0000000040)=[r4], &(0x7f0000000600)=[0x2], &(0x7f0000000140)=[r5, r5], &(0x7f0000000580)})
accept4(r1, 0x0, 0x0, 0x0) (async)
accept4(r1, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000019140)=@newchain={0x43c, 0x64, 0x300, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xfff6}, {0x4, 0x5}, {0xfff6, 0xa}}, [@f_tcindex={{0xc}, {0x40c, 0x2, [@TCA_TCINDEX_POLICE={0x408, 0x6, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0xfffffff8, 0x4551, 0x80000001, 0x1000, 0x7, 0x5, 0x3, 0x7, 0x8001, 0x2, 0x0, 0x4, 0x55, 0x0, 0x1, 0x5e9f, 0x0, 0x0, 0x17ff, 0x2264, 0x6, 0x577, 0x2, 0x818, 0x1, 0x10000, 0x0, 0xb9, 0xfffffffe, 0x100077, 0xc1c, 0x3, 0x0, 0xff, 0x4, 0x2, 0x2, 0x0, 0x0, 0xa, 0x3ff, 0x1000, 0x7129, 0x2, 0x4, 0xc, 0x0, 0xfffffbff, 0x0, 0x7cca, 0xc, 0x7, 0x6, 0x9, 0x4, 0x6, 0xb978, 0x0, 0xf, 0xfffffffe, 0xcfce, 0x0, 0xfffffff7, 0x4f1, 0x55, 0x712ae542, 0x4, 0xfaab, 0x200, 0x85b, 0xff, 0x0, 0x6, 0x9, 0xffffffff, 0x8, 0x9, 0x4, 0x17f, 0x401, 0x0, 0x2e6, 0xac6, 0x1, 0x8, 0xec6f, 0x3, 0x80, 0xfffffc00, 0x94, 0xfff, 0xfaa2a50, 0x31d, 0x1, 0x2, 0x1, 0x90, 0x3, 0xed, 0x4249, 0x88, 0x0, 0x100, 0xf8d4, 0x52, 0x1, 0x8, 0x4, 0x1000, 0x7, 0x3, 0x7fffffff, 0x6, 0x4, 0x5, 0x8, 0xffffffff, 0xe, 0x8, 0x4000000, 0x37d, 0x3, 0xd, 0x0, 0x7, 0x5, 0x1745, 0x7, 0x2, 0x9, 0x263, 0x5fd, 0x7, 0x0, 0x7, 0x0, 0x5, 0x1, 0x2, 0xfffffff6, 0xed6, 0x1, 0x10, 0x0, 0x7, 0x10, 0xb04, 0x1, 0x7, 0x6, 0x3, 0x7, 0x4405, 0x100, 0x7, 0x48, 0x1, 0x9, 0x7, 0x5, 0x3, 0x5, 0x1, 0x5, 0x10000, 0x4e, 0x8, 0x5, 0x8, 0xf708, 0x9, 0x9, 0x5, 0x7ff3, 0x4, 0x8, 0x7, 0xfff, 0x4, 0x0, 0x3, 0x5, 0x7, 0xee2, 0x8001, 0x7fffffff, 0x2, 0xffffffff, 0x1, 0x5, 0x2e91, 0xc, 0x4, 0xfff, 0x0, 0xe, 0x98, 0x4, 0x400, 0x9, 0x6, 0x6, 0x4, 0x1f, 0x1, 0x1, 0xa893, 0x9, 0x9, 0x7, 0x2, 0xfffffff8, 0x8, 0xa, 0x9, 0x1, 0xb, 0x101, 0x9, 0x1, 0x3, 0x4, 0x8, 0x1, 0x101, 0x9, 0x7fffffff, 0x6, 0x0, 0x7ff, 0x7, 0x2, 0x8, 0xffffff45, 0x104, 0x7, 0x1ff, 0x9, 0x100, 0x8001, 0xfffffffd, 0x3, 0x73ac, 0x8, 0x71c, 0x5, 0xc, 0x1, 0x9, 0x8001, 0x4, 0x8001, 0xba, 0x5a88, 0x0, 0x10]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000019140)=@newchain={0x43c, 0x64, 0x300, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xfff6}, {0x4, 0x5}, {0xfff6, 0xa}}, [@f_tcindex={{0xc}, {0x40c, 0x2, [@TCA_TCINDEX_POLICE={0x408, 0x6, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0xfffffff8, 0x4551, 0x80000001, 0x1000, 0x7, 0x5, 0x3, 0x7, 0x8001, 0x2, 0x0, 0x4, 0x55, 0x0, 0x1, 0x5e9f, 0x0, 0x0, 0x17ff, 0x2264, 0x6, 0x577, 0x2, 0x818, 0x1, 0x10000, 0x0, 0xb9, 0xfffffffe, 0x100077, 0xc1c, 0x3, 0x0, 0xff, 0x4, 0x2, 0x2, 0x0, 0x0, 0xa, 0x3ff, 0x1000, 0x7129, 0x2, 0x4, 0xc, 0x0, 0xfffffbff, 0x0, 0x7cca, 0xc, 0x7, 0x6, 0x9, 0x4, 0x6, 0xb978, 0x0, 0xf, 0xfffffffe, 0xcfce, 0x0, 0xfffffff7, 0x4f1, 0x55, 0x712ae542, 0x4, 0xfaab, 0x200, 0x85b, 0xff, 0x0, 0x6, 0x9, 0xffffffff, 0x8, 0x9, 0x4, 0x17f, 0x401, 0x0, 0x2e6, 0xac6, 0x1, 0x8, 0xec6f, 0x3, 0x80, 0xfffffc00, 0x94, 0xfff, 0xfaa2a50, 0x31d, 0x1, 0x2, 0x1, 0x90, 0x3, 0xed, 0x4249, 0x88, 0x0, 0x100, 0xf8d4, 0x52, 0x1, 0x8, 0x4, 0x1000, 0x7, 0x3, 0x7fffffff, 0x6, 0x4, 0x5, 0x8, 0xffffffff, 0xe, 0x8, 0x4000000, 0x37d, 0x3, 0xd, 0x0, 0x7, 0x5, 0x1745, 0x7, 0x2, 0x9, 0x263, 0x5fd, 0x7, 0x0, 0x7, 0x0, 0x5, 0x1, 0x2, 0xfffffff6, 0xed6, 0x1, 0x10, 0x0, 0x7, 0x10, 0xb04, 0x1, 0x7, 0x6, 0x3, 0x7, 0x4405, 0x100, 0x7, 0x48, 0x1, 0x9, 0x7, 0x5, 0x3, 0x5, 0x1, 0x5, 0x10000, 0x4e, 0x8, 0x5, 0x8, 0xf708, 0x9, 0x9, 0x5, 0x7ff3, 0x4, 0x8, 0x7, 0xfff, 0x4, 0x0, 0x3, 0x5, 0x7, 0xee2, 0x8001, 0x7fffffff, 0x2, 0xffffffff, 0x1, 0x5, 0x2e91, 0xc, 0x4, 0xfff, 0x0, 0xe, 0x98, 0x4, 0x400, 0x9, 0x6, 0x6, 0x4, 0x1f, 0x1, 0x1, 0xa893, 0x9, 0x9, 0x7, 0x2, 0xfffffff8, 0x8, 0xa, 0x9, 0x1, 0xb, 0x101, 0x9, 0x1, 0x3, 0x4, 0x8, 0x1, 0x101, 0x9, 0x7fffffff, 0x6, 0x0, 0x7ff, 0x7, 0x2, 0x8, 0xffffff45, 0x104, 0x7, 0x1ff, 0x9, 0x100, 0x8001, 0xfffffffd, 0x3, 0x73ac, 0x8, 0x71c, 0x5, 0xc, 0x1, 0x9, 0x8001, 0x4, 0x8001, 0xba, 0x5a88, 0x0, 0x10]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r8 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r8, 0x107, 0x7, &(0x7f0000000100)=0x4000200, 0x4)
setsockopt$packet_tx_ring(r8, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
ioctl$UI_SET_PHYS(r6, 0x4008556c, 0x0) (async)
ioctl$UI_SET_PHYS(r6, 0x4008556c, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)

1m52.036329555s ago: executing program 39 (id=1597):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c0000000000000000"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@updpolicy={0xc4, 0x19, 0x1, 0xfffffffc, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x2c}, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x0, 0xa, 0x0, 0x60}, {0x0, 0x1000000000000401, 0xfffffffffffffffe, 0x40000000, 0x0, 0x1a, 0x1, 0xfffffffffffffffe}, {0x7a, 0x5, 0x0, 0x7fff}, 0x8, 0x0, 0x1, 0x0, 0x3}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x8044)
sendto$inet6(r2, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c)
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x6, 0x4b, 0x38, 0x10, 0x46d, 0x990, 0x41ba, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x6, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x99, 0x0, 0x0, 0x1, 0x1, 0xad}}]}}]}}, 0x0)

1m41.041060792s ago: executing program 40 (id=1603):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0x5, &(0x7f0000000200)={0x8, 0x8a}, 0x0) (async)
prlimit64(0x0, 0x5, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x2)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000001c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000001c0)={r3, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000180)={&(0x7f0000000300)=[<r5=>0x0], &(0x7f0000000140), 0x1, r4})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000280)={0x300, 0x1, &(0x7f0000000040)=[r4], &(0x7f0000000600)=[0x2], &(0x7f0000000140)=[r5, r5], &(0x7f0000000580)}) (async)
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000280)={0x300, 0x1, &(0x7f0000000040)=[r4], &(0x7f0000000600)=[0x2], &(0x7f0000000140)=[r5, r5], &(0x7f0000000580)})
accept4(r1, 0x0, 0x0, 0x0) (async)
accept4(r1, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000019140)=@newchain={0x43c, 0x64, 0x300, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xfff6}, {0x4, 0x5}, {0xfff6, 0xa}}, [@f_tcindex={{0xc}, {0x40c, 0x2, [@TCA_TCINDEX_POLICE={0x408, 0x6, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0xfffffff8, 0x4551, 0x80000001, 0x1000, 0x7, 0x5, 0x3, 0x7, 0x8001, 0x2, 0x0, 0x4, 0x55, 0x0, 0x1, 0x5e9f, 0x0, 0x0, 0x17ff, 0x2264, 0x6, 0x577, 0x2, 0x818, 0x1, 0x10000, 0x0, 0xb9, 0xfffffffe, 0x100077, 0xc1c, 0x3, 0x0, 0xff, 0x4, 0x2, 0x2, 0x0, 0x0, 0xa, 0x3ff, 0x1000, 0x7129, 0x2, 0x4, 0xc, 0x0, 0xfffffbff, 0x0, 0x7cca, 0xc, 0x7, 0x6, 0x9, 0x4, 0x6, 0xb978, 0x0, 0xf, 0xfffffffe, 0xcfce, 0x0, 0xfffffff7, 0x4f1, 0x55, 0x712ae542, 0x4, 0xfaab, 0x200, 0x85b, 0xff, 0x0, 0x6, 0x9, 0xffffffff, 0x8, 0x9, 0x4, 0x17f, 0x401, 0x0, 0x2e6, 0xac6, 0x1, 0x8, 0xec6f, 0x3, 0x80, 0xfffffc00, 0x94, 0xfff, 0xfaa2a50, 0x31d, 0x1, 0x2, 0x1, 0x90, 0x3, 0xed, 0x4249, 0x88, 0x0, 0x100, 0xf8d4, 0x52, 0x1, 0x8, 0x4, 0x1000, 0x7, 0x3, 0x7fffffff, 0x6, 0x4, 0x5, 0x8, 0xffffffff, 0xe, 0x8, 0x4000000, 0x37d, 0x3, 0xd, 0x0, 0x7, 0x5, 0x1745, 0x7, 0x2, 0x9, 0x263, 0x5fd, 0x7, 0x0, 0x7, 0x0, 0x5, 0x1, 0x2, 0xfffffff6, 0xed6, 0x1, 0x10, 0x0, 0x7, 0x10, 0xb04, 0x1, 0x7, 0x6, 0x3, 0x7, 0x4405, 0x100, 0x7, 0x48, 0x1, 0x9, 0x7, 0x5, 0x3, 0x5, 0x1, 0x5, 0x10000, 0x4e, 0x8, 0x5, 0x8, 0xf708, 0x9, 0x9, 0x5, 0x7ff3, 0x4, 0x8, 0x7, 0xfff, 0x4, 0x0, 0x3, 0x5, 0x7, 0xee2, 0x8001, 0x7fffffff, 0x2, 0xffffffff, 0x1, 0x5, 0x2e91, 0xc, 0x4, 0xfff, 0x0, 0xe, 0x98, 0x4, 0x400, 0x9, 0x6, 0x6, 0x4, 0x1f, 0x1, 0x1, 0xa893, 0x9, 0x9, 0x7, 0x2, 0xfffffff8, 0x8, 0xa, 0x9, 0x1, 0xb, 0x101, 0x9, 0x1, 0x3, 0x4, 0x8, 0x1, 0x101, 0x9, 0x7fffffff, 0x6, 0x0, 0x7ff, 0x7, 0x2, 0x8, 0xffffff45, 0x104, 0x7, 0x1ff, 0x9, 0x100, 0x8001, 0xfffffffd, 0x3, 0x73ac, 0x8, 0x71c, 0x5, 0xc, 0x1, 0x9, 0x8001, 0x4, 0x8001, 0xba, 0x5a88, 0x0, 0x10]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000019140)=@newchain={0x43c, 0x64, 0x300, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xfff6}, {0x4, 0x5}, {0xfff6, 0xa}}, [@f_tcindex={{0xc}, {0x40c, 0x2, [@TCA_TCINDEX_POLICE={0x408, 0x6, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0xfffffff8, 0x4551, 0x80000001, 0x1000, 0x7, 0x5, 0x3, 0x7, 0x8001, 0x2, 0x0, 0x4, 0x55, 0x0, 0x1, 0x5e9f, 0x0, 0x0, 0x17ff, 0x2264, 0x6, 0x577, 0x2, 0x818, 0x1, 0x10000, 0x0, 0xb9, 0xfffffffe, 0x100077, 0xc1c, 0x3, 0x0, 0xff, 0x4, 0x2, 0x2, 0x0, 0x0, 0xa, 0x3ff, 0x1000, 0x7129, 0x2, 0x4, 0xc, 0x0, 0xfffffbff, 0x0, 0x7cca, 0xc, 0x7, 0x6, 0x9, 0x4, 0x6, 0xb978, 0x0, 0xf, 0xfffffffe, 0xcfce, 0x0, 0xfffffff7, 0x4f1, 0x55, 0x712ae542, 0x4, 0xfaab, 0x200, 0x85b, 0xff, 0x0, 0x6, 0x9, 0xffffffff, 0x8, 0x9, 0x4, 0x17f, 0x401, 0x0, 0x2e6, 0xac6, 0x1, 0x8, 0xec6f, 0x3, 0x80, 0xfffffc00, 0x94, 0xfff, 0xfaa2a50, 0x31d, 0x1, 0x2, 0x1, 0x90, 0x3, 0xed, 0x4249, 0x88, 0x0, 0x100, 0xf8d4, 0x52, 0x1, 0x8, 0x4, 0x1000, 0x7, 0x3, 0x7fffffff, 0x6, 0x4, 0x5, 0x8, 0xffffffff, 0xe, 0x8, 0x4000000, 0x37d, 0x3, 0xd, 0x0, 0x7, 0x5, 0x1745, 0x7, 0x2, 0x9, 0x263, 0x5fd, 0x7, 0x0, 0x7, 0x0, 0x5, 0x1, 0x2, 0xfffffff6, 0xed6, 0x1, 0x10, 0x0, 0x7, 0x10, 0xb04, 0x1, 0x7, 0x6, 0x3, 0x7, 0x4405, 0x100, 0x7, 0x48, 0x1, 0x9, 0x7, 0x5, 0x3, 0x5, 0x1, 0x5, 0x10000, 0x4e, 0x8, 0x5, 0x8, 0xf708, 0x9, 0x9, 0x5, 0x7ff3, 0x4, 0x8, 0x7, 0xfff, 0x4, 0x0, 0x3, 0x5, 0x7, 0xee2, 0x8001, 0x7fffffff, 0x2, 0xffffffff, 0x1, 0x5, 0x2e91, 0xc, 0x4, 0xfff, 0x0, 0xe, 0x98, 0x4, 0x400, 0x9, 0x6, 0x6, 0x4, 0x1f, 0x1, 0x1, 0xa893, 0x9, 0x9, 0x7, 0x2, 0xfffffff8, 0x8, 0xa, 0x9, 0x1, 0xb, 0x101, 0x9, 0x1, 0x3, 0x4, 0x8, 0x1, 0x101, 0x9, 0x7fffffff, 0x6, 0x0, 0x7ff, 0x7, 0x2, 0x8, 0xffffff45, 0x104, 0x7, 0x1ff, 0x9, 0x100, 0x8001, 0xfffffffd, 0x3, 0x73ac, 0x8, 0x71c, 0x5, 0xc, 0x1, 0x9, 0x8001, 0x4, 0x8001, 0xba, 0x5a88, 0x0, 0x10]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_version\x00', 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r8 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r8, 0x107, 0x7, &(0x7f0000000100)=0x4000200, 0x4)
setsockopt$packet_tx_ring(r8, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
ioctl$UI_SET_PHYS(r6, 0x4008556c, 0x0) (async)
ioctl$UI_SET_PHYS(r6, 0x4008556c, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)

1m38.143170613s ago: executing program 9 (id=1619):
fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8)
socket(0x1, 0x80000, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4040000)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000340)={'veth1_to_batadv\x00', 0xb8})
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000a40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4$alg(r5, 0x0, 0x0, 0x80800)
r7 = socket$inet(0x2, 0x801, 0x0)
bind$inet(r7, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(r7, 0x0, 0xe803, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
sendmmsg$inet(r7, &(0x7f0000005340)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000140)="df", 0x1}], 0x1}}], 0x1, 0x48015)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
splice(r7, 0x0, r8, 0x0, 0x9, 0x0)
sendmmsg(r6, &(0x7f00000005c0), 0x0, 0x240048c2)
io_setup(0xff, &(0x7f0000000380)=<r9=>0x0)
io_submit(r9, 0x2000000000000225, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0xfffb, r6, &(0x7f0000000340), 0x2d}])
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0)

1m35.162053526s ago: executing program 9 (id=1620):
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, 0x0, 0x2004c0b0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
accept4$llc(r3, 0x0, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

1m32.713363101s ago: executing program 9 (id=1622):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="9feb01001800000c0000000600000008000000000000081300bd5e1d786851244f35bae976c37704d900bce9bce901b2c223e38519f62cb71cac1e07b4d5128f3b1b1429c06d61eca1b71ae0ba"], &(0x7f00000004c0)=""/178, 0x2a, 0xb2, 0x1, 0xa3100000, 0x10000}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f000001b000)=ANY=[@ANYRES8=r0, @ANYBLOB="43d6e61cd99c14bf429ebcde2a2b6518df2eead77148eb1037e3ac1269acae40d45ad5eb059b7c152233da30b6cc90e47c17087b85371eb3d0bdd8be159e6f34210c4c312733a8bffba427fc6aebc308a17d6dc16fb2ae81e8c29d8acd74e45267aece53ac796b9e2c63ab2795205dcd8818bd3e476fa9be6b243d5178b41258133f5a86ee9f6a485b954c7d667d34603e02eec570cc1090fd8bd233ebd2acbc95d577b36ff49591331702b88f3eb1052a5d76f4f3a62d33d3cfe36e16a2de184be11e713cb2b65c6c4f16c27076ebcfdfd83432fb676152316e75f5580c0ee8897f8b843e5305530cbf6c067e7a67c47ff8cfb624c871ade8299ce14fe6b13bbed6c2089d0a4dd2f808ddd2b3faa360bf024bcd24b4683c7dab492d8259165a1221ca714fe2415a5c0414a17628afd8bad076b904f9e66cab1d5519d60e7b5f5e956f1001750705d7248e6f3e80b6d6740fe7b484523dce7f533779489723e96f09a73497e02360c1a585a66c0e4468372b73c82e79a4d450913c349c3d45ef909a43e14117f1f311de99158e5ce8b64926edbb0d2444f44cf1852f587a49fcb183f80ce06c6874725c420d2e09627293a6d6e0c25ffcd82bcd720ceae7e1601b057547932b24844c1be4446811c30a618c7373cc2c4a0ad7849339052fde03845b193bcc780d4a0af8e04aa94b4500d7479bdf050e7fde9fb65c6b8910e951fb93c92b36988cf0acdaf003f2afe5f6f12724a9eccf85ede7420f029933211efff235e1e45c1ab732183944e63628ac6fd4e8199ca23217097980dd4618c4218f7ac8870e05c20754b75aac8ef6b82861f9d18dbb1c532e29bd93af7d858cf9ad5a2bc1519911806c3b3162a5adaf03175ae1187d82f15a436db8ef531a4e19c20c167864ab8fc7072bc1f2012d21c2069816c81960cbc1b0e99daeb4fe910ac2965814efb6e3409874eef01b1c83ea791f4568bf8fee513710e70f81125cc92161f9835a2dfd283cd6f4082c48b56a79d943bdb63de990a8896c5cf97a6ad649bc1362123774a69f2302fab73a8f1d0672208a07dc080bd5dc2bcb1d5507dbd54ffb0bd49a9fb3f5a26eeca93b1614af7188bcd164cb5fbf8f4906a6d0c730d81098605ba22bf23dfd048079840301f63424304946ae4c26a80d9150f41eb22bfa58266da1f63fd6767fff57addd44195e30ed4f80b2ab31f199a9933f3276fe23026f9708ee4c36079046a920e64bfcf9285075b9d58f2bb569b4bbbb08c224e2cb30fabedd4d5f580f2f1702f309e939c61b714b173ae55d4498017c8c7f5776a9173e2066a2e63f59db2e6ad50519a94add662c846393d0ed36873e05f2f42053dc49e2efb0f7bcb7531ec67b93f4942a28fdff024eba780b914572374504bdbb85d5a730fb6f419ffbb9e131b4fd36772186572bc19825535b74003641a1ff7f00f770517b6817ea59d57fc89a81ac2fbd6ad072ca8068ae59d38a9c311925b91ce8f6e9177ba3d4b11869da29bc4b83658da6ac0376d0360aaf5888875c106ff0a85790b94406f2b7dd96f5f6f9c6da5d34ec8096f533e1090f41ffd8d8e3896785db705f8521f58b587935239e23ccee3e1cf5d58e460a2a7acb3fe53d31da0cac907107a765fa50eae46778960cfb68d32dd6e7c7e0355547dc248283b1c0d52034536cf23f0ad38eb9a4ed7928036434914f8f607aeed661bb648360456a9c7677adf09fc53392e436411c4dd539d05f3b3d321eafac0a6e6cdf3ea00b0c8ed38cc609797b6b0cbf67343edd1a85d5e6a069e1e50def53f94bebf34a564b66d76a97c43586156e77f8eab060e6673e8fe6c2888c4f276b6c3249e9fb7b308aeb68f9aea07570daa188f5150b5de26f59d28791a1e700cd2c834024e5d0ad969c014c4c2778caed443f758ffa7c9a77cdb162669570d2100ce472cb46f5d1aef8d4a0753864208a442555ae4a60a05bcb503b30eece289b5c20a90e33368328916a0e33d393c783ae7ecc3519626223535bdd98b0b5f74b4409969273ee336809c96cad5d47df8c0325203ee1b49f0f55d3df845d8be99e12c030a3117b989b6d22dd8697f0c198f74707607c8996e0554b07d9a60979ef4eedf865fe1806338f3d899c8b2ddec30c6176c97867267ed9eac7ac67bd136c894be78bb48632c3f64c4250203ee91ebecf51059c9533b1935bcd2b9523bd9dad7ceaded0b4c2b1217e96ba4543a34532e8c63d7e25a32d89edb6b327ac07b64cd9cefad2c6e3b71789cdf6d340e2baaf5d373e5a5cf134edc8c3e4717bd33fee7b80168e797c92e71e2dca7e80caa890d57ef37775b23c7f6b9e21dee6bdf415e0576fd3037d8852b467b6d3c380410537496659b79b10cf3d6e85030a9e77db3705294688530a7ae414219fa36cd4e1390090594d4c6855895f62e13e50eecd02fef8216b1b24ebc53265a55217411748e4cec6de6ad6b863f86ccda11a3b64362d459157954370c753ae3ea15964d3b6658f72fa80d9616624507cc083269f31e4fa7b383c46b32c57b9eb7290a2262d3961b4b8eb665545dca2ca0e154ad92252b24b0731a929404c6df0c8b6a2d4ee9837b4098522ec5eb1b469f14d11b2122766488bb477ba50f7302e92b8c61e8018ab14589bc957816ab203c394db069a508194a6c3c89f858cf96b87e94a37d92be1fdf5b80c78aaa7b91aa6ec37dad9bf7a6fa8009da5781a3f964fc15f7d0af663cdb573d65bd946089dd491adc4455b2e37074d38121c8a95fdcef8e2b651c600a5e1ff20bcdd4aaa9271b379b8540446852bfc443cf5ff98c601c8951423b04859c1c7e67527f52134ceee7462c15617054906fb40c796cb009425c9ba316c46a7f37ae89e4e5f036435ec9d6d6948d8", @ANYRES64, @ANYRESDEC=0x0, @ANYBLOB="00000000fcffffff0200"/28], 0x50)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000000201000000000000000000000000000008002640000020020600124000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x9)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SOUND_MIXER_READ_RECMASK(r3, 0x80044dfd, &(0x7f00000000c0))
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000ec03010000000000008b7bd1a89687b9230000000000000a28000000020a050500000000000000000300000408000240000000010c000440000000000000000414000000fb03010000000000000000000a00000a"], 0x50}, 0x1, 0x0, 0x0, 0x200000e5}, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_CONNECT(r4, 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newsa={0x138, 0x10, 0x1, 0x70bd28, 0x0, {{@in6=@local, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16, 0x0, 0xffffffffffffffff}, {@in=@rand_addr=0x64010102, 0x0, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {}, {0xd997}, {}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x67}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)

1m29.212781565s ago: executing program 9 (id=1625):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x53}, @printk={@ld, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x17}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2b, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x14, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7b, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r0 = syz_io_uring_setup(0x239, &(0x7f0000002440)={0x0, 0x1c2b, 0x10100, 0x0, 0x283}, &(0x7f00000004c0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_io_uring_submit(r1, r2, 0x0)
io_uring_enter(r0, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f00000010c0)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa150835f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d0bdcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8)
mount(0x0, &(0x7f0000000200)='.\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x108, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r7, &(0x7f0000000300)={0x2020}, 0x2020)
fcntl$getownex(r5, 0x10, &(0x7f0000000180))
sendto$inet6(r6, 0x0, 0x0, 0x20000841, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$cec(&(0x7f0000002340), 0x0, 0x115440)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xd, 0xe, &(0x7f0000002380)=ANY=[@ANYRES16=r7], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r7, 0x8, &(0x7f0000000000)={0x2}, 0xffcd, 0x10, &(0x7f0000000100)={0x0, 0x200000}, 0x10, 0xffffffffffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r8, 0x1f2f, 0xd, 0x0, &(0x7f00000007c0)="9f44948721919580684010a486", 0x0, 0x241, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x50)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r9, &(0x7f0000000040)=0x1c9, 0x12)

1m26.691042741s ago: executing program 9 (id=1627):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)='%+9llu \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r2, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1c0000004a008102e0", 0x9}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe", 0x13}], 0x2, 0x0, 0x0, 0x10}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r3, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f00000004c0)={0x14, r4, 0x1, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x2}, 0x4000000)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={&(0x7f0000000200)={0x14, r4, 0x8, 0x70bd2c, 0x25dfdbff, {{}, {@void, @void}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x4000044)
r5 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_kthread_stop\x00', r1}, 0x18)
sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00b8"], 0x40}}, 0x0)

1m16.542028727s ago: executing program 9 (id=1628):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)={'#! ', '', [{0x20, '\xf1IrQQa\xb8\xd4\t\x89Z\xa5!\xfe\xdd\xb3\xb5\x8e<\xb0j{y\xfb\xbf\x8f\xdc\xabKrF%\xb5\xb9\xd0u\xa7\xb7*\xce\x02\xc0\xc1CM|(\xa9\xe7\x17\x92)\xb2\xb5\xa8\xd4q,\xc3_\xf4\xf7o\x10Q\x82\x8e\xa9o\xa3Ei\xc0p\x16\x8e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x15\xb0\x848a^]6\x0f\xcf\x12\xd3\xb3s\x1d\xa2\x88\x06\xda\xd5urD\xf7\x11{l_q\x06\xc9\xd4\xe8Z\x14\b\xa6t\xee\v\xe4W\xdb0\x8e\x93\xef\x837h\xc1U\xa7^g\xfb\xe9g\xdej\xd6}`-\xc0\'\xb4z\x10\xac\x05\x16\xe4O\x05b\x02\xa0\xaa@\x87\x0fr\xbc1\x00\x12\xda<\x05M\xb1\xd7\xe1W\x94#\xd5\xa3\xf5\x05\x00\x00\x00\x00\x00\x00\x00\x99N\xf1\x7f\xf7\x00\x00\x00'}]}, 0xd4)
close(0xffffffffffffffff)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
pread64(0xffffffffffffffff, &(0x7f0000019180)=""/102355, 0x18fd3, 0xc2a)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0xc48e, 0x4, 0x1, 0x0, r3}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r4}, &(0x7f0000000840), &(0x7f0000000880)=r3}, 0x20)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) (fail_nth: 4)
r6 = dup3(r1, r5, 0x80000)
syz_usb_disconnect(r0)
read$FUSE(r6, 0x0, 0x0)

1m1.256042877s ago: executing program 41 (id=1628):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)={'#! ', '', [{0x20, '\xf1IrQQa\xb8\xd4\t\x89Z\xa5!\xfe\xdd\xb3\xb5\x8e<\xb0j{y\xfb\xbf\x8f\xdc\xabKrF%\xb5\xb9\xd0u\xa7\xb7*\xce\x02\xc0\xc1CM|(\xa9\xe7\x17\x92)\xb2\xb5\xa8\xd4q,\xc3_\xf4\xf7o\x10Q\x82\x8e\xa9o\xa3Ei\xc0p\x16\x8e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x15\xb0\x848a^]6\x0f\xcf\x12\xd3\xb3s\x1d\xa2\x88\x06\xda\xd5urD\xf7\x11{l_q\x06\xc9\xd4\xe8Z\x14\b\xa6t\xee\v\xe4W\xdb0\x8e\x93\xef\x837h\xc1U\xa7^g\xfb\xe9g\xdej\xd6}`-\xc0\'\xb4z\x10\xac\x05\x16\xe4O\x05b\x02\xa0\xaa@\x87\x0fr\xbc1\x00\x12\xda<\x05M\xb1\xd7\xe1W\x94#\xd5\xa3\xf5\x05\x00\x00\x00\x00\x00\x00\x00\x99N\xf1\x7f\xf7\x00\x00\x00'}]}, 0xd4)
close(0xffffffffffffffff)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
pread64(0xffffffffffffffff, &(0x7f0000019180)=""/102355, 0x18fd3, 0xc2a)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0xc48e, 0x4, 0x1, 0x0, r3}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r4}, &(0x7f0000000840), &(0x7f0000000880)=r3}, 0x20)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) (fail_nth: 4)
r6 = dup3(r1, r5, 0x80000)
syz_usb_disconnect(r0)
read$FUSE(r6, 0x0, 0x0)

21.753552297s ago: executing program 8 (id=1645):
socket(0x10, 0x80002, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
select(0x300, 0x0, 0x0, &(0x7f0000000400)={0x0, 0x0, 0x2, 0x300}, &(0x7f0000000440)={0x0, 0x2710})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r7, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r8, 0x40045612, &(0x7f0000000100)=0x1)
r9 = syz_io_uring_setup(0x422, &(0x7f00000000c0)={0x0, 0x20079af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r10=>0x0, &(0x7f0000000080)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r12 = socket$kcm(0x2, 0x3, 0x2)
syz_io_uring_submit(r10, r11, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0xc, 0x0, r12, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0, 0x801})
io_uring_enter(r9, 0x627, 0x4c1, 0x43, 0x0, 0x0)

20.294086905s ago: executing program 8 (id=1646):
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, [@tail_call={{}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
lseek(r0, 0x851, 0x400000000000000)
ioctl$VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000080)=0x74)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r2, 0xc0145b0d, &(0x7f0000000040))

18.67544365s ago: executing program 8 (id=1647):
gettid() (async)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x0) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000c80)={{0x1, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000b40)='%pB    \x00'}, 0x20)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000cc0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000dc0)={{0x1, <r3=>0xffffffffffffffff}, &(0x7f0000000d40), &(0x7f0000000d80)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x7, 0x2b, &(0x7f0000000700)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, {}, {}, [@map_fd={0x18, 0xa}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffff}}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffff9}, @ldst={0x1, 0x0, 0x0, 0x4, 0x5, 0xfffffffffffffffe}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x5}, @alu={0x0, 0x0, 0xf, 0x0, 0x0, 0x4, 0xffffffffffffffef}, @map_fd={0x18, 0x3}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000880)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000980)={0x2, 0x5}, 0x8, 0x10, &(0x7f00000009c0)={0x2, 0xe, 0xd, 0x5}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, &(0x7f0000000e00)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, r2, r3], &(0x7f0000000e40)=[{0x1, 0x4, 0xa, 0x5}, {0x5, 0x1, 0x2, 0xf}], 0x10, 0xfffffffb}, 0x94) (async, rerun: 64)
read(r0, &(0x7f0000000b80)=""/215, 0xd7) (async, rerun: 64)
wait4(0x0, 0x0, 0x1000000, 0x0) (async)
r4 = socket$kcm(0x10, 0x2, 0x0) (async, rerun: 64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (rerun: 64)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a30000000004c000000060a010400000000000000000100000008000b400000000024000480200001800d00010073796e70726f7879000000000c00028008000340000000000900010073797a300000000030000000090a01021d0000000000000003000000080008400000000108000540000000090900010073797a310000000054000000020a010400000000000000000200000908000240000000010c000440000000000000000308000240000000020c00044000000000000000050900010073797a31000000000900010073797a300000000010010000180a0102000000000000000005000009800003807c0003801400010076657468315f746f5f6272696467650014000100626f6e645f736c6176655f300000000014000100677265300000000000000000000000001400010076657468315f6d6163767461700000001400010070696d7265670000000000000000000014000100776732000000000000000000000000000900020073797a30000000000c00038008000140000000000900010073797a30000000000c0003800800014000000000340003800800014000000000080001400000000008000240fffffff5080002400000000008000240000000070800024000000e8c0c00038008000240000000080900010073797a300000000030000000080a01020000000000000000050000060c0003400000000000000002080009400000000108000a400000010170000000030a050000000000000000000000000908000a40000000042d000c00f9b2b92304b157a6713f939c722d04a7c1172dc3ee5734d6e61a5f7e460839fd667f64e1704d6266430000000900010073797a31000000000c00024000000000000000050a000700726f757465000000140000001100010000000000000000000000000a"], 0x2f4}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x50)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
listen(r7, 0x0) (async)
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) (async)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x43, 0x0, 0x0) (async)
writev(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$MAP_LOOKUP_BATCH(0x19, 0x0, 0x0) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003400200000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x60044884)
getsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
r8 = syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000600)={0x2c, 0x1, 0x3, "ff050000007eefad00000000ffffffff000000000000fe5c57c82fcd414600", 0x3031334d})

18.257889813s ago: executing program 8 (id=1648):
r0 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x140, 0x5c, 0x160, 0x140, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'wg1\x00', {}, {0x222cecdb0fb5a62a}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}, @common=@unspec=@state={{0x28}, {0xfffffffd}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @private2, [], [0xff], 'veth1_to_hsr\x00', 'dummy0\x00', {}, {}, 0x88}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
sendmsg$nl_route(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20004000)
listen(r0, 0x9)
bind$rds(r0, &(0x7f0000000440)={0x2, 0x4e24, @multicast1}, 0x10)

17.585980068s ago: executing program 8 (id=1649):
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$igmp(0x2, 0x3, 0x2)
sendto$inet(r0, 0x0, 0x0, 0x40804, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r4, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000", @ANYRES32=r5, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$cgroup(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0)
r6 = socket$inet(0x2, 0x1, 0x0)
setsockopt(r6, 0x0, 0x6, &(0x7f0000000080), 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x31)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106800000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67000000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b65b0ff000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48)

15.241930632s ago: executing program 8 (id=1650):
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x7ffffffff000, 0x3, &(0x7f0000fee000/0x2000)=nil)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$dsp(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
writev(r2, &(0x7f0000000400)=[{&(0x7f0000000100)="92", 0x1}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1d, 0x0, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCGSID(r6, 0x5429, 0x0)
fcntl$lock(r5, 0x5, &(0x7f0000000040)={0x1, 0x0, 0x7, 0xb25})
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r4, 0x0, r7, 0x0, 0xf3a, 0x0)
splice(r1, 0x0, r7, 0x0, 0x80, 0x4)
r8 = io_uring_setup(0xf08, &(0x7f000000c480)={0x0, 0xfbf6, 0x400, 0x0, 0x349})
io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f0000000540)=[{0x0}], 0x1)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x1e28, 0x40, 0x0, 0x89, 0x0, r8})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'lo\x00'})
getrlimit(0x1, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_FILES(r10, 0x1e, &(0x7f0000000000)=[r8], 0x1)
read(r1, &(0x7f0000000240)=""/230, 0xe6)
write(r3, 0x0, 0x0)
ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000040)={0x6, 0x7f, 0x2})

0s ago: executing program 42 (id=1650):
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x7ffffffff000, 0x3, &(0x7f0000fee000/0x2000)=nil)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$dsp(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
writev(r2, &(0x7f0000000400)=[{&(0x7f0000000100)="92", 0x1}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1d, 0x0, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TIOCGSID(r6, 0x5429, 0x0)
fcntl$lock(r5, 0x5, &(0x7f0000000040)={0x1, 0x0, 0x7, 0xb25})
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r4, 0x0, r7, 0x0, 0xf3a, 0x0)
splice(r1, 0x0, r7, 0x0, 0x80, 0x4)
r8 = io_uring_setup(0xf08, &(0x7f000000c480)={0x0, 0xfbf6, 0x400, 0x0, 0x349})
io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f0000000540)=[{0x0}], 0x1)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x1e28, 0x40, 0x0, 0x89, 0x0, r8})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'lo\x00'})
getrlimit(0x1, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_FILES(r10, 0x1e, &(0x7f0000000000)=[r8], 0x1)
read(r1, &(0x7f0000000240)=""/230, 0xe6)
write(r3, 0x0, 0x0)
ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000040)={0x6, 0x7f, 0x2})

kernel console output (not intermixed with test programs):

8 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  735.257256][T13119] RSP: 002b:00007efefbcc0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  735.257276][T13119] RAX: ffffffffffffffda RBX: 00007efefafb5fa0 RCX: 00007efefad8d5fc
[  735.257291][T13119] RDX: 000000000000000f RSI: 00007efefbcc00a0 RDI: 0000000000000007
[  735.257303][T13119] RBP: 00007efefbcc0090 R08: 0000000000000000 R09: 0000000000000000
[  735.257315][T13119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  735.257326][T13119] R13: 00007efefafb6038 R14: 00007efefafb5fa0 R15: 00007ffc95169128
[  735.257354][T13119]  </TASK>
[  735.488254][    C1] vkms_vblank_simulate: vblank timer overrun
[  735.940282][ T5915] usb 10-1: new full-speed USB device number 15 using dummy_hcd
[  735.957905][T13129] netlink: 96 bytes leftover after parsing attributes in process `syz.8.1492'.
[  736.465450][ T5915] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  736.492604][ T5915] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  736.639820][ T5915] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  736.649036][ T5915] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  736.688524][ T5915] usb 10-1: config 0 descriptor??
[  737.737809][ T5915] hub 10-1:0.0: USB hub found
[  738.212818][ T5915] hub 10-1:0.0: 2 ports detected
[  738.980315][ T5915] usb 10-1: USB disconnect, device number 15
[  739.342136][T13156] tipc: Can't bind to reserved service type 1
[  740.388135][T13173] binder: 13159:13173 ioctl c0306201 2000000003c0 returned -22
[  740.571904][T13173] ptrace attach of "./syz-executor exec"[13176] was attempted by "./syz-executor exec"[13173]
[  742.641700][T13198] netlink: 'syz.8.1512': attribute type 11 has an invalid length.
[  742.833686][T13202] FAULT_INJECTION: forcing a failure.
[  742.833686][T13202] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  742.863794][T13202] CPU: 0 UID: 0 PID: 13202 Comm: syz.8.1513 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  742.863822][T13202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  742.863835][T13202] Call Trace:
[  742.863844][T13202]  <TASK>
[  742.863853][T13202]  dump_stack_lvl+0x189/0x250
[  742.863873][T13202]  ? __pfx____ratelimit+0x10/0x10
[  742.863884][T13202]  ? __pfx_dump_stack_lvl+0x10/0x10
[  742.863898][T13202]  ? __pfx__printk+0x10/0x10
[  742.863912][T13202]  ? __might_fault+0xb0/0x130
[  742.863928][T13202]  should_fail_ex+0x414/0x560
[  742.863942][T13202]  _copy_from_iter+0x1db/0x16f0
[  742.863958][T13202]  ? rcu_is_watching+0x15/0xb0
[  742.863970][T13202]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  742.863982][T13202]  ? __pfx__copy_from_iter+0x10/0x10
[  742.863996][T13202]  ? __build_skb_around+0x257/0x3e0
[  742.864013][T13202]  ? netlink_sendmsg+0x642/0xb30
[  742.864026][T13202]  ? skb_put+0x11b/0x210
[  742.864043][T13202]  netlink_sendmsg+0x6b2/0xb30
[  742.864062][T13202]  ? __pfx_netlink_sendmsg+0x10/0x10
[  742.864081][T13202]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  742.864091][T13202]  ? __pfx_netlink_sendmsg+0x10/0x10
[  742.864106][T13202]  __sock_sendmsg+0x21c/0x270
[  742.864120][T13202]  ____sys_sendmsg+0x505/0x830
[  742.864139][T13202]  ? __pfx_____sys_sendmsg+0x10/0x10
[  742.864159][T13202]  ? import_iovec+0x74/0xa0
[  742.864175][T13202]  ___sys_sendmsg+0x21f/0x2a0
[  742.864192][T13202]  ? __pfx____sys_sendmsg+0x10/0x10
[  742.864227][T13202]  ? __fget_files+0x2a/0x420
[  742.864241][T13202]  ? __fget_files+0x3a0/0x420
[  742.864258][T13202]  __x64_sys_sendmsg+0x19b/0x260
[  742.864276][T13202]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  742.864297][T13202]  ? __pfx_ksys_write+0x10/0x10
[  742.864305][T13202]  ? rcu_is_watching+0x15/0xb0
[  742.864318][T13202]  ? do_syscall_64+0xbe/0x3b0
[  742.864332][T13202]  do_syscall_64+0xfa/0x3b0
[  742.864344][T13202]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.864354][T13202]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  742.864363][T13202]  ? clear_bhb_loop+0x60/0xb0
[  742.864375][T13202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.864386][T13202] RIP: 0033:0x7f685478ebe9
[  742.864396][T13202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  742.864405][T13202] RSP: 002b:00007f6855621038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  742.864417][T13202] RAX: ffffffffffffffda RBX: 00007f68549b5fa0 RCX: 00007f685478ebe9
[  742.864424][T13202] RDX: 000000002008c014 RSI: 0000200000000580 RDI: 0000000000000004
[  742.864431][T13202] RBP: 00007f6855621090 R08: 0000000000000000 R09: 0000000000000000
[  742.864437][T13202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  742.864444][T13202] R13: 00007f68549b6038 R14: 00007f68549b5fa0 R15: 00007ffdfd5de7d8
[  742.864460][T13202]  </TASK>
[  744.529442][T13219] bridge0: port 5(hsr_slave_1) entered blocking state
[  744.546938][T13219] bridge0: port 5(hsr_slave_1) entered disabled state
[  744.557106][T13219] hsr_slave_1: entered allmulticast mode
[  744.572181][T13219] hsr_slave_1: left allmulticast mode
[  744.663070][T13221] bridge0: port 3(hsr_slave_1) entered blocking state
[  744.670286][T13221] bridge0: port 3(hsr_slave_1) entered disabled state
[  744.799138][T13219] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1520'.
[  744.817067][T13221] hsr_slave_1: entered allmulticast mode
[  745.102998][T13226] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1521'.
[  745.113370][T13221] hsr_slave_1: left allmulticast mode
[  745.119971][T13225] netlink: 96 bytes leftover after parsing attributes in process `syz.9.1522'.
[  746.323246][T13238] bridge0: port 3(veth0_to_bridge) entered blocking state
[  746.330621][T13238] bridge0: port 3(veth0_to_bridge) entered disabled state
[  746.337859][T13238] veth0_to_bridge: entered allmulticast mode
[  746.401764][T13238] veth0_to_bridge: entered promiscuous mode
[  746.407872][T13238] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  746.498005][T13238] bridge0: port 3(veth0_to_bridge) entered blocking state
[  746.505510][T13238] bridge0: port 3(veth0_to_bridge) entered forwarding state
[  746.774796][T13250] FAULT_INJECTION: forcing a failure.
[  746.774796][T13250] name failslab, interval 1, probability 0, space 0, times 0
[  746.791384][T13250] CPU: 0 UID: 0 PID: 13250 Comm: syz.8.1531 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  746.791413][T13250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  746.791425][T13250] Call Trace:
[  746.791433][T13250]  <TASK>
[  746.791441][T13250]  dump_stack_lvl+0x189/0x250
[  746.791467][T13250]  ? __pfx____ratelimit+0x10/0x10
[  746.791488][T13250]  ? __pfx_dump_stack_lvl+0x10/0x10
[  746.791510][T13250]  ? __pfx__printk+0x10/0x10
[  746.791538][T13250]  ? __pfx___might_resched+0x10/0x10
[  746.791559][T13250]  ? fs_reclaim_acquire+0x7d/0x100
[  746.791588][T13250]  should_fail_ex+0x414/0x560
[  746.791614][T13250]  should_failslab+0xa8/0x100
[  746.791645][T13250]  __kmalloc_noprof+0xcb/0x4f0
[  746.791663][T13250]  ? tomoyo_encode+0x28b/0x550
[  746.791690][T13250]  tomoyo_encode+0x28b/0x550
[  746.791717][T13250]  tomoyo_realpath_from_path+0x58d/0x5d0
[  746.791743][T13250]  ? tomoyo_domain+0xda/0x130
[  746.791772][T13250]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  746.791794][T13250]  tomoyo_path_number_perm+0x1e8/0x5a0
[  746.791818][T13250]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  746.791837][T13250]  ? arch_stack_walk+0xfc/0x150
[  746.791860][T13250]  ? look_up_lock_class+0x74/0x170
[  746.791882][T13250]  ? register_lock_class+0x51/0x320
[  746.791949][T13250]  ? __pfx_from_kuid+0x10/0x10
[  746.791976][T13250]  ? down_write_killable+0x178/0x230
[  746.792005][T13250]  ? __pfx_down_write_killable+0x10/0x10
[  746.792032][T13250]  tomoyo_path_chown+0x46/0xc0
[  746.792060][T13250]  security_path_chown+0x13d/0x360
[  746.792093][T13250]  chown_common+0x3bd/0x5c0
[  746.792126][T13250]  ? __pfx_chown_common+0x10/0x10
[  746.792161][T13250]  ? mnt_get_write_access+0x223/0x2a0
[  746.792199][T13250]  do_fchownat+0x161/0x270
[  746.792224][T13250]  ? __pfx_do_fchownat+0x10/0x10
[  746.792246][T13250]  ? __pfx_ksys_write+0x10/0x10
[  746.792262][T13250]  ? rcu_is_watching+0x15/0xb0
[  746.792291][T13250]  __x64_sys_chown+0x82/0xa0
[  746.792316][T13250]  do_syscall_64+0xfa/0x3b0
[  746.792336][T13250]  ? lockdep_hardirqs_on+0x9c/0x150
[  746.792355][T13250]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  746.792373][T13250]  ? clear_bhb_loop+0x60/0xb0
[  746.792397][T13250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  746.792415][T13250] RIP: 0033:0x7f685478ebe9
[  746.792433][T13250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  746.792450][T13250] RSP: 002b:00007f6855621038 EFLAGS: 00000246 ORIG_RAX: 000000000000005c
[  746.792471][T13250] RAX: ffffffffffffffda RBX: 00007f68549b5fa0 RCX: 00007f685478ebe9
[  746.792485][T13250] RDX: 000000000000ee01 RSI: 0000000000000000 RDI: 00002000000003c0
[  746.792498][T13250] RBP: 00007f6855621090 R08: 0000000000000000 R09: 0000000000000000
[  746.792510][T13250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  746.792522][T13250] R13: 00007f68549b6038 R14: 00007f68549b5fa0 R15: 00007ffdfd5de7d8
[  746.792555][T13250]  </TASK>
[  746.792646][T13250] ERROR: Out of memory at tomoyo_realpath_from_path.
[  746.995985][T13257] netlink: 'syz.6.1534': attribute type 1 has an invalid length.
[  747.115709][T13253] overlay: Unknown parameter 'subj_role'
[  747.180175][T13257] netlink: 'syz.6.1534': attribute type 1 has an invalid length.
[  747.298927][T13264] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1536'.
[  747.316941][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  747.317009][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  748.095237][T13255] tty tty1: ldisc open failed (-12), clearing slot 0
[  748.434855][T13286] FAULT_INJECTION: forcing a failure.
[  748.434855][T13286] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  748.477741][T13286] CPU: 0 UID: 0 PID: 13286 Comm: syz.9.1542 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  748.477769][T13286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  748.477780][T13286] Call Trace:
[  748.477787][T13286]  <TASK>
[  748.477796][T13286]  dump_stack_lvl+0x189/0x250
[  748.477823][T13286]  ? __pfx____ratelimit+0x10/0x10
[  748.477842][T13286]  ? __pfx_dump_stack_lvl+0x10/0x10
[  748.477862][T13286]  ? __pfx__printk+0x10/0x10
[  748.477884][T13286]  ? __might_fault+0xb0/0x130
[  748.477915][T13286]  should_fail_ex+0x414/0x560
[  748.477941][T13286]  _copy_from_iter+0x1db/0x16f0
[  748.477965][T13286]  ? rcu_is_watching+0x15/0xb0
[  748.477987][T13286]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  748.478006][T13286]  ? __pfx__copy_from_iter+0x10/0x10
[  748.478031][T13286]  ? __build_skb_around+0x257/0x3e0
[  748.478061][T13286]  ? netlink_sendmsg+0x642/0xb30
[  748.478085][T13286]  ? skb_put+0x11b/0x210
[  748.478112][T13286]  netlink_sendmsg+0x6b2/0xb30
[  748.478147][T13286]  ? __pfx_netlink_sendmsg+0x10/0x10
[  748.478179][T13286]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  748.478197][T13286]  ? __pfx_netlink_sendmsg+0x10/0x10
[  748.478220][T13286]  __sock_sendmsg+0x21c/0x270
[  748.478242][T13286]  ____sys_sendmsg+0x505/0x830
[  748.478270][T13286]  ? __pfx_____sys_sendmsg+0x10/0x10
[  748.478301][T13286]  ? import_iovec+0x74/0xa0
[  748.478324][T13286]  ___sys_sendmsg+0x21f/0x2a0
[  748.478349][T13286]  ? __pfx____sys_sendmsg+0x10/0x10
[  748.478399][T13286]  ? __fget_files+0x2a/0x420
[  748.478415][T13286]  ? __fget_files+0x3a0/0x420
[  748.478439][T13286]  __x64_sys_sendmsg+0x19b/0x260
[  748.478462][T13286]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  748.478610][T13286]  ? __pfx_ksys_write+0x10/0x10
[  748.478624][T13286]  ? rcu_is_watching+0x15/0xb0
[  748.478646][T13286]  ? do_syscall_64+0xbe/0x3b0
[  748.478667][T13286]  do_syscall_64+0xfa/0x3b0
[  748.478683][T13286]  ? lockdep_hardirqs_on+0x9c/0x150
[  748.478699][T13286]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.478716][T13286]  ? clear_bhb_loop+0x60/0xb0
[  748.478735][T13286]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.478750][T13286] RIP: 0033:0x7f080058ebe9
[  748.478766][T13286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  748.478781][T13286] RSP: 002b:00007f0801362038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  748.478801][T13286] RAX: ffffffffffffffda RBX: 00007f08007b5fa0 RCX: 00007f080058ebe9
[  748.478819][T13286] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  748.478831][T13286] RBP: 00007f0801362090 R08: 0000000000000000 R09: 0000000000000000
[  748.478842][T13286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  748.478853][T13286] R13: 00007f08007b6038 R14: 00007f08007b5fa0 R15: 00007ffd72f5a438
[  748.478884][T13286]  </TASK>
[  748.976630][T13290] netlink: 'syz.6.1541': attribute type 3 has an invalid length.
[  748.992462][T13290] netlink: 'syz.6.1541': attribute type 3 has an invalid length.
[  749.222742][T13283] netlink: 336 bytes leftover after parsing attributes in process `syz.6.1541'.
[  749.450345][T11955] usb 10-1: new high-speed USB device number 16 using dummy_hcd
[  749.538430][T13299] netlink: 'syz.6.1544': attribute type 21 has an invalid length.
[  749.569774][T13299] netlink: 6 bytes leftover after parsing attributes in process `syz.6.1544'.
[  749.610129][T11955] usb 10-1: Using ep0 maxpacket: 8
[  749.624475][T11955] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[  749.638570][T11955] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  749.651929][T11955] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  749.677686][T11955] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  749.790151][T11955] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  749.793954][T13302] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1535'.
[  749.810307][T11955] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  749.840879][T11955] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  749.871151][T13302] netlink: 'syz.8.1535': attribute type 1 has an invalid length.
[  749.878985][T13302] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1535'.
[  750.133627][T11955] usb 10-1: usb_control_msg returned -32
[  750.158556][T11955] usbtmc 10-1:16.0: can't read capabilities
[  750.694831][ T5929] usb 10-1: USB disconnect, device number 16
[  751.338470][T13313] bridge0: entered promiscuous mode
[  751.345758][T13313] macsec1: entered promiscuous mode
[  751.426677][T13315] overlayfs: missing 'workdir'
[  752.720884][T13326] xt_hashlimit: overflow, rate too high: 0
[  753.017750][T13333] FAULT_INJECTION: forcing a failure.
[  753.017750][T13333] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  753.042201][T13333] CPU: 1 UID: 0 PID: 13333 Comm: syz.6.1555 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  753.042227][T13333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  753.042239][T13333] Call Trace:
[  753.042246][T13333]  <TASK>
[  753.042255][T13333]  dump_stack_lvl+0x189/0x250
[  753.042282][T13333]  ? __pfx____ratelimit+0x10/0x10
[  753.042303][T13333]  ? __pfx_dump_stack_lvl+0x10/0x10
[  753.042324][T13333]  ? __pfx__printk+0x10/0x10
[  753.042349][T13333]  ? __might_fault+0xb0/0x130
[  753.042380][T13333]  should_fail_ex+0x414/0x560
[  753.042406][T13333]  _copy_from_user+0x2d/0xb0
[  753.042433][T13333]  csum_and_copy_from_iter_full+0x1e1/0x1eb0
[  753.042485][T13333]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[  753.042528][T13333]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  753.042549][T13333]  ip_generic_getfrag+0x12f/0x2b0
[  753.042574][T13333]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  753.042598][T13333]  ? skb_put+0x11b/0x210
[  753.042629][T13333]  __ip_append_data+0x3240/0x40f0
[  753.042672][T13333]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  753.042714][T13333]  ? __pfx___ip_append_data+0x10/0x10
[  753.042738][T13333]  ? __local_bh_enable_ip+0x12d/0x1c0
[  753.042759][T13333]  ? lockdep_hardirqs_on+0x9c/0x150
[  753.042782][T13333]  ip_append_data+0x10e/0x190
[  753.042804][T13333]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  753.042824][T13333]  udp_sendmsg+0x541/0x2180
[  753.042858][T13333]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  753.042877][T13333]  ? __pfx_udp_sendmsg+0x10/0x10
[  753.042900][T13333]  ? __lock_acquire+0xab9/0xd20
[  753.042915][T13333]  ? smack_socket_sendmsg+0x1a7/0x520
[  753.042940][T13333]  ? __lock_acquire+0xab9/0xd20
[  753.042970][T13333]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  753.042994][T13333]  ? __fget_files+0x2a/0x420
[  753.043012][T13333]  ? sock_rps_record_flow+0x19/0x410
[  753.043033][T13333]  ? inet_sendmsg+0x29c/0x370
[  753.043050][T13333]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  753.043070][T13333]  __sock_sendmsg+0x19c/0x270
[  753.043093][T13333]  __sys_sendto+0x3bd/0x520
[  753.043118][T13333]  ? __pfx___sys_sendto+0x10/0x10
[  753.043147][T13333]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  753.043178][T13333]  ? __fget_files+0x3a0/0x420
[  753.043206][T13333]  ? ksys_write+0x22a/0x250
[  753.043224][T13333]  ? __pfx_ksys_write+0x10/0x10
[  753.043238][T13333]  ? rcu_is_watching+0x15/0xb0
[  753.043260][T13333]  __x64_sys_sendto+0xde/0x100
[  753.043286][T13333]  do_syscall_64+0xfa/0x3b0
[  753.043304][T13333]  ? lockdep_hardirqs_on+0x9c/0x150
[  753.043320][T13333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  753.043336][T13333]  ? clear_bhb_loop+0x60/0xb0
[  753.043356][T13333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  753.043372][T13333] RIP: 0033:0x7efefad8ebe9
[  753.043388][T13333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  753.043403][T13333] RSP: 002b:00007efefbc7e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  753.043421][T13333] RAX: ffffffffffffffda RBX: 00007efefafb6180 RCX: 00007efefad8ebe9
[  753.043434][T13333] RDX: 000000000000fdbe RSI: 0000200000000100 RDI: 0000000000000007
[  753.043446][T13333] RBP: 00007efefbc7e090 R08: 0000000000000000 R09: 0000000011000a00
[  753.043457][T13333] R10: 0000000004004084 R11: 0000000000000246 R12: 0000000000000001
[  753.043468][T13333] R13: 00007efefafb6218 R14: 00007efefafb6180 R15: 00007ffc95169128
[  753.043495][T13333]  </TASK>
[  753.757894][T13342] erspan0: entered promiscuous mode
[  753.787987][T13342] erspan0: left promiscuous mode
[  753.806504][T11880] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  753.834003][T13343] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1556'.
[  754.117873][T11880] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  754.173782][T11880] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  754.215644][T13347] netlink: 755 bytes leftover after parsing attributes in process `syz.8.1558'.
[  754.279509][T11880] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  754.287081][T13349] netlink: 'syz.8.1558': attribute type 10 has an invalid length.
[  754.300878][T13349] 8021q: adding VLAN 0 to HW filter on device batadv0
[  754.309145][T13349] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  754.348664][T11880] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  754.394959][T13348] netlink: 'syz.8.1558': attribute type 10 has an invalid length.
[  754.405635][T13348] netlink: 'syz.8.1558': attribute type 10 has an invalid length.
[  754.413593][T13348] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1558'.
[  754.422676][T13348] batadv0: entered promiscuous mode
[  754.427890][T13348] batadv0: entered allmulticast mode
[  754.446939][T11880] usb 5-1: Manufacturer: syz
[  754.452011][T13347] netlink: 'syz.8.1558': attribute type 10 has an invalid length.
[  754.452399][T13348] bond0: (slave batadv0): Releasing backup interface
[  754.460356][T13347] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1558'.
[  754.480902][ T5843] Bluetooth: hci5: command 0x0406 tx timeout
[  754.482826][T11880] usb 5-1: config 0 descriptor??
[  754.503613][T13348] bridge0: port 4(batadv0) entered blocking state
[  754.510408][T13348] bridge0: port 4(batadv0) entered disabled state
[  754.532492][T11880] igorplugusb 5-1:0.0: incorrect number of endpoints
[  754.544535][ T6437] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  754.554479][ T6437] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  754.918696][T13340] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1557'.
[  755.492448][ T6437] Bluetooth: hci2: Frame reassembly failed (-84)
[  755.540063][ T5929] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  755.700077][ T5929] usb 7-1: Using ep0 maxpacket: 32
[  755.708025][ T5929] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  755.716677][ T5929] usb 7-1: config 0 has no interface number 0
[  755.727276][ T5929] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  755.740527][ T5929] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  755.752898][ T5929] usb 7-1: Product: syz
[  755.762802][ T5929] usb 7-1: Manufacturer: syz
[  755.779512][ T5929] usb 7-1: SerialNumber: syz
[  755.817273][ T5929] usb 7-1: config 0 descriptor??
[  755.838008][ T5929] smsc95xx v2.0.0
[  756.456176][ T5929] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  756.468274][ T5929] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  756.481730][ T5915] usb 9-1: new full-speed USB device number 21 using dummy_hcd
[  756.696769][ T5915] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  756.716676][ T5915] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 2
[  756.743829][ T5915] usb 9-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  756.762311][ T5915] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  756.781388][ T5915] usb 9-1: config 0 descriptor??
[  756.815485][ T5915] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  756.827580][ T5915] dvb-usb: bulk message failed: -22 (3/0)
[  756.845918][ T5915] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  756.865715][ T5915] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  756.883043][ T5915] usb 9-1: media controller created
[  756.900423][ T5915] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  756.910048][ T5843] Bluetooth: hci2: command 0x1003 tx timeout
[  756.910127][ T5839] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  756.922579][T13353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  756.937127][T11955] usb 5-1: USB disconnect, device number 27
[  756.972359][ T5915] dvb-usb: bulk message failed: -22 (6/0)
[  756.982313][ T5915] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  756.984989][T13353] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  756.993091][ T5915] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.8/usb9/9-1/input/input13
[  757.027812][ T5915] dvb-usb: schedule remote query interval to 150 msecs.
[  757.054667][ T5915] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  757.212601][ T5915] dvb-usb: bulk message failed: -22 (1/0)
[  757.322327][T13353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  757.430783][T13353] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  757.452003][T13353] netlink: 'syz.6.1560': attribute type 5 has an invalid length.
[  757.463979][ T5915] dvb-usb: error while querying for an remote control event.
[  757.546332][ T5915] usb 9-1: USB disconnect, device number 21
[  757.554124][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  757.566747][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  757.579598][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  757.592715][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  757.605765][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  757.618700][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  757.631905][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  757.645090][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  757.658020][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  757.670982][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  758.195963][T13373] overlay: Unknown parameter 'subj_role'
[  760.137676][T13380] xt_hashlimit: overflow, rate too high: 0
[  760.189947][ T5929] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  760.254392][ T5929] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71
[  761.236149][ T5929] usb 7-1: USB disconnect, device number 30
[  761.684045][ T5915] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  761.849761][ T5929] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  762.069820][ T5929] usb 7-1: Using ep0 maxpacket: 8
[  762.152124][ T5929] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  762.560207][    C1] net_ratelimit: 4142 callbacks suppressed
[  762.560221][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  762.578860][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  762.591595][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  762.604366][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  762.617103][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  762.629866][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  762.642654][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  762.655370][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  762.673223][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  762.686423][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  763.049805][ T5929] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  763.123827][ T5929] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  763.216954][T13402] 9pnet_fd: Insufficient options for proto=fd
[  763.339428][ T5929] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  763.535850][ T5929] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  763.599151][T13392] tipc: Started in network mode
[  763.608024][ T5929] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  763.628497][T13392] tipc: Node identity 966a4b4f6bcb, cluster identity 4711
[  763.669480][ T5929] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  763.693026][T13392] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  763.708485][ T5929] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  763.794666][ T5929] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  763.799007][T13393] syzkaller0: entered promiscuous mode
[  763.815766][ T5929] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  763.817131][ T5929] usb 7-1: config 168 descriptor has 1 excess byte, ignoring
[  763.817179][ T5929] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  763.817206][ T5929] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  763.817231][ T5929] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  763.817258][ T5929] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  763.821648][ T5929] usb 7-1: string descriptor 0 read error: -22
[  763.839911][T13393] syzkaller0: entered allmulticast mode
[  764.163675][ T5929] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  764.228134][ T5929] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  764.809813][ T5976] tipc: Node number set to 4255206223
[  765.096791][T13409] netlink: 200 bytes leftover after parsing attributes in process `syz.5.1573'.
[  765.200609][ T5929] usb 7-1: can't set config #168, error -71
[  765.308273][ T5929] usb 7-1: USB disconnect, device number 31
[  765.395821][T13393] tipc: Resetting bearer <eth:syzkaller0>
[  766.156981][T13420] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1574'.
[  766.193243][T11955] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[  766.229381][T13393] tipc: Disabling bearer <eth:syzkaller0>
[  767.093667][T11955] usb 9-1: config index 0 descriptor too short (expected 23569, got 27)
[  767.105583][T11955] usb 9-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  767.158786][T11955] usb 9-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  767.299752][T11955] usb 9-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  767.307805][T11955] usb 9-1: Manufacturer: syz
[  767.375639][T11955] usb 9-1: config 0 descriptor??
[  767.435297][T11955] igorplugusb 9-1:0.0: incorrect number of endpoints
[  767.529136][T13429] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1578'.
[  767.570306][    C1] net_ratelimit: 3920 callbacks suppressed
[  767.570328][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  767.589773][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  767.603324][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  767.616866][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  767.630485][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  767.644026][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  767.657624][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  767.671125][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  767.684620][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  767.698096][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  767.807824][T13431] 9pnet_fd: Insufficient options for proto=fd
[  767.843447][T13411] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1575'.
[  767.946000][T13435] netlink: 'syz.4.1579': attribute type 21 has an invalid length.
[  768.009507][T13435] netlink: 6 bytes leftover after parsing attributes in process `syz.4.1579'.
[  769.518193][T13437] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  769.555724][T13437] syzkaller0: entered promiscuous mode
[  769.825963][T13437] syzkaller0: entered allmulticast mode
[  769.869956][ T5843] Bluetooth: hci2: command 0x1003 tx timeout
[  769.876611][ T5839] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  770.156181][ T5929] usb 9-1: USB disconnect, device number 22
[  770.629964][ T5929] tipc: Node number set to 3742252890
[  770.676767][T13455] tipc: Resetting bearer <eth:syzkaller0>
[  770.952983][T13467] FAULT_INJECTION: forcing a failure.
[  770.952983][T13467] name failslab, interval 1, probability 0, space 0, times 0
[  771.048688][T13467] CPU: 0 UID: 0 PID: 13467 Comm: syz.4.1589 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  771.048719][T13467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  771.048732][T13467] Call Trace:
[  771.048741][T13467]  <TASK>
[  771.048751][T13467]  dump_stack_lvl+0x189/0x250
[  771.048780][T13467]  ? __pfx____ratelimit+0x10/0x10
[  771.048803][T13467]  ? __pfx_dump_stack_lvl+0x10/0x10
[  771.048825][T13467]  ? __pfx__printk+0x10/0x10
[  771.048856][T13467]  ? __pfx___might_resched+0x10/0x10
[  771.048894][T13467]  should_fail_ex+0x414/0x560
[  771.048921][T13467]  ? netfs_extract_user_iter+0xef/0x9c0
[  771.048940][T13467]  should_failslab+0xa8/0x100
[  771.048963][T13467]  __kvmalloc_node_noprof+0x161/0x5f0
[  771.048987][T13467]  ? netfs_extract_user_iter+0xef/0x9c0
[  771.049012][T13467]  netfs_extract_user_iter+0xef/0x9c0
[  771.049042][T13467]  ? __asan_memset+0x22/0x50
[  771.049070][T13467]  ? iov_iter_folio_queue+0x127/0x1a0
[  771.049096][T13467]  ? __pfx_netfs_extract_user_iter+0x10/0x10
[  771.049116][T13467]  ? rolling_buffer_init+0x197/0x240
[  771.049150][T13467]  netfs_unbuffered_write_iter_locked+0x260/0x6f0
[  771.049182][T13467]  netfs_unbuffered_write_iter+0x4c4/0x660
[  771.049213][T13467]  do_iter_readv_writev+0x56b/0x7f0
[  771.049237][T13467]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  771.049256][T13467]  ? rcu_read_lock_any_held+0xb3/0x120
[  771.049299][T13467]  vfs_writev+0x31a/0x960
[  771.049328][T13467]  ? __lock_acquire+0xab9/0xd20
[  771.049349][T13467]  ? __pfx_vfs_writev+0x10/0x10
[  771.049390][T13467]  ? __fget_files+0x2a/0x420
[  771.049418][T13467]  ? __fget_files+0x3a0/0x420
[  771.049438][T13467]  ? __fget_files+0x2a/0x420
[  771.049471][T13467]  do_writev+0x14d/0x2d0
[  771.049498][T13467]  ? __pfx_do_writev+0x10/0x10
[  771.049519][T13467]  ? rcu_is_watching+0x15/0xb0
[  771.049547][T13467]  ? do_syscall_64+0xbe/0x3b0
[  771.049575][T13467]  do_syscall_64+0xfa/0x3b0
[  771.049595][T13467]  ? lockdep_hardirqs_on+0x9c/0x150
[  771.049616][T13467]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.049639][T13467]  ? clear_bhb_loop+0x60/0xb0
[  771.049659][T13467]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.049676][T13467] RIP: 0033:0x7f48eab8ebe9
[  771.049694][T13467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  771.049711][T13467] RSP: 002b:00007f48eb948038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  771.049733][T13467] RAX: ffffffffffffffda RBX: 00007f48eadb5fa0 RCX: 00007f48eab8ebe9
[  771.049748][T13467] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000007
[  771.049761][T13467] RBP: 00007f48eb948090 R08: 0000000000000000 R09: 0000000000000000
[  771.049773][T13467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  771.049785][T13467] R13: 00007f48eadb6038 R14: 00007f48eadb5fa0 R15: 00007fff1c9bb8b8
[  771.049820][T13467]  </TASK>
[  771.329728][    C0] vkms_vblank_simulate: vblank timer overrun
[  771.388373][T13471] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1590'.
[  771.728692][T13436] tipc: Resetting bearer <eth:syzkaller0>
[  771.757548][T13472] 9pnet_fd: Insufficient options for proto=fd
[  772.574802][T13436] tipc: Disabling bearer <eth:syzkaller0>
[  772.580621][    C1] net_ratelimit: 3416 callbacks suppressed
[  772.580642][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  772.581892][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  772.612111][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  772.625499][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  772.638413][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  772.651208][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  772.664226][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  772.677199][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  772.690091][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  772.702732][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  773.692818][T13479] netlink: 96 bytes leftover after parsing attributes in process `syz.9.1594'.
[  777.589831][    C1] net_ratelimit: 6388 callbacks suppressed
[  777.589846][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  777.608294][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  777.620911][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  777.633538][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  777.646148][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  777.658765][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  777.671376][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  777.684425][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  777.697065][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  777.709750][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  781.649798][ T5908] usb 10-1: new high-speed USB device number 17 using dummy_hcd
[  782.600248][    C1] net_ratelimit: 5640 callbacks suppressed
[  782.600262][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  782.618962][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  782.631748][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  782.644569][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  782.657408][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  782.670264][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  782.683078][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  782.695877][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  782.709788][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  782.722670][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  785.367923][ T5908] usb 10-1: device descriptor read/all, error -71
[  785.574284][T13497] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1598'.
[  787.609917][    C1] net_ratelimit: 4681 callbacks suppressed
[  787.609931][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  787.628498][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  787.641186][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  787.653919][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  787.666604][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  787.679499][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  787.692222][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  787.706378][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  787.719172][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  787.731968][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  792.620169][    C1] net_ratelimit: 9062 callbacks suppressed
[  792.620184][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  792.638499][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  792.650724][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  792.663640][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  792.676574][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  792.689055][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  792.701992][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  792.714942][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  792.727487][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  792.741060][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  797.629757][    C1] net_ratelimit: 11884 callbacks suppressed
[  797.629776][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  797.648216][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  797.660638][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  797.672818][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  797.685290][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  797.697685][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  797.709947][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  797.722401][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  797.734804][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  797.746985][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  798.714340][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  798.751027][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  798.761462][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  798.770285][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  798.789982][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  798.979534][T13523] wg1 speed is unknown, defaulting to 1000
[  801.834399][T13531] netlink: 16 bytes leftover after parsing attributes in process `syz.9.1608'.
[  801.857121][ T5843] Bluetooth: hci2: command tx timeout
[  802.380305][T13538] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1609'.
[  802.640122][    C1] net_ratelimit: 10194 callbacks suppressed
[  802.640145][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  802.658932][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  802.671399][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  802.684252][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  802.697093][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  802.720147][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  802.733377][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  802.746588][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  802.759188][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  802.772325][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  803.209142][T13523] chnl_net:caif_netlink_parms(): no params data found
[  803.578756][ T5839] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  803.603245][ T5839] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  803.618348][ T5839] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  803.659953][ T5839] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  803.667732][ T5839] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  803.689462][T13553] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1612'.
[  803.966063][ T5843] Bluetooth: hci2: command tx timeout
[  806.109854][ T5839] Bluetooth: hci2: command tx timeout
[  806.115356][ T5839] Bluetooth: hci6: command tx timeout
[  807.649841][    C1] net_ratelimit: 8654 callbacks suppressed
[  807.649856][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  807.668055][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  807.680216][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  807.692654][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  807.705049][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  807.717221][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  807.729739][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  807.742112][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  807.754270][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  807.766864][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  807.802385][T13561] binder: Unknown parameter 'func'
[  808.209388][ T5839] Bluetooth: hci6: command tx timeout
[  808.217390][ T5839] Bluetooth: hci2: command tx timeout
[  808.786394][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  808.792906][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  808.848082][ T6437] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  808.935816][T13523] bridge0: port 1(bridge_slave_0) entered blocking state
[  808.960686][T13523] bridge0: port 1(bridge_slave_0) entered disabled state
[  808.984607][T13523] bridge_slave_0: entered allmulticast mode
[  809.191286][T13523] bridge_slave_0: entered promiscuous mode
[  809.217846][T13523] bridge0: port 2(bridge_slave_1) entered blocking state
[  809.237055][T13523] bridge0: port 2(bridge_slave_1) entered disabled state
[  809.257427][T13523] bridge_slave_1: entered allmulticast mode
[  809.284975][T13523] bridge_slave_1: entered promiscuous mode
[  809.342156][T13549] wg1 speed is unknown, defaulting to 1000
[  809.487226][ T6437] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  809.961004][T13574] FAULT_INJECTION: forcing a failure.
[  809.961004][T13574] name failslab, interval 1, probability 0, space 0, times 0
[  809.973865][T13574] CPU: 0 UID: 0 PID: 13574 Comm: syz.8.1618 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  809.973891][T13574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  809.973900][T13574] Call Trace:
[  809.973906][T13574]  <TASK>
[  809.973912][T13574]  dump_stack_lvl+0x189/0x250
[  809.973929][T13574]  ? __pfx____ratelimit+0x10/0x10
[  809.973941][T13574]  ? __pfx_dump_stack_lvl+0x10/0x10
[  809.973952][T13574]  ? __pfx__printk+0x10/0x10
[  809.973973][T13574]  ? __pfx___might_resched+0x10/0x10
[  809.973985][T13574]  ? fs_reclaim_acquire+0x7d/0x100
[  809.974000][T13574]  should_fail_ex+0x414/0x560
[  809.974014][T13574]  should_failslab+0xa8/0x100
[  809.974026][T13574]  __kmalloc_cache_noprof+0x70/0x3d0
[  809.974037][T13574]  ? mqueue_init_fs_context+0x57/0x370
[  809.974052][T13574]  mqueue_init_fs_context+0x57/0x370
[  809.974067][T13574]  alloc_fs_context+0x64e/0x7d0
[  809.974085][T13574]  mq_init_ns+0x10a/0x510
[  809.974099][T13574]  copy_ipcs+0x2f6/0x4f0
[  809.974114][T13574]  create_new_namespaces+0x218/0x720
[  809.974125][T13574]  ? safesetid_security_capable+0xa9/0x1a0
[  809.974139][T13574]  ? security_capable+0x7e/0x2e0
[  809.974156][T13574]  unshare_nsproxy_namespaces+0x11c/0x170
[  809.974169][T13574]  ksys_unshare+0x4c8/0x8c0
[  809.974186][T13574]  ? __pfx_ksys_unshare+0x10/0x10
[  809.974199][T13574]  ? __pfx_ksys_write+0x10/0x10
[  809.974208][T13574]  ? rcu_is_watching+0x15/0xb0
[  809.974225][T13574]  __x64_sys_unshare+0x38/0x50
[  809.974244][T13574]  do_syscall_64+0xfa/0x3b0
[  809.974256][T13574]  ? lockdep_hardirqs_on+0x9c/0x150
[  809.974267][T13574]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  809.974278][T13574]  ? clear_bhb_loop+0x60/0xb0
[  809.974290][T13574]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  809.974301][T13574] RIP: 0033:0x7f685478ebe9
[  809.974311][T13574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  809.974321][T13574] RSP: 002b:00007f6855600038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  809.974333][T13574] RAX: ffffffffffffffda RBX: 00007f68549b6090 RCX: 00007f685478ebe9
[  809.974341][T13574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000
[  809.974347][T13574] RBP: 00007f6855600090 R08: 0000000000000000 R09: 0000000000000000
[  809.974354][T13574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  809.974360][T13574] R13: 00007f68549b6128 R14: 00007f68549b6090 R15: 00007ffdfd5de7d8
[  809.974377][T13574]  </TASK>
[  810.278214][ T5843] Bluetooth: hci6: command tx timeout
[  810.461264][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  810.476763][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  810.485542][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  810.518639][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  810.526717][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  812.516029][ T5843] Bluetooth: hci6: command tx timeout
[  812.592471][ T5843] Bluetooth: hci1: command tx timeout
[  812.659661][    C1] net_ratelimit: 7877 callbacks suppressed
[  812.659682][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  812.678369][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  812.690857][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  812.703474][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  812.715933][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  812.728340][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  812.741216][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  812.754095][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  812.766637][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  812.779521][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  813.672424][ T6437] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.747197][T13523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  813.799001][T13523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  814.644180][ T6437] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  814.803807][ T5843] Bluetooth: hci1: command tx timeout
[  816.517968][T13588] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1621'.
[  816.830835][ T5843] Bluetooth: hci1: command tx timeout
[  816.885824][T13575] wg1 speed is unknown, defaulting to 1000
[  817.634297][T13523] team0: Port device team_slave_0 added
[  817.669795][    C1] net_ratelimit: 8287 callbacks suppressed
[  817.669814][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  817.676922][T13523] team0: Port device team_slave_1 added
[  817.688507][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  817.706212][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  817.718711][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  817.731630][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  817.744333][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  817.756823][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  817.769415][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  817.782279][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  817.794762][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  818.795937][T13593] overlay: Unknown parameter 'subj_role'
[  818.895856][T13523] batman_adv: batadv0: Adding interface: batadv_slave_0
[  818.907751][T13523] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  818.943582][ T5843] Bluetooth: hci1: command tx timeout
[  818.950686][T13523] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  818.969116][T13523] batman_adv: batadv0: Adding interface: batadv_slave_1
[  818.977506][T13523] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  819.044625][T13523] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  820.303119][T13600] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1624'.
[  821.384561][T13523] hsr_slave_0: entered promiscuous mode
[  821.403578][T13523] hsr_slave_1: entered promiscuous mode
[  821.425437][T13523] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  821.448693][T13523] Cannot create hsr debugfs directory
[  821.619235][T13602] block device autoloading is deprecated and will be removed.
[  822.679830][    C1] net_ratelimit: 7367 callbacks suppressed
[  822.679852][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  822.698620][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  822.711520][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  822.724037][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  822.736939][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  822.750327][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  822.762809][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  822.775766][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  822.788683][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  822.801180][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  827.689896][    C1] net_ratelimit: 10708 callbacks suppressed
[  827.689912][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  827.708270][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  827.721276][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  827.734240][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  827.746782][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  827.759807][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  827.772321][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  827.784657][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  827.797701][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  827.810273][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  832.458916][T13608] IPVS: Error joining to the multicast group
[  832.482691][T13612] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[  832.700321][    C1] net_ratelimit: 11051 callbacks suppressed
[  832.700343][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  832.728310][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  832.741254][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  832.754158][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  832.766638][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  832.779654][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  832.792571][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  832.805069][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  832.818029][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  832.830963][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  836.950094][ T5929] usb 10-1: new high-speed USB device number 19 using dummy_hcd
[  837.508180][ T6437] batadv1: left allmulticast mode
[  837.513646][ T6437] batadv1: left promiscuous mode
[  837.518931][ T6437] bridge0: port 4(batadv1) entered disabled state
[  837.551206][T13626] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1630'.
[  837.562014][ T6437] bridge0: port 3(dummy0) entered disabled state
[  837.585281][ T6437] bridge_slave_1: left allmulticast mode
[  837.602480][ T6437] bridge_slave_1: left promiscuous mode
[  837.608285][ T6437] bridge0: port 2(bridge_slave_1) entered disabled state
[  837.638746][ T5929] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  837.667062][ T5929] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  837.709682][    C1] net_ratelimit: 12778 callbacks suppressed
[  837.709702][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  837.728102][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  837.740309][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  837.752823][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  837.765232][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  837.777740][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  837.790297][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  837.802950][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  837.815196][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  837.827683][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  838.642671][ T5929] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  838.671006][ T6437] bridge_slave_0: left allmulticast mode
[  838.687547][ T5929] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  838.703037][ T6437] bridge_slave_0: left promiscuous mode
[  838.708823][ T6437] bridge0: port 1(bridge_slave_0) entered disabled state
[  838.718097][ T5929] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  838.768299][ T5929] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  838.777614][ T5929] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  838.790754][ T5929] usb 10-1: Product: syz
[  838.795040][ T5929] usb 10-1: Manufacturer: syz
[  838.902376][ T5929] cdc_wdm 10-1:1.0: skipping garbage
[  838.907730][ T5929] cdc_wdm 10-1:1.0: skipping garbage
[  838.983452][ T5929] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  839.006785][ T5929] cdc_wdm 10-1:1.0: Unknown control protocol
[  839.380847][T13621] cdc_wdm 10-1:1.0: Error submitting int urb - -90
[  839.943781][T13629] FAULT_INJECTION: forcing a failure.
[  839.943781][T13629] name failslab, interval 1, probability 0, space 0, times 0
[  839.965389][T13629] CPU: 1 UID: 0 PID: 13629 Comm: syz.9.1628 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  839.965404][T13629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  839.965412][T13629] Call Trace:
[  839.965417][T13629]  <TASK>
[  839.965422][T13629]  dump_stack_lvl+0x189/0x250
[  839.965440][T13629]  ? __pfx____ratelimit+0x10/0x10
[  839.965453][T13629]  ? __pfx_dump_stack_lvl+0x10/0x10
[  839.965464][T13629]  ? __pfx__printk+0x10/0x10
[  839.965480][T13629]  ? __pfx___might_resched+0x10/0x10
[  839.965492][T13629]  ? fs_reclaim_acquire+0x7d/0x100
[  839.965508][T13629]  should_fail_ex+0x414/0x560
[  839.965522][T13629]  should_failslab+0xa8/0x100
[  839.965534][T13629]  kmem_cache_alloc_noprof+0x73/0x3c0
[  839.965544][T13629]  ? security_file_alloc+0x34/0x330
[  839.965558][T13629]  security_file_alloc+0x34/0x330
[  839.965570][T13629]  init_file+0x93/0x2f0
[  839.965585][T13629]  alloc_empty_file+0x6e/0x1d0
[  839.965599][T13629]  path_openat+0x107/0x3830
[  839.965613][T13629]  ? arch_stack_walk+0xfc/0x150
[  839.965640][T13629]  ? kasan_save_track+0x4f/0x80
[  839.965655][T13629]  ? kasan_save_track+0x3e/0x80
[  839.965669][T13629]  ? __kasan_slab_alloc+0x6c/0x80
[  839.965678][T13629]  ? getname_flags+0xb8/0x540
[  839.965690][T13629]  ? __pfx_path_openat+0x10/0x10
[  839.965703][T13629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  839.965724][T13629]  do_filp_open+0x1fa/0x410
[  839.965738][T13629]  ? __lock_acquire+0xab9/0xd20
[  839.965750][T13629]  ? __pfx_do_filp_open+0x10/0x10
[  839.965776][T13629]  ? _raw_spin_unlock+0x28/0x50
[  839.965791][T13629]  ? alloc_fd+0x64c/0x6c0
[  839.965809][T13629]  do_sys_openat2+0x121/0x1c0
[  839.965832][T13629]  ? __pfx_do_sys_openat2+0x10/0x10
[  839.965846][T13629]  ? ksys_write+0x22a/0x250
[  839.965857][T13629]  ? __pfx_ksys_write+0x10/0x10
[  839.965866][T13629]  ? rcu_is_watching+0x15/0xb0
[  839.965879][T13629]  __x64_sys_openat+0x138/0x170
[  839.965895][T13629]  do_syscall_64+0xfa/0x3b0
[  839.965906][T13629]  ? lockdep_hardirqs_on+0x9c/0x150
[  839.965917][T13629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  839.965927][T13629]  ? clear_bhb_loop+0x60/0xb0
[  839.965940][T13629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  839.965950][T13629] RIP: 0033:0x7f080058d550
[  839.965963][T13629] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  839.965972][T13629] RSP: 002b:00007f0801340b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  839.965985][T13629] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f080058d550
[  839.965992][T13629] RDX: 0000000000000002 RSI: 00007f0801340c10 RDI: 00000000ffffff9c
[  839.965999][T13629] RBP: 00007f0801340c10 R08: 0000000000000000 R09: 00007f0801340987
[  839.966007][T13629] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  839.966013][T13629] R13: 00007f08007b6128 R14: 00007f08007b6090 R15: 00007ffd72f5a438
[  839.966029][T13629]  </TASK>
[  840.283287][ T7280] usb 10-1: USB disconnect, device number 19
[  842.719721][    C1] net_ratelimit: 11837 callbacks suppressed
[  842.719743][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  842.738515][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  842.750824][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  842.763730][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  842.776209][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  842.788582][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  842.801079][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  842.813809][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  842.826290][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  842.839198][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  843.702225][ T6437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  843.734922][ T6437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  843.775715][ T6437] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  843.817937][ T6437] bond0 (unregistering): Released all slaves
[  844.206151][ T6437] bond1 (unregistering): Released all slaves
[  844.256552][T13575] chnl_net:caif_netlink_parms(): no params data found
[  845.592892][ T6437] tipc: Left network mode
[  845.603866][T13549] chnl_net:caif_netlink_parms(): no params data found
[  845.703430][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  845.703448][   T30] audit: type=1326 audit(1755029681.039:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13631 comm="syz.8.1631" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f685478ebe9 code=0x0
[  846.991349][T13646] FAULT_INJECTION: forcing a failure.
[  846.991349][T13646] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  847.004644][T13646] CPU: 0 UID: 0 PID: 13646 Comm: syz.8.1632 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  847.004670][T13646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  847.004684][T13646] Call Trace:
[  847.004692][T13646]  <TASK>
[  847.004701][T13646]  dump_stack_lvl+0x189/0x250
[  847.004729][T13646]  ? __pfx____ratelimit+0x10/0x10
[  847.004751][T13646]  ? __pfx_dump_stack_lvl+0x10/0x10
[  847.004773][T13646]  ? __pfx__printk+0x10/0x10
[  847.004812][T13646]  should_fail_ex+0x414/0x560
[  847.004839][T13646]  _copy_to_user+0x31/0xb0
[  847.004868][T13646]  vcs_read+0xa62/0xdb0
[  847.004916][T13646]  vfs_readv+0x5aa/0x850
[  847.004941][T13646]  ? __pfx_vcs_read+0x10/0x10
[  847.004967][T13646]  ? __pfx_vfs_readv+0x10/0x10
[  847.005006][T13646]  ? __fget_files+0x2a/0x420
[  847.005033][T13646]  ? __fget_files+0x3a0/0x420
[  847.005054][T13646]  ? __fget_files+0x2a/0x420
[  847.005085][T13646]  __x64_sys_preadv+0x197/0x2a0
[  847.005110][T13646]  ? __pfx___x64_sys_preadv+0x10/0x10
[  847.005128][T13646]  ? rcu_is_watching+0x15/0xb0
[  847.005156][T13646]  ? do_syscall_64+0xbe/0x3b0
[  847.005182][T13646]  do_syscall_64+0xfa/0x3b0
[  847.005203][T13646]  ? lockdep_hardirqs_on+0x9c/0x150
[  847.005224][T13646]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.005244][T13646]  ? clear_bhb_loop+0x60/0xb0
[  847.005269][T13646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  847.005288][T13646] RIP: 0033:0x7f685478ebe9
[  847.005306][T13646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  847.005324][T13646] RSP: 002b:00007f68555df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  847.005352][T13646] RAX: ffffffffffffffda RBX: 00007f68549b6180 RCX: 00007f685478ebe9
[  847.005368][T13646] RDX: 0000000000000002 RSI: 0000200000000440 RDI: 0000000000000005
[  847.005381][T13646] RBP: 00007f68555df090 R08: 0000000000000000 R09: 0000000000000000
[  847.005395][T13646] R10: 000000000000000b R11: 0000000000000246 R12: 0000000000000001
[  847.005407][T13646] R13: 00007f68549b6218 R14: 00007f68549b6180 R15: 00007ffdfd5de7d8
[  847.005440][T13646]  </TASK>
[  847.730012][    C1] net_ratelimit: 8579 callbacks suppressed
[  847.730037][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  847.748766][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  847.761269][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  847.774242][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  847.786849][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  847.799125][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  847.812068][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  847.825008][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  847.837490][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  847.850491][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  848.329487][T13575] bridge0: port 1(bridge_slave_0) entered blocking state
[  848.357515][T13575] bridge0: port 1(bridge_slave_0) entered disabled state
[  848.383912][T13575] bridge_slave_0: entered allmulticast mode
[  848.416386][T13575] bridge_slave_0: entered promiscuous mode
[  848.545399][ T6437] hsr_slave_0: left promiscuous mode
[  848.553337][ T6437] hsr_slave_1: left promiscuous mode
[  848.638506][ T6437] veth1_vlan: left allmulticast mode
[  848.655064][ T6437] veth1_macvtap: left promiscuous mode
[  848.677440][ T6437] veth0_macvtap: left promiscuous mode
[  848.723579][ T6437] veth1_vlan: left promiscuous mode
[  848.728978][ T6437] 
@ÿ: left promiscuous mode
[  848.781602][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  848.793019][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  848.802434][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  848.829515][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  848.847892][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  850.915629][ T5839] Bluetooth: hci0: command tx timeout
[  851.452600][ T5843] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  851.489194][ T5843] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  851.499452][ T5843] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  851.508354][ T5843] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  851.522125][ T5843] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  852.705453][ T6437] team0 (unregistering): Port device team_slave_1 removed
[  852.746651][    C1] net_ratelimit: 7563 callbacks suppressed
[  852.746673][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.765111][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.778088][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  852.791065][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.803479][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.816505][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  852.829279][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.841625][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.854430][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  852.867001][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  852.925057][ T6437] team0 (unregistering): Port device team_slave_0 removed
[  853.151987][ T5839] Bluetooth: hci0: command tx timeout
[  853.630175][ T5839] Bluetooth: hci7: command tx timeout
[  853.726755][ T6437] dummy0 (unregistering): left allmulticast mode
[  854.925730][T13575] bridge0: port 2(bridge_slave_1) entered blocking state
[  854.938463][T13575] bridge0: port 2(bridge_slave_1) entered disabled state
[  854.948661][T13575] bridge_slave_1: entered allmulticast mode
[  854.965004][T13575] bridge_slave_1: entered promiscuous mode
[  855.099114][T13654] netlink: 96 bytes leftover after parsing attributes in process `syz.8.1634'.
[  855.229878][ T5839] Bluetooth: hci0: command tx timeout
[  856.681496][ T5839] Bluetooth: hci7: command tx timeout
[  857.004141][T13549] bridge0: port 1(bridge_slave_0) entered blocking state
[  857.017352][T13549] bridge0: port 1(bridge_slave_0) entered disabled state
[  857.026697][T13549] bridge_slave_0: entered allmulticast mode
[  857.047085][T13549] bridge_slave_0: entered promiscuous mode
[  857.340028][ T5839] Bluetooth: hci0: command tx timeout
[  857.444362][T13663] 9pnet_fd: Insufficient options for proto=fd
[  857.750294][    C1] net_ratelimit: 9490 callbacks suppressed
[  857.750313][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  857.769063][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.781538][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.794457][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  857.807340][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.820227][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.833132][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  857.846078][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.858592][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  857.871493][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  857.911060][T13575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  857.990087][T13549] bridge0: port 2(bridge_slave_1) entered blocking state
[  858.027164][T13549] bridge0: port 2(bridge_slave_1) entered disabled state
[  858.060394][T13549] bridge_slave_1: entered allmulticast mode
[  858.069221][T13549] bridge_slave_1: entered promiscuous mode
[  858.146489][T13650] wg1 speed is unknown, defaulting to 1000
[  858.163543][T13575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  858.761085][ T5839] Bluetooth: hci7: command tx timeout
[  859.207192][ T5843] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  859.222608][ T5843] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  859.232313][ T5843] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  859.246671][ T5843] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  859.254606][ T5843] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  859.306410][T13575] team0: Port device team_slave_0 added
[  859.387511][T13656] wg1 speed is unknown, defaulting to 1000
[  859.440787][T13575] team0: Port device team_slave_1 added
[  859.732349][T13575] batman_adv: batadv0: Adding interface: batadv_slave_0
[  859.753296][T13575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  859.835279][T13575] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  860.690641][T13575] batman_adv: batadv0: Adding interface: batadv_slave_1
[  860.700094][T13575] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  860.726000][    C0] vkms_vblank_simulate: vblank timer overrun
[  860.733309][T13575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  860.865904][ T5843] Bluetooth: hci7: command tx timeout
[  860.936570][T13665] wg1 speed is unknown, defaulting to 1000
[  861.317555][ T5843] Bluetooth: hci8: command tx timeout
[  861.664084][T13575] hsr_slave_0: entered promiscuous mode
[  861.676393][T13575] hsr_slave_1: entered promiscuous mode
[  862.372679][ T6437] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  862.759651][    C1] net_ratelimit: 7343 callbacks suppressed
[  862.759673][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  862.778135][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  862.790592][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  862.804255][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  862.816736][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  862.829158][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  862.842070][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  862.855003][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  862.867527][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  862.880503][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  862.902442][ T6437] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  863.154930][ T6437] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  863.448517][ T5843] Bluetooth: hci8: command tx timeout
[  863.670965][T13677] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1637'.
[  864.908633][ T6437] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  865.286028][T13650] chnl_net:caif_netlink_parms(): no params data found
[  865.556131][ T5843] Bluetooth: hci8: command tx timeout
[  866.938388][T13656] chnl_net:caif_netlink_parms(): no params data found
[  867.632620][ T5843] Bluetooth: hci8: command tx timeout
[  867.770213][    C1] net_ratelimit: 9270 callbacks suppressed
[  867.770236][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  867.788468][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  867.801092][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  867.813626][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  867.825849][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  867.838441][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  867.851008][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  867.863247][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  867.876293][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  867.889256][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  870.736889][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  870.755811][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  871.146442][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  871.157182][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  871.165941][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  871.174129][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  871.183037][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  872.779906][    C1] net_ratelimit: 10546 callbacks suppressed
[  872.779926][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  872.798688][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  872.811263][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  872.824207][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  872.836696][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  872.849062][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  872.861568][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  872.874431][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  872.886682][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  872.899618][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  873.231045][ T5839] Bluetooth: hci2: command tx timeout
[  873.343480][   T30] audit: type=1400 audit(1755029708.679:206): lsm=SMACK fn=smack_inode_permission action=denied subject="@.-&#^" object="_" requested=wx pid=13695 comm="syz.8.1638" name="309" dev="tmpfs" ino=1622
[  873.419804][   T30] audit: type=1400 audit(1755029708.699:207): lsm=SMACK fn=smack_inode_permission action=denied subject="@.-&#^" object="_" requested=wx pid=13695 comm="syz.8.1638" name="309" dev="tmpfs" ino=1622
[  873.499935][   T30] audit: type=1400 audit(1755029708.699:208): lsm=SMACK fn=smack_inode_permission action=denied subject="@.-&#^" object="_" requested=wx pid=13695 comm="syz.8.1638" name="309" dev="tmpfs" ino=1622
[  875.764356][ T5839] Bluetooth: hci2: command tx timeout
[  875.983154][T13650] bridge0: port 1(bridge_slave_0) entered blocking state
[  876.015281][T13650] bridge0: port 1(bridge_slave_0) entered disabled state
[  876.039226][T13650] bridge_slave_0: entered allmulticast mode
[  876.068543][T13650] bridge_slave_0: entered promiscuous mode
[  876.091708][T13650] bridge0: port 2(bridge_slave_1) entered blocking state
[  876.136090][T13650] bridge0: port 2(bridge_slave_1) entered disabled state
[  876.173888][T13650] bridge_slave_1: entered allmulticast mode
[  876.201536][T13650] bridge_slave_1: entered promiscuous mode
[  877.032922][T13650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  877.077149][T13650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  877.789753][    C1] net_ratelimit: 9647 callbacks suppressed
[  877.789774][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  877.808516][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  877.820955][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  877.833878][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  877.846696][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  877.859162][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  877.872074][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  877.884881][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  877.897313][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  877.910191][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  877.969942][ T5839] Bluetooth: hci2: command tx timeout
[  878.805524][T13711] FAULT_INJECTION: forcing a failure.
[  878.805524][T13711] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  878.827037][T13711] CPU: 0 UID: 0 PID: 13711 Comm: syz.8.1640 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  878.827065][T13711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  878.827079][T13711] Call Trace:
[  878.827088][T13711]  <TASK>
[  878.827098][T13711]  dump_stack_lvl+0x189/0x250
[  878.827126][T13711]  ? __pfx____ratelimit+0x10/0x10
[  878.827149][T13711]  ? __pfx_dump_stack_lvl+0x10/0x10
[  878.827172][T13711]  ? __pfx__printk+0x10/0x10
[  878.827197][T13711]  ? __might_fault+0xb0/0x130
[  878.827226][T13711]  should_fail_ex+0x414/0x560
[  878.827252][T13711]  _copy_from_user+0x2d/0xb0
[  878.827280][T13711]  do_fb_ioctl+0x329/0x750
[  878.827304][T13711]  ? __pfx_do_fb_ioctl+0x10/0x10
[  878.827345][T13711]  ? __asan_memset+0x22/0x50
[  878.827378][T13711]  ? __pfx_smack_file_ioctl+0x10/0x10
[  878.827409][T13711]  ? __fget_files+0x3a0/0x420
[  878.827431][T13711]  ? __fget_files+0x2a/0x420
[  878.827456][T13711]  ? bpf_lsm_file_ioctl+0x9/0x20
[  878.827489][T13711]  ? __pfx_fb_ioctl+0x10/0x10
[  878.827508][T13711]  __se_sys_ioctl+0xfc/0x170
[  878.827540][T13711]  do_syscall_64+0xfa/0x3b0
[  878.827561][T13711]  ? lockdep_hardirqs_on+0x9c/0x150
[  878.827582][T13711]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.827602][T13711]  ? clear_bhb_loop+0x60/0xb0
[  878.827626][T13711]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.827645][T13711] RIP: 0033:0x7f685478ebe9
[  878.827663][T13711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  878.827682][T13711] RSP: 002b:00007f6855621038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  878.827703][T13711] RAX: ffffffffffffffda RBX: 00007f68549b5fa0 RCX: 00007f685478ebe9
[  878.827719][T13711] RDX: 0000000000000000 RSI: 0000000000004601 RDI: 0000000000000003
[  878.827732][T13711] RBP: 00007f6855621090 R08: 0000000000000000 R09: 0000000000000000
[  878.827745][T13711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  878.827758][T13711] R13: 00007f68549b6038 R14: 00007f68549b5fa0 R15: 00007ffdfd5de7d8
[  878.827790][T13711]  </TASK>
[  879.566608][T13656] bridge0: port 1(bridge_slave_0) entered blocking state
[  879.582867][T13656] bridge0: port 1(bridge_slave_0) entered disabled state
[  879.598985][T13656] bridge_slave_0: entered allmulticast mode
[  879.620890][T13656] bridge_slave_0: entered promiscuous mode
[  879.628885][T13690] wg1 speed is unknown, defaulting to 1000
[  879.650974][T13650] team0: Port device team_slave_0 added
[  879.668289][T13650] team0: Port device team_slave_1 added
[  880.045894][ T5839] Bluetooth: hci2: command tx timeout
[  880.073901][T13656] bridge0: port 2(bridge_slave_1) entered blocking state
[  880.106027][T13656] bridge0: port 2(bridge_slave_1) entered disabled state
[  880.128899][T13656] bridge_slave_1: entered allmulticast mode
[  880.146849][T13656] bridge_slave_1: entered promiscuous mode
[  881.010459][T13665] chnl_net:caif_netlink_parms(): no params data found
[  881.209365][T13650] batman_adv: batadv0: Adding interface: batadv_slave_0
[  881.225620][T13650] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  881.266019][T13650] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  881.297541][ T6437] bridge_slave_1: left allmulticast mode
[  881.310460][ T6437] bridge_slave_1: left promiscuous mode
[  881.326002][ T6437] bridge0: port 2(bridge_slave_1) entered disabled state
[  881.354832][ T6437] bridge_slave_0: left allmulticast mode
[  881.365959][ T6437] bridge_slave_0: left promiscuous mode
[  881.374385][ T6437] bridge0: port 1(bridge_slave_0) entered disabled state
[  881.429457][ T6437] bridge_slave_1: left allmulticast mode
[  881.437008][ T6437] bridge_slave_1: left promiscuous mode
[  881.446215][ T6437] bridge0: port 2(bridge_slave_1) entered disabled state
[  881.497068][ T6437] bridge_slave_0: left allmulticast mode
[  881.511265][ T6437] bridge_slave_0: left promiscuous mode
[  881.525311][ T6437] bridge0: port 1(bridge_slave_0) entered disabled state
[  881.565397][ T6437] batadv1: left allmulticast mode
[  881.577260][ T6437] batadv1: left promiscuous mode
[  881.583955][ T6437] bridge0: port 3(batadv1) entered disabled state
[  881.640291][ T6437] bridge_slave_1: left allmulticast mode
[  881.645996][ T6437] bridge_slave_1: left promiscuous mode
[  881.659028][ T6437] bridge0: port 2(bridge_slave_1) entered disabled state
[  881.685970][ T6437] bridge_slave_0: left allmulticast mode
[  881.698656][ T6437] bridge_slave_0: left promiscuous mode
[  881.705042][ T6437] bridge0: port 1(bridge_slave_0) entered disabled state
[  882.283416][ T6437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  882.327017][ T6437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  882.366644][ T6437] bond0 (unregistering): Released all slaves
[  882.629486][ T6437] bond0 (unregistering): Released all slaves
[  882.799677][    C1] net_ratelimit: 6877 callbacks suppressed
[  882.799697][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  882.818441][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  882.830875][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  882.843348][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  882.856232][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  882.868793][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  882.881147][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  882.894024][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  882.906702][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  882.918973][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  883.783689][ T6437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  883.869980][ T6437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  883.916229][ T6437] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  883.977259][ T6437] bond0 (unregistering): Released all slaves
[  884.387563][ T6437] bond1 (unregistering): Released all slaves
[  884.455186][T13656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  884.532508][T13656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  884.702331][T13650] batman_adv: batadv0: Adding interface: batadv_slave_1
[  884.709331][T13650] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  884.766980][T13650] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  885.146968][T13656] team0: Port device team_slave_0 added
[  885.303884][ T6437] tipc: Left network mode
[  885.591776][T13656] team0: Port device team_slave_1 added
[  886.556259][T13656] batman_adv: batadv0: Adding interface: batadv_slave_0
[  886.604233][T13656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  886.776041][T13656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  886.935228][T13731] kvm: pic: non byte read
[  886.956691][T13650] hsr_slave_0: entered promiscuous mode
[  886.975824][T13650] hsr_slave_1: entered promiscuous mode
[  886.997356][T13650] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  887.026731][T13650] Cannot create hsr debugfs directory
[  887.113844][T13731] kvm: pic: non byte read
[  887.130110][T13731] kvm: pic: non byte read
[  887.134786][T13731] kvm: pic: non byte read
[  887.154681][T13731] kvm: pic: single mode not supported
[  887.179191][T13731] kvm: pic: non byte read
[  887.199031][T13731] kvm: pic: non byte read
[  887.203735][T13731] kvm: pic: non byte read
[  887.208322][T13731] kvm: pic: non byte read
[  887.219952][T13731] kvm: pic: non byte read
[  887.452144][T13656] batman_adv: batadv0: Adding interface: batadv_slave_1
[  887.459136][T13656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  887.548588][T13656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  887.819751][    C1] net_ratelimit: 7703 callbacks suppressed
[  887.819769][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  887.838622][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  887.851622][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  887.864131][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  887.877051][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  887.889532][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  887.901842][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  887.914359][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  887.926785][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  887.939003][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  888.407542][T13741] vimc link validate: Scaler:src:16x16 (0x33524742, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  888.810352][T13656] hsr_slave_0: entered promiscuous mode
[  888.823101][T13656] hsr_slave_1: entered promiscuous mode
[  888.849084][T13656] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  888.869807][T13656] Cannot create hsr debugfs directory
[  888.922820][T13665] bridge0: port 1(bridge_slave_0) entered blocking state
[  888.945074][T13665] bridge0: port 1(bridge_slave_0) entered disabled state
[  888.956975][T13665] bridge_slave_0: entered allmulticast mode
[  888.967073][T13665] bridge_slave_0: entered promiscuous mode
[  888.991112][T13665] bridge0: port 2(bridge_slave_1) entered blocking state
[  888.999054][T13665] bridge0: port 2(bridge_slave_1) entered disabled state
[  889.008666][T13665] bridge_slave_1: entered allmulticast mode
[  889.017039][T13665] bridge_slave_1: entered promiscuous mode
[  889.160165][ T5929] usb 9-1: new high-speed USB device number 23 using dummy_hcd
[  889.329958][ T5929] usb 9-1: Using ep0 maxpacket: 8
[  889.342111][ T5929] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  889.361100][ T5929] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  889.377452][ T5929] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  889.389368][ T5929] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  889.420676][ T5929] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  889.432358][ T5929] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  889.484657][ T6437] hsr_slave_0: left promiscuous mode
[  889.496084][ T6437] hsr_slave_1: left promiscuous mode
[  889.503023][ T6437] batman_adv: batadv0: Removing interface: batadv_slave_0
[  889.529414][ T6437] batman_adv: batadv0: Removing interface: batadv_slave_1
[  889.616768][ T6437] hsr_slave_0: left promiscuous mode
[  889.654951][ T6437] hsr_slave_1: left promiscuous mode
[  889.670577][ T5929] usb 9-1: GET_CAPABILITIES returned 0
[  889.690820][ T5929] usbtmc 9-1:16.0: can't read capabilities
[  889.778873][ T6437] veth1_vlan: left allmulticast mode
[  889.799493][ T6437] veth1_macvtap: left promiscuous mode
[  889.813398][ T6437] veth0_macvtap: left promiscuous mode
[  889.824295][ T6437] veth1_vlan: left promiscuous mode
[  889.833798][ T6437] veth0_vlan: left promiscuous mode
[  889.951030][ T5915] usb 9-1: USB disconnect, device number 23
[  890.814203][ T6437] team0 (unregistering): Port device team_slave_1 removed
[  890.948260][ T6437] team0 (unregistering): Port device team_slave_0 removed
[  891.441370][T13753] xt_CT: No such helper "snmp"
[  892.830143][    C1] net_ratelimit: 7603 callbacks suppressed
[  892.830163][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  892.848476][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  892.861396][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  892.874254][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  892.886788][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  892.899710][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  892.912580][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  892.925458][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  892.938310][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  892.951210][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  894.165585][ T6437] team0 (unregistering): Port device team_slave_1 removed
[  894.387321][ T6437] team0 (unregistering): Port device team_slave_0 removed
[  896.255752][T13665] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  896.347331][T13665] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  896.704636][T13665] team0: Port device team_slave_0 added
[  896.711702][T13690] chnl_net:caif_netlink_parms(): no params data found
[  896.770599][T13665] team0: Port device team_slave_1 added
[  897.839725][    C1] net_ratelimit: 8504 callbacks suppressed
[  897.839745][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  897.858035][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  897.870835][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  897.883705][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  897.896105][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  897.908895][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  897.921568][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  897.934008][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  897.946657][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  897.959159][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  898.464277][T13665] batman_adv: batadv0: Adding interface: batadv_slave_0
[  898.479317][T13665] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  898.520529][T13665] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  898.934976][T13665] batman_adv: batadv0: Adding interface: batadv_slave_1
[  898.949690][T13665] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  898.998119][T13665] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  899.029492][T13690] bridge0: port 1(bridge_slave_0) entered blocking state
[  899.046084][T13690] bridge0: port 1(bridge_slave_0) entered disabled state
[  899.056475][T13690] bridge_slave_0: entered allmulticast mode
[  899.078134][T13690] bridge_slave_0: entered promiscuous mode
[  899.166062][T13690] bridge0: port 2(bridge_slave_1) entered blocking state
[  899.173554][T13690] bridge0: port 2(bridge_slave_1) entered disabled state
[  899.192889][T13690] bridge_slave_1: entered allmulticast mode
[  899.210232][T13690] bridge_slave_1: entered promiscuous mode
[  899.355529][T13665] hsr_slave_0: entered promiscuous mode
[  899.371815][T13665] hsr_slave_1: entered promiscuous mode
[  899.378269][T13665] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  899.395327][T13665] Cannot create hsr debugfs directory
[  899.476485][T13690] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  899.562525][T13690] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  899.815088][T13690] team0: Port device team_slave_0 added
[  899.839123][T13690] team0: Port device team_slave_1 added
[  900.072727][T13690] batman_adv: batadv0: Adding interface: batadv_slave_0
[  900.086174][T13690] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  900.140824][T13690] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  900.282575][T13690] batman_adv: batadv0: Adding interface: batadv_slave_1
[  900.296589][T13690] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  900.334278][T13690] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  900.475402][T13656] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  900.508151][T13656] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  900.565735][T13656] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  900.754845][T13656] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  900.818279][T13690] hsr_slave_0: entered promiscuous mode
[  900.838089][T13690] hsr_slave_1: entered promiscuous mode
[  900.856018][T13690] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  900.868127][T13690] Cannot create hsr debugfs directory
[  901.136569][T13650] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  901.503280][T13650] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  901.564033][T13650] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  901.954134][T13650] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  902.385495][ T6437] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  902.818319][ T6437] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  902.850312][    C1] net_ratelimit: 8567 callbacks suppressed
[  902.850333][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  902.868614][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  902.881275][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  902.894175][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  902.906645][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  902.919569][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  902.932343][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  902.944797][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  902.957689][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  902.970502][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  903.083193][T13656] 8021q: adding VLAN 0 to HW filter on device bond0
[  903.296794][ T6437] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  903.464947][ T6437] netdevsim netdevsim9 netdevsim0 (unregistering): left promiscuous mode
[  903.484562][ T6437] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  903.619929][T13656] 8021q: adding VLAN 0 to HW filter on device team0
[  903.706229][ T6439] bridge0: port 1(bridge_slave_0) entered blocking state
[  903.713476][ T6439] bridge0: port 1(bridge_slave_0) entered forwarding state
[  903.786573][T13665] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  903.813412][T13665] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  903.842315][ T6439] bridge0: port 2(bridge_slave_1) entered blocking state
[  903.849568][ T6439] bridge0: port 2(bridge_slave_1) entered forwarding state
[  903.905529][T13665] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  903.984857][T13665] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  904.037365][T13650] 8021q: adding VLAN 0 to HW filter on device bond0
[  904.229416][T13690] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  904.286019][T13650] 8021q: adding VLAN 0 to HW filter on device team0
[  904.314341][T13690] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  904.384878][T13690] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  904.412604][T13690] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  904.451868][ T6426] bridge0: port 1(bridge_slave_0) entered blocking state
[  904.459056][ T6426] bridge0: port 1(bridge_slave_0) entered forwarding state
[  904.517867][ T6437] bridge_slave_1: left allmulticast mode
[  904.536477][ T6437] bridge_slave_1: left promiscuous mode
[  904.554048][ T6437] bridge0: port 2(bridge_slave_1) entered disabled state
[  904.583757][ T6437] bridge_slave_0: left allmulticast mode
[  904.589466][ T6437] bridge_slave_0: left promiscuous mode
[  904.603037][ T6437] bridge0: port 1(bridge_slave_0) entered disabled state
[  904.648655][ T6437] bridge_slave_1: left allmulticast mode
[  904.657155][ T6437] bridge_slave_1: left promiscuous mode
[  904.667937][ T6437] bridge0: port 2(bridge_slave_1) entered disabled state
[  904.707683][ T6437] bridge_slave_0: left allmulticast mode
[  904.714732][ T6437] bridge_slave_0: left promiscuous mode
[  904.724466][ T6437] bridge0: port 1(bridge_slave_0) entered disabled state
[  905.303381][ T6437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  905.355899][ T6437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  905.385404][ T6437] bond0 (unregistering): Released all slaves
[  906.345030][ T6437] bond0 (unregistering): left promiscuous mode
[  906.362066][ T6437] bond_slave_0: left promiscuous mode
[  906.374447][ T6437] bond_slave_1: left promiscuous mode
[  906.382899][ T6437] mac80211_hwsim hwsim15 wlan1: left promiscuous mode
[  906.482971][ T6437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  906.501677][ T6437] bond_slave_0: left allmulticast mode
[  906.518043][ T6437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  906.535507][ T6437] bond_slave_1: left allmulticast mode
[  906.561709][ T6437] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  906.598551][ T6437] mac80211_hwsim hwsim15 wlan1: left allmulticast mode
[  906.634297][ T6437] bond0 (unregistering): Released all slaves
[  906.863830][ T6435] bridge0: port 2(bridge_slave_1) entered blocking state
[  906.871055][ T6435] bridge0: port 2(bridge_slave_1) entered forwarding state
[  907.647391][T13650] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  907.860140][    C1] net_ratelimit: 8419 callbacks suppressed
[  907.860159][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  907.878856][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  907.891346][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  907.904198][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  907.917045][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  907.921216][T13656] 8021q: adding VLAN 0 to HW filter on device batadv0
[  907.929471][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  907.948676][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  907.961523][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  907.973924][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  907.986779][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  908.082589][T13665] 8021q: adding VLAN 0 to HW filter on device bond0
[  908.702163][T13665] 8021q: adding VLAN 0 to HW filter on device team0
[  908.853526][T13690] 8021q: adding VLAN 0 to HW filter on device bond0
[  909.529687][ T6437] hsr_slave_0: left promiscuous mode
[  909.572624][ T6437] hsr_slave_1: left promiscuous mode
[  909.590740][ T6437] batman_adv: batadv0: Removing interface: batadv_slave_0
[  909.661151][ T6437] batman_adv: batadv0: Removing interface: batadv_slave_1
[  909.837535][ T6437] hsr_slave_0: left promiscuous mode
[  909.888101][ T6437] hsr_slave_1: left promiscuous mode
[  909.979459][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  910.005664][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  910.027556][ T6437] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  910.035554][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  910.609848][ T6437] batman_adv: batadv0: Removing interface: batadv_slave_0
[  910.630239][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  910.638006][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  910.747302][ T6437] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  910.799864][ T6437] batman_adv: batadv0: Removing interface: batadv_slave_1
[  910.936730][ T6437] veth1_vlan: left allmulticast mode
[  910.980235][ T6437] team0: left allmulticast mode
[  910.985280][ T6437] team_slave_0: left allmulticast mode
[  911.025569][ T6437] team_slave_1: left allmulticast mode
[  911.049811][ T6437] team0: left promiscuous mode
[  911.057029][ T6437] team_slave_0: left promiscuous mode
[  911.062812][ T6437] team_slave_1: left promiscuous mode
[  911.130008][ T6437] veth1_macvtap: left promiscuous mode
[  911.135616][ T6437] veth0_macvtap: left promiscuous mode
[  911.169914][ T6437] veth1_vlan: left promiscuous mode
[  911.175302][ T6437] veth0_vlan: left promiscuous mode
[  911.449200][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  911.460698][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  911.482668][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  911.547474][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  911.582175][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  911.769113][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  911.782651][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  911.795974][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  911.806790][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  911.833126][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  912.268005][ T6437] team0 (unregistering): Port device team_slave_1 removed
[  912.356250][ T6437] team0 (unregistering): Port device team_slave_0 removed
[  912.832963][ T5839] Bluetooth: hci0: command tx timeout
[  912.870298][    C1] net_ratelimit: 7757 callbacks suppressed
[  912.870319][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  912.888842][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  912.901114][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  912.914093][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  912.926574][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  912.939024][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  912.951555][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  912.964475][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  912.977047][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  912.989773][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  913.719884][ T5839] Bluetooth: hci1: command tx timeout
[  913.873503][ T5839] Bluetooth: hci3: command tx timeout
[  914.139050][ T6437] team0 (unregistering): Port device team_slave_1 removed
[  914.253208][ T6437] team0 (unregistering): Port device team_slave_0 removed
[  914.913389][ T5839] Bluetooth: hci0: command tx timeout
[  915.789823][ T5839] Bluetooth: hci1: command tx timeout
[  915.820993][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  915.828198][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  915.881912][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  915.889105][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  915.963632][ T5839] Bluetooth: hci3: command tx timeout
[  916.026369][T13690] 8021q: adding VLAN 0 to HW filter on device team0
[  916.119228][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  916.126445][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  916.202625][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  916.209854][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  916.431526][T13813] wg1 speed is unknown, defaulting to 1000
[  916.465372][T13808] wg1 speed is unknown, defaulting to 1000
[  916.506570][T13690] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  916.599660][T13690] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  916.821020][T13811] wg1 speed is unknown, defaulting to 1000
[  917.016829][ T5839] Bluetooth: hci0: command tx timeout
[  917.869948][ T5839] Bluetooth: hci1: command tx timeout
[  917.879614][    C1] net_ratelimit: 8024 callbacks suppressed
[  917.879632][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  917.898276][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  917.910704][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  917.923645][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  917.936486][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  917.948991][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  917.961847][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  917.975360][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  917.987824][    C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  918.000681][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  918.030526][ T5839] Bluetooth: hci3: command tx timeout
[  918.061330][T13690] 8021q: adding VLAN 0 to HW filter on device batadv0
[  918.191752][   T31] INFO: task syz-executor:8143 blocked for more than 145 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  918.239789][   T31]       Not tainted 6.16.0-syzkaller #0
[  918.280006][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  918.359968][   T31] task:syz-executor    state:D stack:21832 pid:8143  tgid:8143  ppid:1      task_flags:0x400140 flags:0x00004004
[  918.410928][   T31] Call Trace:
[  918.414273][   T31]  <TASK>
[  918.417221][   T31]  __schedule+0x16aa/0x4c90
[  918.487369][T13808] chnl_net:caif_netlink_parms(): no params data found
[  918.509421][   T31]  ? do_raw_spin_lock+0x121/0x290
[  918.569759][   T31]  ? schedule+0x165/0x360
[  918.574149][   T31]  ? __lock_acquire+0xab9/0xd20
[  918.579022][   T31]  ? __pfx___schedule+0x10/0x10
[  918.709829][   T31]  ? schedule+0x91/0x360
[  918.714143][   T31]  schedule+0x165/0x360
[  918.718319][   T31]  v9fs_evict_inode+0x170/0x320
[  918.819606][   T31]  ? __pfx_v9fs_evict_inode+0x10/0x10
[  918.859508][   T31]  ? __pfx_var_wake_function+0x10/0x10
[  918.865156][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  918.889262][   T31]  ? __pfx_v9fs_evict_inode+0x10/0x10
[  918.899745][   T31]  evict+0x501/0x9c0
[  918.904778][   T31]  ? __pfx_evict+0x10/0x10
[  918.909235][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  918.916284][   T31]  ? _raw_spin_unlock+0x28/0x50
[  918.921519][   T31]  ? iput+0x6d8/0x9d0
[  918.925545][   T31]  __dentry_kill+0x209/0x660
[  918.939928][   T31]  ? dput+0x37/0x2b0
[  918.943885][   T31]  dput+0x19f/0x2b0
[  918.947717][   T31]  shrink_dcache_for_umount+0xa0/0x170
[  918.969759][   T31]  generic_shutdown_super+0x67/0x2c0
[  918.975112][   T31]  kill_anon_super+0x3b/0x70
[  919.003689][   T31]  v9fs_kill_super+0x4c/0x90
[  919.008348][   T31]  deactivate_locked_super+0xbc/0x130
[  919.029927][   T31]  cleanup_mnt+0x425/0x4c0
[  919.034417][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  919.050346][   T31]  task_work_run+0x1d1/0x260
[  919.055000][   T31]  ? __pfx_task_work_run+0x10/0x10
[  919.070424][   T31]  ? __x64_sys_umount+0x122/0x160
[  919.075538][ T5839] Bluetooth: hci0: command tx timeout
[  919.081615][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  919.087125][   T31]  exit_to_user_mode_loop+0xec/0x110
[  919.105912][   T31]  do_syscall_64+0x2bd/0x3b0
[  919.130065][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  919.135326][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  919.164752][   T31]  ? clear_bhb_loop+0x60/0xb0
[  919.169500][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  919.175648][   T31] RIP: 0033:0x7f48eab8ff17
[  919.191825][   T31] RSP: 002b:00007fff1c9bab48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  919.237965][   T31] RAX: 0000000000000000 RBX: 00007f48eac11c05 RCX: 00007f48eab8ff17
[  919.260163][   T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff1c9bac00
[  919.268185][   T31] RBP: 00007fff1c9bac00 R08: 0000000000000000 R09: 0000000000000000
[  919.301538][   T31] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff1c9bbc90
[  919.335770][   T31] R13: 00007f48eac11c05 R14: 00000000000bc654 R15: 00007fff1c9bbcd0
[  919.348307][   T31]  </TASK>
[  919.455732][   T31] 
[  919.455732][   T31] Showing all locks held in the system:
[  919.477060][   T31] 1 lock held by pool_workqueue_/3:
[  919.508748][   T31]  #0: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  919.600622][   T31] 6 locks held by kworker/1:0/24:
[  919.605704][   T31] 1 lock held by khungtaskd/31:
[  919.679637][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  919.739613][   T31] 3 locks held by kworker/u8:3/49:
[  919.744808][   T31] 2 locks held by getty/5598:
[  919.749500][   T31]  #0: ffff8880313aa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  919.904031][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  919.951407][ T5839] Bluetooth: hci1: command tx timeout
[  919.983961][   T31] 3 locks held by kworker/0:3/5908:
[  919.989216][   T31] 2 locks held by kworker/0:7/5976:
[  920.147072][ T5839] Bluetooth: hci3: command tx timeout
[  920.239582][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  920.297531][   T31]  #1: ffffc90004f37bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  920.367591][   T31] 4 locks held by kworker/u8:21/6437:
[  920.389636][   T31]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  920.459582][   T31]  #1: ffffc9001b847bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  920.516857][   T31]  #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[  920.559799][   T31]  #3: ffffffff8e144ac0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  920.591499][   T31] 1 lock held by syz-executor/8143:
[  920.596754][   T31]  #0: ffff88803469e0e0 (&type->s_umount_key#61){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0
[  920.623602][   T31] 2 locks held by syz-executor/13665:
[  920.629023][   T31]  #0: ffff88804b520dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  920.664752][   T31]  #1: ffff88804b5200b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  920.674724][   T31] 3 locks held by syz-executor/13690:
[  920.684593][   T31]  #0: ffff88807ac18dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  920.694898][   T31]  #1: ffff88807ac180b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  920.709180][   T31]  #2: ffffffff8f672108 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[  920.719407][   T31] 5 locks held by syz-executor/13808:
[  920.729314][   T31]  #0: ffff888055114dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  920.741987][   T31]  #1: ffff8880551140b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  920.765874][   T31]  #2: ffffffff8f672108 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[  920.784550][   T31]  #3: ffff8880794a6338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[  920.795057][   T31]  #4: ffffffff8e144bf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  920.811188][   T31] 3 locks held by syz-executor/13811:
[  920.816609][   T31]  #0: ffff888046210dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  920.829230][   T31]  #1: ffff8880462100b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  920.841615][   T31]  #2: ffffffff8f672108 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[  920.855348][   T31] 3 locks held by syz-executor/13813:
[  920.863269][   T31]  #0: ffff888040554dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  920.886274][   T31]  #1: ffff8880405540b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  920.904507][   T31]  #2: ffffffff8f672108 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[  920.947604][   T31] 
[  920.951546][   T31] =============================================
[  920.951546][   T31] 
[  920.968246][   T31] NMI backtrace for cpu 0
[  920.968263][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  920.968283][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  920.968293][   T31] Call Trace:
[  920.968301][   T31]  <TASK>
[  920.968309][   T31]  dump_stack_lvl+0x189/0x250
[  920.968332][   T31]  ? __wake_up_klogd+0xd9/0x110
[  920.968358][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  920.968376][   T31]  ? __pfx__printk+0x10/0x10
[  920.968408][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  920.968435][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  920.968467][   T31]  ? _printk+0xcf/0x120
[  920.968491][   T31]  ? __pfx__printk+0x10/0x10
[  920.968513][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  920.968540][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  920.968567][   T31]  watchdog+0xfee/0x1030
[  920.968594][   T31]  ? watchdog+0x1de/0x1030
[  920.968624][   T31]  kthread+0x70e/0x8a0
[  920.968648][   T31]  ? __pfx_watchdog+0x10/0x10
[  920.968671][   T31]  ? __pfx_kthread+0x10/0x10
[  920.968694][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  920.968710][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  920.968726][   T31]  ? __pfx_kthread+0x10/0x10
[  920.968748][   T31]  ret_from_fork+0x3fc/0x770
[  920.968767][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  920.968789][   T31]  ? __switch_to_asm+0x39/0x70
[  920.968808][   T31]  ? __switch_to_asm+0x33/0x70
[  920.968827][   T31]  ? __pfx_kthread+0x10/0x10
[  920.968849][   T31]  ret_from_fork_asm+0x1a/0x30
[  920.968883][   T31]  </TASK>
[  920.968890][   T31] Sending NMI from CPU 0 to CPUs 1:
[  921.127612][    C1] NMI backtrace for cpu 1
[  921.127630][    C1] CPU: 1 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  921.127650][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  921.127662][    C1] Workqueue: bat_events batadv_nc_worker
[  921.127693][    C1] RIP: 0010:sk_skb_reason_drop+0x0/0x170
[  921.127720][    C1] Code: 03 ff ff ff 4c 89 f7 e8 6e 93 d9 f8 e9 f6 fe ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 55 41 57 41 56 41 54 53 41 89 d6 48 89 f3 49 89 ff e8
[  921.127735][    C1] RSP: 0018:ffffc90000a08898 EFLAGS: 00000246
[  921.127749][    C1] RAX: ffffffff8a18a538 RBX: dffffc0000000000 RCX: ffff8880216e9e00
[  921.127764][    C1] RDX: 0000000000000002 RSI: ffff888033f6adc0 RDI: 0000000000000000
[  921.127776][    C1] RBP: ffffc90000a08970 R08: ffff888033bb609b R09: 1ffff11006776c13
[  921.127789][    C1] R10: dffffc0000000000 R11: ffffed1006776c14 R12: ffff88804a2fad38
[  921.127802][    C1] R13: ffff8880275f43b8 R14: 0000000000000000 R15: ffff888033f6adc0
[  921.127815][    C1] FS:  0000000000000000(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  921.127829][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  921.127841][    C1] CR2: 00007fa9d23acfe8 CR3: 000000003317e000 CR4: 00000000003526f0
[  921.127857][    C1] Call Trace:
[  921.127864][    C1]  <IRQ>
[  921.127871][    C1]  ip6_mc_input+0x9c3/0xbe0
[  921.127893][    C1]  ? __pfx_ip6_mc_input+0x10/0x10
[  921.127910][    C1]  ? skb_dst+0x71/0xd0
[  921.127925][    C1]  ? ip6_rcv_finish+0x29a/0x2d0
[  921.127951][    C1]  NF_HOOK+0x30c/0x3a0
[  921.127973][    C1]  ? skb_orphan+0xaf/0xd0
[  921.127988][    C1]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  921.128012][    C1]  ? NF_HOOK+0x9a/0x3a0
[  921.128034][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  921.128059][    C1]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  921.128088][    C1]  __netif_receive_skb+0xd3/0x380
[  921.128110][    C1]  ? process_backlog+0x2d5/0x14f0
[  921.128132][    C1]  process_backlog+0x60e/0x14f0
[  921.128152][    C1]  ? __lock_acquire+0xab9/0xd20
[  921.128176][    C1]  ? __pfx_process_backlog+0x10/0x10
[  921.128202][    C1]  __napi_poll+0xc4/0x480
[  921.128219][    C1]  ? net_rx_action+0x46d/0xe30
[  921.128242][    C1]  net_rx_action+0x707/0xe30
[  921.128267][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  921.128292][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  921.128331][    C1]  handle_softirqs+0x283/0x870
[  921.128351][    C1]  ? do_softirq+0xec/0x180
[  921.128370][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  921.128391][    C1]  ? batadv_nc_purge_paths+0x318/0x3b0
[  921.128408][    C1]  do_softirq+0xec/0x180
[  921.128424][    C1]  </IRQ>
[  921.128430][    C1]  <TASK>
[  921.128437][    C1]  ? __pfx_do_softirq+0x10/0x10
[  921.128453][    C1]  ? __lock_acquire+0xab9/0xd20
[  921.128472][    C1]  ? lockdep_softirqs_on+0x13b/0x1c0
[  921.128498][    C1]  __local_bh_enable_ip+0x17d/0x1c0
[  921.128515][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  921.128534][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  921.128556][    C1]  ? batadv_nc_purge_paths+0x318/0x3b0
[  921.128571][    C1]  ? __pfx_batadv_nc_to_purge_nc_path_coding+0x10/0x10
[  921.128590][    C1]  batadv_nc_purge_paths+0x318/0x3b0
[  921.128613][    C1]  batadv_nc_worker+0x328/0x610
[  921.128638][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  921.128657][    C1]  process_scheduled_works+0xade/0x17b0
[  921.128688][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  921.128714][    C1]  worker_thread+0x8a0/0xda0
[  921.128745][    C1]  kthread+0x70e/0x8a0
[  921.128767][    C1]  ? __pfx_worker_thread+0x10/0x10
[  921.128784][    C1]  ? __pfx_kthread+0x10/0x10
[  921.128806][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  921.128825][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  921.128841][    C1]  ? __pfx_kthread+0x10/0x10
[  921.128862][    C1]  ret_from_fork+0x3fc/0x770
[  921.128880][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  921.128899][    C1]  ? __switch_to_asm+0x39/0x70
[  921.128918][    C1]  ? __switch_to_asm+0x33/0x70
[  921.128937][    C1]  ? __pfx_kthread+0x10/0x10
[  921.128958][    C1]  ret_from_fork_asm+0x1a/0x30
[  921.128986][    C1]  </TASK>
[  921.542798][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  921.549707][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  921.559448][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  921.569525][   T31] Call Trace:
[  921.572822][   T31]  <TASK>
[  921.575769][   T31]  dump_stack_lvl+0x99/0x250
[  921.580386][   T31]  ? __asan_memcpy+0x40/0x70
[  921.585010][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  921.590232][   T31]  ? __pfx__printk+0x10/0x10
[  921.594860][   T31]  panic+0x2db/0x790
[  921.598784][   T31]  ? __pfx_panic+0x10/0x10
[  921.603218][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  921.609048][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  921.614451][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  921.620641][   T31]  watchdog+0x102d/0x1030
[  921.625001][   T31]  ? watchdog+0x1de/0x1030
[  921.629454][   T31]  kthread+0x70e/0x8a0
[  921.633557][   T31]  ? __pfx_watchdog+0x10/0x10
[  921.638262][   T31]  ? __pfx_kthread+0x10/0x10
[  921.642880][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  921.648097][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  921.653312][   T31]  ? __pfx_kthread+0x10/0x10
[  921.657929][   T31]  ret_from_fork+0x3fc/0x770
[  921.662543][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  921.667678][   T31]  ? __switch_to_asm+0x39/0x70
[  921.672462][   T31]  ? __switch_to_asm+0x33/0x70
[  921.677243][   T31]  ? __pfx_kthread+0x10/0x10
[  921.681860][   T31]  ret_from_fork_asm+0x1a/0x30
[  921.686665][   T31]  </TASK>
[  921.689977][   T31] Kernel Offset: disabled
[  921.694315][   T31] Rebooting in 86400 seconds..